International Association
for Cryptologic Research

Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography.

In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future faults attacks.

Namely, we study the modular extension protection scheme in previously existing and newly contributed countermeasures on elliptic curve scalar multiplication (ECSM) algorithms.

We find that problems undermine existing countermeasures but we are able to solve some of them.

We show the genericity of our contributed variant of modular extension countermeasure and formally prove its correctness and security:

the fault non-detection probability is inversely proportional to the security parameter.

Finally, we implement an ECSM protected with our countermeasure on an ARM Cortex-M4 microcontroller.

A systematic fault injection campaign for several values of the security parameter confirms our theoretical prediction and the security of the obtained implementation and provides figures for practical performance.