Error Detection and Recovery for Transient Faults in Elliptic Curve Cryptosystems

Faults can corrupt data in storage, in transit, or during a computation. Like other digital systems, cryptosystems are vulnerable to natural and artificial faults. However, the effects of faults on cryptosystems far suppress the corruption of data. Attacks that exploit various classes of faults to learn secret data have been proposed and shown to be practical. As such, efficient detection and recovery of errors resulting from faults have a growing importance in the design of cryptosystems. We tackle the problem of error detection and recovery for transient faults in elliptic curve scalar multiplication structures. We propose the use of frequent validation with partial recomputation during the scalar multiplication for more efficient error detection and recovery. In our approach, the scalar multiplication iterations are grouped into blocks and efficient error detection schemes are used to detect errors early, which significantly limits the propagation of corrupted data. Moreover, we use the same error detection schemes, combined with partial recomputation, to achieve efficient error recovery without requiring complete time and hardware redundancy. Our analysis illustrates that these modifications enable considerably more efficient and reliable structures relative to known error detection and recovery designs.