On the Complexity of Attacking Elliptic Curve Based Authentication Chips

Abstract

In this paper we discuss the difficulties of mounting successful attack against crypto implementations when essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. When attacking the commercial designs without signing NDAs, we needed to intensively search the Internet for information about the designs. We cannot to reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, the missing knowledge of the used keys does not allow us to evaluate the success of our attack. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. To summarize the effort of such an attack is significantly higher than the one of attacking a well-known implementation.