Abstract
In [2], Gallant, Lambert and Vanstone proposed a very efficient algorithmto compute Q = kP on elliptic curves having non-trivial efficiently computable endomorphisms. Cryptographic protocols are sensitive to implementations, indeed as shown in [6],[7] information about the secret can be revealed analysing external leakage of the support, typically a smart card. Several software countermeasures have been proposed to protect the secret. However, speed computation is needed for practical use. In this paper, we propose a method to protect scalar multiplication on elliptic curves against Differential Analysis, that benefits from the speed of the Gallant, Lambert and Vanstone method. It can be viewed as a two-dimensional analogue of Coron’s method [1] of randomising the exponent k. We propose two variants of this method (one linear and one affine), the second one slightly more effective, whereas the first one offers “two in one”, combining point-blinding and exponent randomisation, which have hitherto been dealt separately. For instance, for at most a mere 37.5% (resp. 25%) computation speed loss on elliptic curves over fields with 160 (resp. 240) bits the computation of kP can take on 240 different consumption patterns.
Supported by the European Commission through the IST Programme under Contract IST-1999-12324, http://cryptonessie.org/.
Chapter PDF
Similar content being viewed by others
Keywords.
References
J-S. Coron. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In RCc. K. Koç and C. Paar, editors, Advances in Cryptology-Proceedings of CHES1999, volume 1717 of Lecture Note in Computer Science, pages 292–302. Springer, 1999.
R. P. Gallant, J. L. Lambert, and S. A. Vanstone. Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms. In J. Kilian, editor, Advances in Cryptology-Proceedings of CRYPTO 2001, volume 2139 of Lecture Notes in Computer Science, pages 190–200. Springer, 2001.
D. M. Gordon. A Survey of Fast Exponentiation Methods. Journal of Algorithms, 27(1):129–146, 1998.
M. Joye and J-J. Quisquater. Hessian Elliptic Curves and Side-Channel Attacks. In Ç. K. Koç, D. Naccache, and C. Paar, editors, Advances in Cryptology-Proceedings CHES2001, volume 2162 of Lecture Notes in Computer Science, pages 402–410.Springer, 2001.
M. Joye and C. Tymen. Protections against Differential Analysis for Elliptic Curve Cryptography-An Algebraic Approach-. In RCc. K. Koç, D. Naccache, and C. Paar, editors, Advances in Cryptology-Proceedings CHES2001, volume 2162 of Lecture Notes in Computer Science, pages 377–390. Springer, 2001.
P. C. Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In N. Koblitz, editor, Advances in Cryptology-Proceedings of CRYPTO 1996, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer, 1996.
P. C. Kocher, J. Jaffe, and B. Jun. Differential Power Analysis. In M. Wiener, editor, Advances in Cryptology-Proceedings of CRYPTO 1999, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer, 1999.
P.-Y. Liardet and N.P. Smart. Preventing SPA/DPA in ECC Systems using the Jacobi Form. In RCc. K. Koç, D. Naccache, and C. Paar, editors, Advances in Cryptography-Proceedings CHES2001, volume 2162 of Lecture Notes in Computer Science, pages 391–401. Springer, 2001.
B. Möller. Securing Elliptic Curve Point Multiplication against Side-Channel Attacks. In G.I. Davida and Y. Frankel, editors, Advances in Cryptology-Proceedings of ISC 2001, volume 2200 of Lecture Note in Computer Science, pages 324–334. Springer, 2001.
Y-H. Park, S. Jeong, C. Kim, and J. Lim. An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves. In D. Naccache and P. Paillier, editors, Advances in Cryptology-Proceedings of PKC 2002, volume 2274 of Lecture Notes in Computer Science, pages 323–334. Springer, 2002.
F. Sica, M. Ciet, and J-J. Quisquater. Analysis of the Gallant-Lambert-Vanstone Method based on Efficient Endomorphisms: Elliptic and Hyperelliptic Curves. In H. Heys and K. Nyberg, editors, Advances in Cryptology-Proceedings of SAC 2002, Lecture Notes in Computer Science. Springer, 2002. To appear.
J. A. Solinas. An Improved Algorithm for Arithmetic on a Family of Elliptic Curves. In Burton S. Kaliski Jr., editor, Advances in Cryptology-Proceedings of CRYPTO 1997, volume 1294 of Lecture Notes in Computer Science, pages 357–371. Springer, 1997.
J.A. Solinas. Low-Weight Binary Representations for Pairs of Integers. Technical Report CORR 2001-41, CACR, Available at: http://www.cacr.math.uwaterloo.ca/ techreports/2001/corr2001-41.ps, 2001.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ciet, M., Quisquater, JJ., Sica, F. (2003). Preventing Differential Analysis in GLV Elliptic Curve Scalar Multiplication. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, vol 2523. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36400-5_39
Download citation
DOI: https://doi.org/10.1007/3-540-36400-5_39
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00409-7
Online ISBN: 978-3-540-36400-9
eBook Packages: Springer Book Archive