A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis

  • Yvonne Hitchcock
  • Paul Montague
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (e.g. a 160 bit ECC has roughly the same security as 1024 bit RSA). ECCs are especially suited to smart cards because of the limited memory and computational power available on these devices. However, the side-channel attacks which have recently been proposed can obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time. This information may be used to break implementations that have not incorporated defences against these attacks. This paper presents a new defence against Simple Power Analysis (SPA). This new defence is based on the NAF (non-adjacent form) representation of a scalar and requires 44% fewer additions and 11% extra doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm.


Elliptic Curve Smart Card Elliptic Curf Markov Chain Model Information Leakage 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Ian Blake, Gadiel Seroussi, and Nigel Smart. Elliptic Curves in Cryptography, volume 265 of London Mathematical Society Lecture Note Series. Cambridge University Press, Cambridge, 1999.zbMATHGoogle Scholar
  2. [2]
    Henri Cohen, Atsuko Miyaji, and Takatoshi Ono. Efficient elliptic curve exponentiation using mixed coordinates. In Advances in Cryptology—ASIACRYPT’ 98, Proceedings, volume 1514 of Lecture Notes in Computer Science, pages 51–65. Springer-Verlag, 1998.Google Scholar
  3. [3]
    Jean Sébastien Coron. Resistance against differential power analysis for elliptic curve cryptosystems. In Cryptographic Hardware and Embedded Systems—CHES’ 99, volume 1717 of Lecture Notes in Computer Science, pages 292–302. Springer-Verlag, 1999.CrossRefGoogle Scholar
  4. [4]
    Toshio Hasegawa, Junko Nakajima, and Mitsuru Matsui. A practical implementation of elliptic curve cryptosystems over GF(p) on a 16-bit microcomputer. In Public Key Cryptography — PKC’ 98, Proceedings, volume 1431 of Lecture Notes in Computer Science, pages 182–194. Springer-Verlag, 1998.CrossRefGoogle Scholar
  5. [5]
    Neil Koblitz. Elliptic curve cryptosystems. In Mathematics of Computation, volume 48, pages 203–209, 1987.zbMATHCrossRefMathSciNetGoogle Scholar
  6. [6]
    Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In Advances in Cryptology—CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag, 1999.CrossRefGoogle Scholar
  7. [7]
    Victor S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology— Proceedings of Crypto 85, volume 218 of Lecture Notes in Computer Science, pages417–426. Springer-Verlag, 1986.Google Scholar
  8. [8]
    Bodo Möller. Securing elliptic curve point multiplication against side-channel attacks. In Information Security: 4th International Conference, Proceedings—ISC 2001, volume 2200 of Lecture Notes in Computer Science, pages 324–334. Springer-Verlag, 2001.Google Scholar
  9. [9]
    Elisabeth Oswald and Manfred Aigner. Randomized addition-subtraction chains as a countermeasure against power attacks. In Cryptographic Hardware and Embedded Systems—CHES’ 01, pages 40–52, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Yvonne Hitchcock
    • 1
  • Paul Montague
    • 2
  1. 1.Information Security Research CentreQueensland University of TechnologyBrisbaneAustralia
  2. 2.Motorola Australia Software CentreMawson LakesAustralia

Personalised recommendations