EC P-256: Successful Simple Power Analysis

In this work we discuss the resistance of atomic pattern algorithms for elliptic curve point multiplication against simple side channel analysis attacks using our own implementation as an example. The idea of the atomicity principle is to make kP implementations resistant against simple side channel analysis attacks. One of the assumptions, on which the atomicity principle is based, is the indistinguishability of register operations, i.e. two write-to-register operations cannot be distinguished if their old and new data values are the same. But before the data can be stored to a register/block, this register/block has to be addressed for storing the data. Different registers/blocks have different addresses. In praxis, this different and key dependent addressing can be used to reveal the key, even by running simple SCA attacks. The key dependent addressing of registers/blocks allows to reveal the key and is an inherent feature of the binary kP algorithms. This means that the assumption, that addressing of different registers/blocks is an indistinguishable operation, may no longer be applied when realizing kP implementations, at least not for hardware implementations.