pyecsca.ec.countermeasures module¶
Provides several countermeasures against side-channel attacks.
- class ScalarMultiplierCountermeasure(mult)[source]¶
Bases:
ABCA scalar multiplier-based countermeasure.
This class behaves like a scalar multiplier, in fact it wraps one and provides some scalar-splitting countermeasure.
-
params:
Optional[DomainParameters][source]¶
-
params:
- class GroupScalarRandomization(mult, rand_bits=32)[source]¶
Bases:
ScalarMultiplierCountermeasureGroup scalar randomization countermeasure.
Samples a random multiple, multiplies the order with it and adds it to the scalar.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &\textbf{return}\ [k + r n]G\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier) – The multiplier to use.rand_bits¶ (
int) – How many random bits to sample.
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
-
params:
Optional[DomainParameters][source]¶
- class AdditiveSplitting(mult, add=None)[source]¶
Bases:
ScalarMultiplierCountermeasureAdditive splitting countermeasure.
Splits the scalar into two parts additively, multiplies the point with them and adds the results.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, n\} \\ &\textbf{return}\ [k - r]G + [r]G\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier) – The multiplier to use.add¶ (
Optional[AdditionFormula]) – Addition formula to use, if None, the formula from the multiplier is used.
-
add:
Optional[AdditionFormula][source]¶
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
-
params:
Optional[DomainParameters][source]¶
- class MultiplicativeSplitting(mult, rand_bits=32)[source]¶
Bases:
ScalarMultiplierCountermeasureMultiplicative splitting countermeasure.
Splits the scalar into two parts multiplicatively, multiplies the point with them and adds the results.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &S = [r]G \\ &\textbf{return}\ [k r^{-1} \mod n]S\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier) – The multiplier to use.rand_bits¶ (
int) – How many random bits to sample.
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
-
params:
Optional[DomainParameters][source]¶
- class EuclideanSplitting(mult, add=None)[source]¶
Bases:
ScalarMultiplierCountermeasureEuclidean splitting countermeasure.
Picks a random value half the size of the curve, then splits the scalar into the remainder and the quotient of the division by the random value.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\log_2{(n)}/2}\} \\ &S = [r]G \\ &k_1 = k \mod r \\ &k_2 = \lfloor \frac{k}{r} \rfloor \\ &\textbf{return}\ [k_1]G + [k_2]S\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier) – The multiplier to use.add¶ (
Optional[AdditionFormula]) – Addition formula to use, if None, the formula from the multiplier is used.
-
add:
Optional[AdditionFormula][source]¶
-
params:
Optional[DomainParameters][source]¶
- class BrumleyTuveri(mult)[source]¶
Bases:
ScalarMultiplierCountermeasureA countermeasure that fixes the bit-length of the scalar by adding some multiple of the order to it.
Originally proposed in [BT11].
\[\begin{split}&\hat{k}= \begin{cases} k + 2n \quad \text{if } \lceil \log_2(k+n) \rceil = \lceil \log_2 n \rceil\\ k + n \quad \text{otherwise}. \end{cases}\\ &\textbf{return}\ [\hat{k}]G\end{split}\]-
params:
Optional[DomainParameters][source]¶
-
params: