Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2003: Topics in Cryptology — CT-RSA 2003 pp 328–343Cite as

The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2612))

Abstract

The side channel attack (SCA) is a serious attack on wearable devices that have scarce computational resources. Cryptographic algorithms on them should be efficient using small memory — we have to make efforts to optimize the trade-off between efficiency and memory. In this paper we present efficient SCA-resistant scalar multiplications based on window method. Möller proposed an SPA-resistant window method based on 2w-ary window method, which replaces w-consecutive zeros to 1 plus w-consecutive 1 and it requires 2w points of table (or 2w-1 +1 points if the signed 2w-ary is used). The most efficient window method with small memory is the width-w NAF, which requires 2w-2 points of table. In this paper we convert the width-w NAF to an SPA-resistant addition chain. Indeed we generate a scalar sequence with the fixed pattern, e.g. 0..0x0..0x...0..0x, where x is positive odd points < 2w. Thus the size of the table is 2w-1, which is optimal in the construction of the SPA-resistant chain based on width-w NAF. The table sizes of the proposed scheme are 6% to 50% smaller than those of Möller’s scheme for w = 2, 3, 4, 5, which are relevant choices in the sense of efficiency for 160-bit ECC.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ANSI X9.62, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), (1999). 333

    Google Scholar 

  2. Brier, É., Joye, M., Weierstrass Elliptic Curves and Side-Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 335–345. 329, 332, 333

    Chapter  Google Scholar 

  3. I. Blake, G. Seroussi, and N. Smart, Elliptic Curves in Cryptography, Cambridge University Press, 1999. 331

    Google Scholar 

  4. Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’ 98, LNCS1514, (1998), 51–65. 330

    Chapter  Google Scholar 

  5. Coron, J. S., Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 292–302. 329, 332, 333, 337, 339, 340

    Chapter  Google Scholar 

  6. National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46 (FIPS PUB 46), (1977). 332

    Google Scholar 

  7. Fischer, W., Giraud, C., Knudsen, E. W., Seifert, J. P., Parallel scalar multiplication on general elliptic curves over F p hedged against Non-Differential Side-Channel Attacks, International Association for Cryptologic Research (IACR), Cryptology ePrint Archive 2002/007, (2002). Available at http://eprint.iacr.org/ 329, 332

  8. Hitchcock, Y., Montague, P., A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis, Information Security and Privacy, 7th Australasian Conference, (ACISP 2002), LNCS2384, (2002), 214–225. 329, 339, 340

    Chapter  Google Scholar 

  9. Itoh, K., Izu, T., and Takenaka, M., Address-bit Differential Power Analysis on Cryptographic Schemes OK-ECDH and OK-ECDSA, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.

    Google Scholar 

  10. Itoh, K., Yajima, J., Takenaka, M., and Torii, N., DPA Countermeasures by improving the Window Method, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002. 329

    Google Scholar 

  11. IEEE P1363, Standard Specifications for Public-Key Cryptography. http://groupe.ieee.org/groups/1363/ 330

  12. Izu, T., Takagi, T., A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 280–296. 329, 332, 333

    Chapter  Google Scholar 

  13. Joye, M., Quisquater, J. J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 402–410. 333

    Chapter  Google Scholar 

  14. Joye, M., Tymen, C., Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography, Public Key Cryptography 2001 (PKC2001), pp.353–364, LNCS1992, 2001. 338

    Chapter  Google Scholar 

  15. Joye, M., Tymen, C., Protections against differential analysis for elliptic curve cryptography: An algebraic approach, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 377–390. 333, 337

    Chapter  Google Scholar 

  16. Koblitz, N., Elliptic curve cryptosystems, Math. Comp. 48, (1987), 203–209.

    Article  MATH  MathSciNet  Google Scholar 

  17. Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’ 96, LNCS1109, (1996), 104–113. 328, 332

    Chapter  Google Scholar 

  18. Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’ 99, LNCS1666, (1999), 388–397. 328, 332

    Google Scholar 

  19. K. Koyama and Y. Tsuruoka, Speeding Up Elliptic Curve Cryptosystems using a Signed Binary Windows Method, Advances in Cryptology-CRYPTO’ 92, LNCS740, (1992), pp.345–357. 331

    Google Scholar 

  20. Liardet, P. Y., Smart, N. P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 391–401. 329, 333

    Chapter  Google Scholar 

  21. Miller, V. S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’ 85, LNCS218,(1986), pp.417–426.

    Google Scholar 

  22. Atsuko Miyaji, Takatoshi Ono, Henri Cohen, Efficient elliptic curve exponentiation, Information and Communication Security (ICICS 1997), (1997), pp.282–291. 331

    Google Scholar 

  23. Möller, B., Securing Elliptic Curve Point Multiplication against Side-Channel Attacks, Information Security (ISC2001), LNCS2200, (2001), 324–334. 329, 337

    Chapter  Google Scholar 

  24. Möller, B., Securing elliptic curve point multiplication against side-channel attacks, addendum: Efficiency improvement. http://www.informatik.tudarmstadt.de/TI/Mitarbeiter/moeller/ecc-scaisc01.pdf, (2001). 329, 337

  25. Möller, B., Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks, Information Security Conference (ISC 2002), LNCS2433, (2002), 402–413.

    Google Scholar 

  26. National Institute of Standards and Technology, FIPS 186-2, http://csrc.nist.gov/publication/fips/fips186-2/fips186-2.pdf

  27. Oswald, E., Aigner, M., Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 39–50. 329, 333

    Chapter  Google Scholar 

  28. Okeya, K., Miyazaki, K., Sakurai, K., A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks, The 4th International Conference on Information Security and Cryptology (ICISC 2001), LNCS2288, (2002), 428–439. 333

    Google Scholar 

  29. Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190. 329, 332

    Google Scholar 

  30. Okeya, K., Sakurai, K., On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling, The 7th Australasian Conference in Information Security and Privacy, (ACISP 2002), LNCS2384, (2002), 420–435. 329, 333

    Google Scholar 

  31. Okeya, K., Sakurai, K., Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick, Cryptographic Hardware and Embedded System (CHES 2002), Pre-Proceedings, (2002), 566–581. 338

    Google Scholar 

  32. Okeya, K., Sakurai, K., A Second-Order DPA Attack Breaks a Windowmethod based Countermeasure against Side Channel Attacks, Information Security Conference (ISC 2002), LNCS2433, (2002), 389–401. 337

    Google Scholar 

  33. Oswald, E., Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.

    Google Scholar 

  34. Rivest, R. L., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol.21, No.2, (1978), 120–126. 332

    Article  MATH  MathSciNet  Google Scholar 

  35. Solinas, J. A., Efficient Arithmetic on Koblitz Curves, Design, Codes and Cryptography, 19, (2000), 195–249. 329, 331

    Article  MATH  MathSciNet  Google Scholar 

  36. Walter, C. D., Some Security Aspects of the Mist Randomized Exponentiation Algorithm, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.

    Google Scholar 

  37. Walter, C. D., Breaking the Liardet-Smart Randomized Exponentiation Algorithm, to apper in CARDIS’02. 329, 333

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hitachi, Ltd., Systems Development Laboratory, 292, Yoshida-cho, Totsuka-ku, 244-0817, Yokohama, Japan

    Katsuyuki Okeya

  2. Technical Universität Darmstadt Fachbereich Informatik, Alexanderstr.10, D-64283, Darmstadt, Germany

    Tsuyoshi Takagi

Authors
  1. Katsuyuki Okeya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Gemplus, Card Security Group, La Vigie, Avenue du Jujubier, ZI Athélia IV, 13705, La Ciotat Cedex, France

    Marc Joye

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Okeya, K., Takagi, T. (2003). The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_23

Download citation

  • DOI: https://doi.org/10.1007/3-540-36563-X_23

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00847-7

  • Online ISBN: 978-3-540-36563-1

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation