Advertisement

Efficient Representations on Koblitz Curves with Resistance to Side Channel Attacks

  • Katsuyuki Okeya
  • Tsuyoshi Takagi
  • Camille Vuillaume
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3574)

Abstract

Koblitz curves belong to a special class of binary curves on which the scalar multiplication can be computed very efficiently. For this reason, they are suitable candidates for implementations on low-end processors. However, such devices are often vulnerable to side channel attacks. In this paper, we propose two countermeasures against side channel attacks on Koblitz curves. Both of them utilize a fixed-pattern recoding to defeat simple power analysis. Our first technique extends a known countermeasure to the special case of Koblitz curves. In our second technique, the scalar is recoded from left to right, and can be easily stored or even randomly generated.

Keywords

elliptic curve cryptosystems Koblitz curves smartcard side channel attacks SPA countermeasure 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [CCJ04]
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. IEEE Trans. Comput. 53(6), 760–768 (2004)CrossRefGoogle Scholar
  2. [Cor99]
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. [CMT01]
    Coron, J.-S., M’Raïhi, D., Tymen, C.: Fast generation of pairs (k, [k]P) for Koblitz elliptic curves. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 151–164. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. [Has01]
    Hasan, A.: Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. IEEE Trans. Comput. 50(10), 1071–1083 (2001)CrossRefMathSciNetGoogle Scholar
  5. [HHM01]
    Hankerson, D., López, J., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 1–24. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. [JT01a]
    Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. [JT01b]
    Joye, M., Tymen, C.: Compact encoding of non-adjacent forms with applications to elliptic curve cryptography. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 353–364. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  9. [Kob91]
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  10. [Koc96]
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  11. [LD99]
    López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputations. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. [OT03]
    Okeya, K., Takagi, T.: The width-w NAF method provides small memory and fast elliptic scalar multiplications secure against side channel attacks. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 328–342. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. [PSL03]
    Park, D.J., Sim, S.G., Lee, P.J.: Fast scalar multiplication method using change-of-basis matrix to prevent power analysis attacks on Koblitz curves. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 474–488. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. [Sol00]
    Solinas, J.: Efficient arithmetic on Koblitz curves. Designs, Codes, and Cryptography 19(2-3), 195–249 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  15. [YJ00]
    Yen, S.-M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Katsuyuki Okeya
    • 1
  • Tsuyoshi Takagi
    • 2
  • Camille Vuillaume
    • 1
  1. 1.Hitachi, Ltd., Systems Development LaboratoryKawasakiJapan
  2. 2.Future UniversityHakodateJapan

Personalised recommendations