A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure

Advanced collision-based single trace attacks which can be applied on simple power analysis resistant scalar multiplications become virtual threat on elliptic curve cryptosystems recently as their practical experimental results are increasingly reported in the literature. Since such attacks are based on detecting collisions of data dependent leakage caused by underlying long integer multiplications, so-called global shuffling countermeasure which breaks such collision correlation by independently randomizing the execution order of unit operations such as single precision multiplication and carry propagation, is considered as promising countermeasure if theoretical randomness of shuffling order is guaranteed. In this paper, we firstly analyze the practical security of the global shuffling long integer multiplications by exhibiting a combined single trace attack on software implementations on an ARM Cortex-M4 microcontroller. Our combined attack consists of a simple power analysis for revealing random permutation vectors which enables later collision-based single trace attack. First we demonstrate how to reveal random permutation vectors for carry propagation process of whole global shuffling long integer multiplications within a single power trace by simple power analysis accompanied with straightforward substitution of power consumption samples. Then we perform collision-based single trace attacks after rearranging the order of subtraces for unit carry propagations based on revealed permutation vectors. Since the vulnerability to simple power analysis is originated from the if-statement for selection of proper entries of the permutation vectors, we propose a novel countermeasure which eliminates such selection with simple addition and modulus operation and also demonstrate practical result achieving regularity in power trace patterns.