Non-linear error detection for elliptic curve cryptosystems

The authors propose applying systematic non-linear error-detection codes to protect elliptic curve point addition and doubling operations against active fault attacks. These codes provide nearly perfect error-detection capability (except with exponentially small probability) at reasonable overhead. The proposed technique is applied to secure point addition and doubling operations for both Weierstrass and Edwards curves using different coordinate systems (i.e. affine and projective). The authors observe that the Weierstrass-based elliptic curve systems can be protected with reasonable area overhead. However, due to its balanced normal form, Edwards formulation is more appropriate for the non-linear error-detection technique proposed here. In addition, the proposed technique is compared with the method discussed by Gaubatz et al. (2006), where an error-detection technique is proposed for robust public key arithmetic. When compared with their method, the proposed technique provides approximately the same level of security with much less overhead. For Edwards curves, the overhead of the proposed scheme is less than half (42-46-) of the overhead of scheme proposed by Gaubatz et al. (2006). In addition, the overhead of the proposed scheme is 52-81- of the overhead of scheme proposed by Gaubatz et al. (2006) for different versions of the Weierstrass curves.