pyecsca.ec.countermeasures module

Provides several countermeasures against side-channel attacks.

class ScalarMultiplierCountermeasure(*mults, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>)[source]

Bases: ABC

A scalar multiplier-based countermeasure.

This class behaves like a scalar multiplier, in fact it wraps one and provides some scalar-splitting countermeasure.

nmults: ClassVar[int][source]

The number of scalar multipliers required.

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

abstract multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.

classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

class GroupScalarRandomization(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, rand_bits=32)[source]

Bases: ScalarMultiplierCountermeasure

Group scalar randomization countermeasure.

Samples a random multiple, multiplies the order with it and adds it to the scalar.

\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &\textbf{return}\ [k + r n]G\end{split}\]
Parameters:
nmults: ClassVar[int] = 1[source]

The number of scalar multipliers required.

rand_bits: int[source]
multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.

classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

class AdditiveSplitting(mult1, mult2, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, add=None)[source]

Bases: ScalarMultiplierCountermeasure

Additive splitting countermeasure.

Splits the scalar into two parts additively, multiplies the point with them and adds the results.

\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, n\} \\ &\textbf{return}\ [k - r]G + [r]G\end{split}\]
Parameters:
nmults: ClassVar[int] = 2[source]

The number of scalar multipliers required.

add: Optional[AdditionFormula][source]
multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.

classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

class MultiplicativeSplitting(mult1, mult2, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, rand_bits=32)[source]

Bases: ScalarMultiplierCountermeasure

Multiplicative splitting countermeasure.

Splits the scalar into two parts multiplicatively, multiplies the point with them and adds the results.

\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &S = [r]G \\ &\textbf{return}\ [k r^{-1} \mod n]S\end{split}\]
Parameters:
nmults: ClassVar[int] = 2[source]

The number of scalar multipliers required.

rand_bits: int[source]
multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.

classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

class EuclideanSplitting(mult1, mult2, mult3, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, add=None)[source]

Bases: ScalarMultiplierCountermeasure

Euclidean splitting countermeasure.

Picks a random value half the size of the curve, then splits the scalar into the remainder and the quotient of the division by the random value.

\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\log_2{(n)}/2}\} \\ &S = [r]G \\ &k_1 = k \mod r \\ &k_2 = \lfloor \frac{k}{r} \rfloor \\ &\textbf{return}\ [k_1]G + [k_2]S\end{split}\]
Parameters:
nmults: ClassVar[int] = 3[source]

The number of scalar multipliers required.

add: Optional[AdditionFormula][source]
multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.

classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

class BrumleyTuveri(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>)[source]

Bases: ScalarMultiplierCountermeasure

A countermeasure that fixes the bit-length of the scalar by adding some multiple of the order to it.

Originally proposed in [BT11].

\[\begin{split}&\hat{k}= \begin{cases} k + 2n \quad \text{if } \lceil \log_2(k+n) \rceil = \lceil \log_2 n \rceil\\ k + n \quad \text{otherwise}. \end{cases}\\ &\textbf{return}\ [\hat{k}]G\end{split}\]
Parameters:
classmethod from_single(mult, **kwargs)[source]

Create an instance of the countermeasure from a single scalar multiplier.

Parameters:

mult (ScalarMultiplier | ScalarMultiplierCountermeasure) – The scalar multiplier to use.

Returns:

An instance of the countermeasure.

init(params, point, bits=None)[source]

Initialize the countermeasure with the parameters and the point.

mults: list[ScalarMultiplier | ScalarMultiplierCountermeasure][source]

The underlying scalar multipliers (or another countermeasure).

params: Optional[DomainParameters][source]

The domain parameters, if any.

point: Optional[Point][source]

The point to multiply, if any.

bits: Optional[int][source]

The bit-length to use, if any.

nmults: ClassVar[int] = 1[source]

The number of scalar multipliers required.

multiply(scalar)[source]

Multiply the point with the scalar using the countermeasure.

Note

The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.

Parameters:

scalar (int) – The scalar to multiply with.

Return type:

Point

Returns:

The result of the multiplication.