Protected ECC Still Leaks: A Novel Differential-Bit Side-channel Power Attack on ECDH and Countermeasures

Over the past decade, a few side-channel attacks (SCAs) and countermeasures against implementations of Elliptic-Curve Cryptography (ECC), commonly used in embedded systems and Internet-of- Things (IoT) devices, have been presented. This work discovers a new side-channel power leakage of an ECDH hardware implementation protected against existing attacks, where the power leakage is not directly related to the key bits, but related to the differential of two consecutive key bits. We propose an unsupervised differential-bit horizontal clustering attack and implement it against an ECDH FPGA implementation. We also comprehensively analyze the related operations and circuits, and identify the root cause of such leakage is due to the different arrival times of inputs to combinational circuits. Such leakage generally exists in ECC hardware implementations, including FPGA and ASIC. We further propose several effective countermeasures to address this new vulnerability and evaluate the implemetations.