{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,15]],"date-time":"2025-07-15T03:28:29Z","timestamp":1752550109487,"version":"3.30.1"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","license":[{"start":{"date-parts":[[2022,11,29]],"date-time":"2022-11-29T00:00:00Z","timestamp":1669680000000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["TCHES"],"abstract":"<jats:p>This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.<\/jats:p>","DOI":"10.46586\/tches.v2023.i1.557-589","type":"journal-article","created":{"date-parts":[[2022,11,30]],"date-time":"2022-11-30T07:54:54Z","timestamp":1669794894000},"page":"557-589","source":"Crossref","is-referenced-by-count":6,"title":["SoK: SCA-secure ECC in software \u2013 mission impossible?"],"prefix":"10.46586","author":[{"given":"Lejla","family":"Batina","sequence":"first","affiliation":[]},{"given":"\u0141ukasz","family":"Chmielewski","sequence":"additional","affiliation":[]},{"given":"Bj\u00f6rn","family":"Haase","sequence":"additional","affiliation":[]},{"given":"Niels","family":"Samwel","sequence":"additional","affiliation":[]},{"given":"Peter","family":"Schwabe","sequence":"additional","affiliation":[]}],"member":"25480","published-online":{"date-parts":[[2022,11,29]]},"container-title":["IACR Transactions on Cryptographic Hardware and Embedded Systems"],"original-title":[],"link":[{"URL":"https:\/\/icscm.ub.rub.de\/index.php\/TCHES\/article\/download\/9962\/9465","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/icscm.ub.rub.de\/index.php\/TCHES\/article\/download\/9962\/11166","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/icscm.ub.rub.de\/index.php\/TCHES\/article\/download\/9962\/9465","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,12,10]],"date-time":"2024-12-10T14:01:05Z","timestamp":1733839265000},"score":1,"resource":{"primary":{"URL":"https:\/\/icscm.ub.rub.de\/index.php\/TCHES\/article\/view\/9962"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,29]]},"references-count":0,"URL":"https:\/\/doi.org\/10.46586\/tches.v2023.i1.557-589","relation":{},"ISSN":["2569-2925"],"issn-type":[{"type":"electronic","value":"2569-2925"}],"subject":[],"published":{"date-parts":[[2022,11,29]]}}}