On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling

  • Katsuyuki Okeya
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


We show that a randomized addition-subtraction chains countermeasure against side channel attacks is vulnerable to SPA attack, a kind of side channel attack, under distinguishability between addition and doubling. A side channel attack is an attack that takes advantage of information leaked during execution of a cryptographic procedure. The randomized addition-subtraction chains countermeasure has been proposed by Oswald-Aigner, and is a random decision inserted into computations. However, its immunity to side channel attacks is still controversial. As for timing attack, a kind of side channel attack, the randomized addition-subtraction chains countermeasure is also vulnerable. Moreover, compared with other countermeasures against side channel attacks, the randomized addition-subtraction chains countermeasure, after being improved to prevent side channel attacks, is much slower.


Elliptic Curve Cryptosystems Side Channel Attacks Randomized Addition-Subtraction Chains Countermeasure SPA Attack Timing Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BJ02]
    Brier, É., Joye, M., Weierstrass Elliptic Curves and Side-Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 335–345.CrossRefGoogle Scholar
  2. [CMO98]
    Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’ 98, LNCS1514, (1998), 51–65.CrossRefGoogle Scholar
  3. [Cor99]
    Coron, J.S., Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 292–302.CrossRefGoogle Scholar
  4. [FGKS02]
    Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P., Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks, International Association for Cryptologic Research (IACR), Cryptology ePrint Archive 2002/007, (2002). Available at
  5. [Has00]
    Hasan, M.A., Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES2000), LNCS1965, (2000), 93–108.Google Scholar
  6. [IT02]
    Izu, T., Takagi, T., A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 280–296.CrossRefGoogle Scholar
  7. [JQ01]
    Joye, M., Quisquater, J.J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 402–410.Google Scholar
  8. [JT01]
    Joye, M., Tymen, C., Protections against Differential Analysis for Elliptic Curve Cryptography-An Algebraic Approach-, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 377–390.Google Scholar
  9. [Kob87]
    Koblitz, N., Elliptic curve cryptosystems, Math. Comp. 48, (1987), 203–209.zbMATHCrossRefMathSciNetGoogle Scholar
  10. [Koc]
    Kocher, C., Cryptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks. Available at
  11. [Koc96]
    Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’ 96, LNCS1109, (1996), 104–113.CrossRefGoogle Scholar
  12. [KJJ98]
    Kocher, C., Jaffe, J., Jun, B., Introduction to Differential Power Analysis and Related Attacks. Available at /index.html
  13. [KJJ99]
    Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’ 99, LNCS1666, (1999), 388–397.Google Scholar
  14. [LS01]
    Liardet, P.Y., Smart, N.P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 391–401.Google Scholar
  15. [Mil86]
    Miller, V.S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’ 85, LNCS218,(1986), 417–426.CrossRefGoogle Scholar
  16. [MO90]
    Morain, F., Olivos, J., Speeding up the computation on an elliptic curve using addition-subtraction chains, Inform. Theory Appl. 24, (1990), 531–543.zbMATHMathSciNetGoogle Scholar
  17. [Möl01]
    Möller, B., Securing Elliptic Curve Point Multiplication against Side-Channel Attacks, Information Security (ISC2001), LNCS2200, (2001), 324–334.CrossRefGoogle Scholar
  18. [OA01]
    Oswald, E., Aigner, M., Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 39–50.Google Scholar
  19. [OMS01]
    Okeya, K., Miyazaki, K, Sakurai, K., A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks, The 4th International Conference on Information Security and Cryptology (ICISC 2001), LNCS2288, (2002), 428–439.CrossRefGoogle Scholar
  20. [OS00]
    Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190.Google Scholar
  21. [Osw01]
    Oswald, E., On Countermeasures against Power Analysis Attacks on Elliptic Curve Cryptosystem, DPA-Workshop organized by the ECC-Brainpool, (2001). Available at

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Katsuyuki Okeya
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Systems Development LaboratoryHitachi, Ltd.YokohamaJapan
  2. 2.Graduate School of Information Science and Electrical EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations