A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks

  • Tetsuya Izu
  • Tsuyoshi Takagi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)


This paper proposes a fast elliptic curve multiplication algorithm applicable for any types of curves over finite fields Fp (p a prime), based on [Mon87], together with criteria which make our algorithm resistant against the side channel attacks (SCA). The algorithm improves both on an addition chain and an addition formula in the scalar multiplication. Our addition chain requires no table look-up (or a very small number of pre-computed points) and a prominent property is that it can be implemented in parallel. The computing time for n-bit scalar multiplication is one ECDBL + (n - 1) ECADDs in the parallel case and (n - 1) ECDBLs + (n - 1) ECADDs in the single case. We also propose faster addition formulas which only use the x-coordinates of the points. By combination of our addition chain and addition formulas, we establish a faster scalar multiplication resistant against the SCA in both single and parallel computation. The improvement of our scalar multiplications over the previous method is about 37% for two processors and 5.7% for a single processor. Our scalar multiplication is suitable for the implementation on smart cards.


Elliptic Curve Smart Card Elliptic Curf Scalar Multiplication Binary Method 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. AMV93.
    G. Agnew, R. Mullin and S. Vanstone, “An implementation of elliptic curve cryptosystems over F 2 155”, IEEE Journal on Selected Areas in Communications, vol.11, pp.804–813, 1993.CrossRefGoogle Scholar
  2. ANSI.
    ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), draft, 1998.Google Scholar
  3. BSS99.
    I. Blake, G. Seroussi and N. Smart, Elliptic Curves in Cryptography, Cambridge University Press, 1999.Google Scholar
  4. Cor99.
    J. Coron, “Resistance against differential power analysis for elliptic curve cryptosystems”, CHES’99, LNCS 1717, pp.292–302, Springer-Verlag, 1999.Google Scholar
  5. CMO98.
    H. Cohen, A. Miyaji and T. Ono, “Efficient elliptic curve exponentiation using mixed coordinates”, Asiacrypt’98, LNCS 1514, pp.51–65, Springer-Verlag, 1998.Google Scholar
  6. CJ01.
    C. Clavier and M. Joye, “Universal exponentiation algorithm — A first step towards provable SPA-resistance —”, CHES2001, LNCS 2162, pp.300–308, Springer-Verlag, 2001.Google Scholar
  7. Gor98.
    D. Gordon, “A survey of fast exponentiation methods”, J. Algorithms, vol.27, pp.129–146, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  8. IEEE. IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from
  9. JQ01.
    M. Joye and J. Quisquater, “Hessian elliptic curves and side-channel attacks”, CHES2001, LNCS 2162, pp.402–410, Springer-Verlag, 2001.Google Scholar
  10. JT01.
    M. Joye and C. Tymen, “Protections against differential analysis for elliptic curve cryptography”, CHES2001, LNCS 2162, pp.377–390, Springer-Verlag, 2001.Google Scholar
  11. Koc96.
    C. Kocher, “Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other systems”, Crypto’96, LNCS 1109, pp.104–113, Springer-Verlag, 1996.Google Scholar
  12. KJJ99.
    C. Kocher, J. Jaffe and B. Jun, “Differential power analysis”, Crypto’99, LNCS 1666, pp.388–397, Springer-Verlag, 1999.Google Scholar
  13. LiDIA.
    LiDIA, A C++ Library For Computational Number Theory, Technische Universtät Darmstadt,
  14. LS01.
    P. Liardet and N. Smart, “Preventing SPA/DPA in ECC systems using the Jacobi form”, CHES2001, LNCS 2162, pp.391–401, Springer-Verlag, 2001.Google Scholar
  15. LL94.
    C. Lim and P. Lee, “More flexible exponentiation with precomputation”, Crypto’94, LNCS 839, p.95–107, Springer-Verlag, 1994.Google Scholar
  16. Moe01.
    B. Möller, “Securing elliptic curve point multiplication against side-channel attacks”, ISC 2001, LNCS 2200. p.324–334, Springer-Verlag, 2001.Google Scholar
  17. Mon87.
    P. Montgomery, “Speeding the Pollard and elliptic curve methods for factorizations”, Math. of Comp, vol.48, pp.243–264, 1987.zbMATHCrossRefGoogle Scholar
  18. MO90.
    F. Morain and J. Olivos, “Speeding up the computation on an elliptic curve using addition-subtraction chains”, Inform. Theory Appl. 24, pp.531–543, 2000.MathSciNetGoogle Scholar
  19. NIST.
    National Institute of Standards and Technology, Recommended Elliptic Curves for Federal Government Use, in the appendix of FIPS 186-2, Available from
  20. OKS00.
    K. Okeya, H. Kurumatani and K. Sakurai, “Ellipticc urves with the Montgomery form and their cryptographic applications”, PKC2000, LNCS 1751, pp.446–465, Springer-Verlag, 2000.Google Scholar
  21. OS00.
    K. Okeya and K. Sakurai, “Power analysis breaks elliptic curve cryptosystems even secure against the timing attack”, Indocrypt 2000, LNCS 1977, pp.178–190, Springer-Verlag, 2000.Google Scholar
  22. OS01.
    K. Okeya and K. Sakurai, “Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y-coordinate on a Montgomery-form ellipticc urve”, CHES2001, LNCS 2162, pp.126–141, Springer-Verlag, 2001.Google Scholar
  23. Sma01.
    N. Smart, “The Hessian form of an elliptic curve”, CHES2001, LNCS 2162, pp.118–125, Springer-Verlag, 2001.Google Scholar
  24. SEC.
    Standards for Efficient Cryptography Group (SECG), Specification of Standards for Efficient Cryptography. Available from
  25. WAP.
    Wireless Application Protocol (WAP) Forum, Wireless Transport Layer Security (WTLS) Specification. Available from

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Tetsuya Izu
    • 1
  • Tsuyoshi Takagi
    • 2
  1. 1.Fujitsu Laboratories Ltd.KawasakiJapan
  2. 2.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations