A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis
Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems (e.g. a 160 bit ECC has roughly the same security as 1024 bit RSA). ECCs are especially suited to smart cards because of the limited memory and computational power available on these devices. However, the side-channel attacks which have recently been proposed can obtain information about the cryptosystem by measuring side-channel information such as power consumption and processing time. This information may be used to break implementations that have not incorporated defences against these attacks. This paper presents a new defence against Simple Power Analysis (SPA). This new defence is based on the NAF (non-adjacent form) representation of a scalar and requires 44% fewer additions and 11% extra doublings than the commonly recommended defence of performing a point addition in every loop of the binary scalar multiplication algorithm.
KeywordsElliptic Curve Smart Card Elliptic Curf Markov Chain Model Information Leakage
Unable to display preview. Download preview PDF.
- Henri Cohen, Atsuko Miyaji, and Takatoshi Ono. Efficient elliptic curve exponentiation using mixed coordinates. In Advances in Cryptology—ASIACRYPT’ 98, Proceedings, volume 1514 of Lecture Notes in Computer Science, pages 51–65. Springer-Verlag, 1998.Google Scholar
- Toshio Hasegawa, Junko Nakajima, and Mitsuru Matsui. A practical implementation of elliptic curve cryptosystems over GF(p) on a 16-bit microcomputer. In Public Key Cryptography — PKC’ 98, Proceedings, volume 1431 of Lecture Notes in Computer Science, pages 182–194. Springer-Verlag, 1998.CrossRefGoogle Scholar
- Victor S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology— Proceedings of Crypto 85, volume 218 of Lecture Notes in Computer Science, pages417–426. Springer-Verlag, 1986.Google Scholar
- Bodo Möller. Securing elliptic curve point multiplication against side-channel attacks. In Information Security: 4th International Conference, Proceedings—ISC 2001, volume 2200 of Lecture Notes in Computer Science, pages 324–334. Springer-Verlag, 2001.Google Scholar
- Elisabeth Oswald and Manfred Aigner. Randomized addition-subtraction chains as a countermeasure against power attacks. In Cryptographic Hardware and Embedded Systems—CHES’ 01, pages 40–52, 2001.Google Scholar