Advertisement

Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields

  • Rodrigo Abarzúa
  • Nicolas Thériault
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7533)

Abstract

In this paper we improve the safety aspects of previously published atomic blocks. We build new sets of atomic blocks designed to protect against both simple side-channel attacks and C-safe fault attacks for scalar multiplication for elliptic curves over prime fields. These atomic blocks are structured with the sequence of field operations (S,N, A, A, M, A), Squaring, Negation, Addition, Addition, Multiplication, Addition. We apply these atomic blocks to various operations in Jacobian coordinates: doubling, tripling, and quintupling, as well as mixed Jacobian-affine addition. We also give formulae for the general Jacobian addition for use in right-to-left scalar multiplication. Finally, we show how these techniques can be used to unify the Jacobian doubling formula with mixed Jacobian-affine addition, so they use the same number of atomic blocks.

Like previous atomic blocks formulae, our group operations provide protection against simple side channel attacks by dividing the group operations into smaller sequences of field operations. One of the main differences with our formulae resides in their security against C-safe fault attacks. Unlike previous works, our formulae are designed to completely fill the atomic blocks with field operations that affect the final output (i.e. we avoid “dummy” operations) and are all distinct (none of the operations are repeated). They also have the added bonus of being slightly more “compact” than most previous atomic blocks, having fewer additions/negations for each multiplication/squaring, potentially giving a performance gain.

Keywords

Elliptic curve side-channel attack C-safe fault attack atomic blocks 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Amiel, F., Feix, B., Tunstall, M., Whelan, C., Marnane, W.P.: Distinguishing Multiplications from Squaring Operations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 346–360. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Avanzi, R., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. Champan & Hall/CRC Press (2005)Google Scholar
  3. 3.
    Avanzi, R.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 148–162. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Avanzi, R.: Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives. Cryptology ePrint Archive Report 2005/017, http://eprint.iacr.org/
  5. 5.
    Avanzi, R.: Delaying and Merging Operations in Scalar Multiplication: Applications to Curve-Based Cryptosystems. In: Biham, E., Youssef, A.M. (eds.) SAC 2006. LNCS, vol. 4356, pp. 203–219. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J., Lange, T.: Inverted Edwards Coordinates. In: Boztaş, S., Lu, H.-F. (eds.) AAECC 2007. LNCS, vol. 4851, pp. 20–27. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Bernstein, D.J., Lange, T.: Explicit Formulae Database, http://www.hyperelliptic.org/EFD/
  8. 8.
    Bernstein, D.J.: Curve25519: New Diffie-Hellman Speed Records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Bernstein, D.J., Lange, T.: Faster Addition and Doubling on Elliptic Curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Billet, O., Joye, M.: The Jacobi Model of an Elliptic Curve and Side-Channel Analysis. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 34–42. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Brier, E., Joye, M.: Weierstrass Elliptic Curve and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  12. 12.
    Brier, E., Dechene, I., Joye, M.: Unified Point Addition Formulae for Elliptic Curve Cryptosystems. In: Embedded Cryptographic Hardware: Methodologies and Architectures, pp. 247–256. Nova Science Publishers (2004)Google Scholar
  13. 13.
    Brier, E., Joye, M.: Fast Point Multiplication on Elliptic Curves Through Isogenies. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 43–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Brown, M., Hankerson, D., López, J., Menezes, A.: Software Implementation of the NIST Elliptic Curves over Prime Fields. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 250–265. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Chen, T., Li, H., Wu, K., Yu, F.: Countermeasure of ECC against Side-channel Attacks: Balanced Point Addition and Point Doubling Operation Procedure. In: IEEE, Asia-Pacific Conference on Information Processing, vol. 2, pp. 465–469. IEEE Conference Publications (2009)Google Scholar
  16. 16.
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. IEEE Trans. Computers 53(6), 760–768 (2004)CrossRefGoogle Scholar
  17. 17.
    Chong Hee, K., Quisquater, J.J.: Faults, Injection Methods, and Fault Attacks. IEEE Design & Test of Computers 24(6), 544–545 (2007)CrossRefGoogle Scholar
  18. 18.
    Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of Numbers Generated by Addtion in Formal Groups and New Primality and Factorization Test. Advances in Applied Mathematics 7, 385–434 (1986)MathSciNetzbMATHCrossRefGoogle Scholar
  19. 19.
    Cohen, H., Ono, T., Miyaji, A.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Coron, J.: Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Dimitrov, V., Imbert, L., Mishra, P.K.: Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 59–78. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Edwards, H.M.: A Normal Form for Elliptic Curves. Bull. Am. Math. Soc., New Ser. 44(3), 393–422 (2007)zbMATHCrossRefGoogle Scholar
  23. 23.
    Fouque, P.-A., Valette, F.: The Doubling Attack: Why Upwards Is Better than Downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electronic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  25. 25.
    Gebotys, C.H., Gebotys, R.J.: Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 114–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Giraud, C., Verneuil, V.: Atomicity Improvement for Elliptic Curve Scalar Multiplication. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 80–101. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    Großschaldl, J., Avanzi, R., Savas, E., Tillich, S.: Energy-Efficient Software Implementation of Long Interger Modular Arithmetic. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 75–90. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar Multiplication on Weierstrass Elliptic Curves from Co-Z Arithmetic. Journal of Cryptographic Engineering 1(2), 161–176 (2011)CrossRefGoogle Scholar
  29. 29.
    Gura, N., Patel, A., Wander, A., Eberle, H., Shantz, S.C.: Comparing Elliptic Curve on RSA on 8-bit CPUs. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 119–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  30. 30.
    Hanley, N., Tunstall, M., Marmane, W.P.: Using Templates to Distinguishing Multiplications from Squaring Operations. International Journal Information Security 10(4), 255–266 (2011)CrossRefGoogle Scholar
  31. 31.
    Joye, M.: Highly Regular Right-to Left Algorithms for Scalar Multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  32. 32.
    Joye, M.: Fast Point Multiplication on Elliptic Curves Without Precomputation. In: von zur Gathen, J., Imaña, J.L., Koç, Ç.K. (eds.) WAIFI 2008. LNCS, vol. 5130, pp. 36–46. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  33. 33.
    Joye, M., Tibouchi, M., Vergnaud, D.: Huff’s Model for Elliptic Curves. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS-IX. LNCS, vol. 6197, pp. 234–250. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  34. 34.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  35. 35.
    Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48, 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  36. 36.
    Kocher, P.: Timing Attacks on Implementation of Diffie-Hellman RSA, DSS and other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  37. 37.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  38. 38.
    Liardet, P.Y., Smart, N.P.: Preventing SPA/DPA in ECC Systems Using the Jacobi Form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 401–411. Springer, Heidelberg (2001)Google Scholar
  39. 39.
    Longa, P., Miri, A.: New Multibase Non-Adjacent Form Scalar Multiplication and its Application to Elliptic Curve Cryptosystems (extended version). Crytology ePrint Archive, Report 2008/052, http://eprint.iacr.org/
  40. 40.
    Longa, P., Miri, A.: Fast and Flexible Elliptic Curves Point Arithmetic over Prime Fields. IEEE Trans. on Computers 57(3), 289–302 (2008)MathSciNetCrossRefGoogle Scholar
  41. 41.
    López, J., Dahab, R.: Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 316–327. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  42. 42.
    Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  43. 43.
    Mishra, P.K., Dimitrov, V.: Efficient Quintuple Formulas for Elliptic Curves and Efficient Scalar Multiplication Using Multibase Number Representation. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 390–406. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  44. 44.
    Möller, B.: Securing Elliptic Curve Point Multiplication against Side-channel Attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  45. 45.
    Montgomery, P.: Speeding the Pollard and Elliptic Curve methods of Factorization. Mathematics of Computation 48(177), 243–264 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  46. 46.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  47. 47.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  48. 48.
    Smart, N.P.: The Hessian Form of an Elliptic Curve. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 118–125. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  49. 49.
    Thériault, N.: SPA Resistant Left-to-Right Integer Recodings. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 345–358. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  50. 50.
    Tunstall, M., Joye, M.: Coordinate Blinding over Large Prime Fields. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 443–445. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  51. 51.
    Yao, A.C.: On the Evaluation of Powers. SIAM Journal on Computing 5, 100–103 (1976)MathSciNetzbMATHCrossRefGoogle Scholar
  52. 52.
    Yen, S.-M., Joye, M.: Checking Before Output not be Enough Against Fault-based Cryptanalysis. IEEE Trans. on Computers 49(9), 967–970 (2000)CrossRefGoogle Scholar
  53. 53.
    Yen, S.-M., Kim, S., Lim, S., Moon, S.: A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Rodrigo Abarzúa
    • 1
  • Nicolas Thériault
    • 2
  1. 1.Institute of ComputingUniversity of CampinasCampinasBrazil
  2. 2.Departamento de MatemáticaUniversidad del Bío-BíoConcepciónChile

Personalised recommendations