Papers
Topics
Authors
Recent
Search
2000 character limit reached

Horizontal SCA Attacks on Binary kP Algorithms using Chevallier-Mames Atomic Blocks

Published 24 Apr 2026 in cs.CR | (2604.22429v1)

Abstract: Scalar multiplication kP is the operation most frequently targeted in Elliptic Curve (EC) cryptosystems. To protect against single-trace Side-Channel Analysis (SCA) attacks, the atomicity principle and various atomic block patterns have been proposed in the past. In this work we use our software and hardware implementations to demonstrate that binary right-to left and left-to-right kP algorithms, when implemented with Chevallier-Mames atomic block patterns, are still vulnerable to single-trace SCA attacks. The vulnerability remains true for the left-to-right kP algorithm with projective coordinate randomization.

Summary

  • The paper reveals that Chevallier-Mames atomic blocks fail to mask distinct EM signatures, leading to data-bit leakage during scalar multiplication.
  • The methodology involved testing binary kP algorithms on FPGA and microcontroller platforms, using Pearson correlation to quantify EM trace distinguishability.
  • Implications indicate that atomicity alone is insufficient, stressing the need for enhanced countermeasures like operand randomization and memory access masking.

Vulnerability Analysis of Binary kP Algorithms with Chevallier-Mames Atomic Blocks under Horizontal SCA

Context and Motivation

Elliptic curve cryptosystems are extensively used for key exchange, authentication, and digital signatures due to their strong security properties and resource efficiency. The scalar multiplication operation (kPkP) is foundational in these schemes, and its implementation is the focal point for Side-Channel Analysis (SCA) attacks. The atomicity principle, particularly using atomic block patterns such as those devised by Chevallier-Mames, aims to thwart simple SCA by homogenizing the power and EM signatures regardless of the bit value being processed. However, the paper rigorously demonstrates that both hardware and software implementations of binary kPkP algorithms employing Chevallier-Mames atomic blocks remain susceptible to single-trace SCA attacks.

Methodology

The investigation encompassed the implementation of left-to-right and right-to-left binary double-and-add kPkP algorithms using the Chevallier-Mames MANA atomic blocks on both FPGA and microcontroller platforms. Target devices included the TI LAUNCHXL-F28379D with the TMS320F28379D microcontroller, and Digilent Arty Z7-20 FPGA, executing the algorithms for NIST EC P-256. The software relied on the FLECC cryptographic library with constant-time field operations.

Electromagnetic emission measurements during kPkP execution were captured using high-precision microprobes and oscilloscopes, with the EM traces analyzed for distinguishability at the block level—specifically, for EC point addition (PA) and doubling (PD) operations. Variants with projective coordinate randomization, following the Coron method, were included to assess the efficacy of this countermeasure.

Empirical Results

Data-Bit Vulnerability

The EM traces revealed pronounced distinguishability in atomic block patterns, primarily resulting from operand-dependent energy consumption in field multiplications. Small operand values (such as $1$ and −3-3) cause lower energy usage and unique trace shapes, leading to immediate leakage. Numerical analysis showed that the shapes of atomic blocks within PA and PD operations were consistently different, even in supposedly constant-time implementations. The degree of trace similarity was quantified using Pearson correlation coefficients, with coefficients rarely reaching 1.0, indicating high variability and thus SCA vulnerability.

The left-to-right kPkP algorithm, despite atomic block homogenization, exhibited distinguishable trace features that could be correlated to the bit values processed. Notably, the right-to-left algorithm also displayed vulnerability when tested on the microcontroller. Randomized projective coordinates substantially reduced distinguishability, as special operand values were replaced with random long integers, making atomic blocks visually similar in EM traces.

Address-Bit Side-Channel Leakage

The paper extended its analysis to address-bit SCA leakage. Even with projective coordinate randomization, the use of different variables (data-flow) for atomic blocks creates exploitable distinctions at the memory/address level, observable in very short segments (e.g., the initial 24 clock cycles of each atomic block). This vulnerability remains largely unmitigated by current randomization and atomicity approaches. The correlation analysis showed that some atomic blocks still had distinguishable access patterns associated with their memory addresses, further facilitating horizontal SCA.

Implications for Secure EC Implementations

The strong empirical results demonstrate that Chevallier-Mames atomic block patterns, while intended as robust countermeasures, are insufficient against contemporary single-trace SCA attacks exploiting both data-bit and address-bit leakages. This finding is broadly applicable; implementations relying solely on atomicity without further randomization or masking are insecure across microcontroller and FPGA platforms.

In practical terms, the failure of atomic block homogenization underscores the need for more advanced and comprehensive SCA mitigation—particularly addressing operand randomization, register/memory address uniformity, and potentially masking techniques. Theoretical implications suggest that the model of "constant time" or "atomicity" alone is inadequate for cryptographic hardware and software, especially in environments where EM and power traces can be measured with high accuracy.

Given the persistence of address-bit leakage even with projective coordinate randomization, future research should systematically explore countermeasures that obscure memory access patterns, possibly integrating hardware-level solutions or more aggressive runtime randomization. Investigation into new atomic block constructions, such as those proposed by Longa and Miri [35] and Giraud-Verneuil [34], is warranted.

Conclusion

This work demonstrates that both hardware and software implementations of binary kPkP algorithms using Chevallier-Mames atomic block patterns are vulnerable to single-trace SCA attacks. Data-bit leakage dominates in the absence of projective coordinate randomization, while address-bit leakage persists even with randomization. The practical takeaway for cryptographic system designers is clear: atomicity alone is insufficient for SCA resistance, and enhanced strategies must be devised to ensure the non-distinguishability of processed data and accessed memory. Theoretical progress in this domain will necessarily involve more nuanced countermeasures that address both data-path and address-path vulnerabilities.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 0 likes about this paper.