pyecsca.ec.countermeasures module¶
Provides several countermeasures against side-channel attacks.
- class ScalarMultiplierCountermeasure(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>)[source]¶
Bases:
ABC
A scalar multiplier-based countermeasure.
This class behaves like a scalar multiplier, in fact it wraps one and provides some scalar-splitting countermeasure.
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
-
params:
- class GroupScalarRandomization(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, rand_bits=32)[source]¶
Bases:
ScalarMultiplierCountermeasure
Group scalar randomization countermeasure.
Samples a random multiple, multiplies the order with it and adds it to the scalar.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &\textbf{return}\ [k + r n]G\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier
|ScalarMultiplierCountermeasure
) – The multiplier to use.rand_bits¶ (
int
) – How many random bits to sample.
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.
- class AdditiveSplitting(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, add=None)[source]¶
Bases:
ScalarMultiplierCountermeasure
Additive splitting countermeasure.
Splits the scalar into two parts additively, multiplies the point with them and adds the results.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, n\} \\ &\textbf{return}\ [k - r]G + [r]G\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier
|ScalarMultiplierCountermeasure
) – The multiplier to use.add¶ (
Optional
[AdditionFormula
]) – Addition formula to use, if None, the formula from the multiplier is used.
-
add:
Optional
[AdditionFormula
][source]¶
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.
- class MultiplicativeSplitting(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, rand_bits=32)[source]¶
Bases:
ScalarMultiplierCountermeasure
Multiplicative splitting countermeasure.
Splits the scalar into two parts multiplicatively, multiplies the point with them and adds the results.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\text{rand_bits}}\} \\ &S = [r]G \\ &\textbf{return}\ [k r^{-1} \mod n]S\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier
|ScalarMultiplierCountermeasure
) – The multiplier to use.rand_bits¶ (
int
) – How many random bits to sample.
- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
- multiply(scalar)[source]¶
Multiply the point with the scalar using the countermeasure.
Note
The countermeasure may compute multiple scalar multiplications internally. Thus, it may call the init method of the scalar multiplier multiple times.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.
- class EuclideanSplitting(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>, add=None)[source]¶
Bases:
ScalarMultiplierCountermeasure
Euclidean splitting countermeasure.
Picks a random value half the size of the curve, then splits the scalar into the remainder and the quotient of the division by the random value.
\[\begin{split}&r \xleftarrow{\$} \{0, 1, \ldots, 2^{\log_2{(n)}/2}\} \\ &S = [r]G \\ &k_1 = k \mod r \\ &k_2 = \lfloor \frac{k}{r} \rfloor \\ &\textbf{return}\ [k_1]G + [k_2]S\end{split}\]- Parameters:
mult¶ (
ScalarMultiplier
|ScalarMultiplierCountermeasure
) – The multiplier to use.add¶ (
Optional
[AdditionFormula
]) – Addition formula to use, if None, the formula from the multiplier is used.
- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.
-
add:
Optional
[AdditionFormula
][source]¶
- class BrumleyTuveri(mult, rng=<bound method Mod.random of <class 'pyecsca.ec.mod.base.Mod'>>)[source]¶
Bases:
ScalarMultiplierCountermeasure
A countermeasure that fixes the bit-length of the scalar by adding some multiple of the order to it.
Originally proposed in [BT11].
\[\begin{split}&\hat{k}= \begin{cases} k + 2n \quad \text{if } \lceil \log_2(k+n) \rceil = \lceil \log_2 n \rceil\\ k + n \quad \text{otherwise}. \end{cases}\\ &\textbf{return}\ [\hat{k}]G\end{split}\]- init(params, point, bits=None)[source]¶
Initialize the countermeasure with the parameters and the point.
-
mult:
ScalarMultiplier
|ScalarMultiplierCountermeasure
[source]¶ The underlying scalar multiplier (or another countermeasure).
-
params:
Optional
[DomainParameters
][source]¶ The domain parameters, if any.