Evaluating Side-Channel Resistance Using Low Order Rational Points Against Curve25519 and an Associated Quadratic Twist

• Published in: International Journal of Networking and Computing Vol. 10; no. 2; pp. 144 - 158
• Main Authors: Yoshimoto, Keiji, Uetake, Yoshinori, Kodera, Yuta, Kusaka, Takuya, Nogami, Yasuyuki
• Format: Journal Article
• Language: English
• Published: IJNC Editorial Committee 2020
• Subjects: Curve25519; Invalid curve attack; Montgomery ladder; Side-channel attack; Twisted Montgomery Curve
• ISSN: 2185-2839; 2185-2847
• DOI: 10.15803/ijnc.10.2_144

IoT devices contribute to improving the mechanism of a system as edge devices for data sharing and automation of industrials. However, such devices are often being a target of an attacker due to their simple architecture and the lack of resources so as to protect data confidentiality using cryptosystems. In addition, although Curve25519 has been used in various security protocols and known to work even on IoT devices efficiently, the curve inherits the low order points hidden inside of the Edward curves. In this paper, the authors demonstrate side-channel attacks against Curve25519 by focusing on the points of order 4 and 8. We choose the order 4 point which does not exist on Curve25519, that exists on the twisted curve of Curve25519. More precisely, the rational point used in this paper is given by (x,y)=(-1,0) in affine coordinates. In addition, the order 8 point appears to be a high order rational point. The results reveal that the rational points might be a threat to key extraction and it demands us to find further countermeasures.