论文信息 - Improved countermeasure against Address-bit DPA for ECC scalar multiplication

Improved countermeasure against Address-bit DPA for ECC scalar multiplication

Messerges, Dabbish and Sloan proposed a DPA attack which analyzes the address values of registers [1]. This attack is called the Address-bit DPA (ADPA) attack. As countermeasures against ADPA, Itoh, Izu and Takenaka proposed algorithms that randomizes address bits [2]. In this paper, we point out that one of their countermeasures has vulnerability even if the address bits are uniformly randomized. When a register is overwritten by the same data as one stored in the register during a data move process, the power consumption is lower than the case of being overwritten by the different data. This fact enables us to separate the power traces. As a result, in the case of the algorithm proposed in [2], we could invalidate the randomness of the random bits and perform ADPA to retrieve a secret key. Moreover, for the purpose of overcoming the vulnerability, we propose a new countermeasure algorithm.

[1] Jean-Sébastien Coron,et al. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[2] Marc Joye,et al. Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[3] P. L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[4] Kouichi Itoh,et al. A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[5] Thomas S. Messerges,et al. Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[6] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[7] Ricardo Dahab,et al. Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.