An Efficient DPA Countermeasure With Randomized Montgomery Operations for DF-ECC Processor

Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over and 4.65 ms over , respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after measurements.