Research And Design Of The SCA-resistant Circuit For Dual-field ECC Scalar Multiplication

With the increasing occurrence of security attacks on Io T in recent years,the demand for cipher chips in the terminal equipment market has increased dramatically.Elliptic Curve Cryptography(ECC)is more and more integrated into the cipher chip as a public key IP core due to its advantages of high security,small storage space occupation and low bandwidth requirements.Scalar multiplication is the core operation of ECC,and its circuit implementation affects the resource consumption,data processing speed,and security of the ECC cipher chip.In order to meet the requirements for the flexibility and scalability of chiper chips and low-cost resistance against side-channel attack in the field of Io T terminal equipment,it is of great significance to study the design of a dual-field ECC scalar multiplication circuit that is compatible with multiple standards and resists side-channel attack.The thesis mainly focuses on the dual-field ECC scalar multiplication circuit which can resist power attack and fault attack at the same time.Firstly,based on the multiplexing of the basic units of modulo operation,supplemented by an arithmetic controller,a dual-field modulo operation unit that supports arbitrary elliptic curves up to 576 bits is designed and implemented.Aiming at the problem of excessive delay,the quaternary Kogge Stone algorithm was used to optimize the full adder.On the basis of the dual-field modulo operation unit,a double-point scheduling strategy and a scalar multiplication controller are designed,and a multi-standard dual-field ECC scalar multiplication circuit is implemented.Secondly,a differential power attack platform is established for the dual-field ECC scalar multiplication circuit.In order to reduce the traversal range during the recovery process of the private key,a Hardware Trojan based on differential fault attack is proposed.It's a combination of LFSR and a combined trigger circuit,and able to inject a single-bit fault into a specific iteration round.Based on the coordinate axis randomization and fault detection and recovery mechanism,the Montgomery ladder algorithm is improved,and a low-cost defense scheme CAR?FDARM is proposed.Finally,according to the CAR?FDARM,a scalar multiplication control module,a coordinate conversion module,and a y-coordinate recovery module were designed.In order to solve the problems of too long a point group arithmetic calculation path and excessive storage resources,the scheduling processs of the prime-field point point group arithmetic in the Jacobian projection coordinate system and the binary-filed in the standard projection coordinate system were optimized,based on the parallel dual modular multiplication.Thus,a dual-field scalar multiplication circuit supporting multiple ECC standards and resistant to side-channel attacks was implemented.Based on the Synopsys DC tool and SMIC 0.18?m CMOS library,the dual-field ECC scalar multiplication circuit is synthesized,which has nearly doubled the hardware efficiency compared to that with no optimization.The dual-field ECC scalar multiplication circuit which is resistant side-cannel attack and based on the CAR?FDARM defense scheme has reduced the cost of computing time by about 30% and its cost of area overhead is 14.4%,which is less than 37.6% of the existing literature.Therefore,the CAR?FDARM defense scheme proposed in the paper meets the needs of low-cost defense.