Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields

In this paper we improve the safety aspects of previously published atomic blocks. We build new sets of atomic blocks designed to protect against both simple side-channel attacks and C-safe fault attacks for scalar multiplication for elliptic curves over prime fields. These atomic blocks are structured with the sequence of field operations (S,N, A, A, M, A), Squaring, Negation, Addition, Addition, Multiplication, Addition. We apply these atomic blocks to various operations in Jacobian coordinates: doubling, tripling, and quintupling, as well as mixed Jacobian-affine addition. We also give formulae for the general Jacobian addition for use in right-to-left scalar multiplication. Finally, we show how these techniques can be used to unify the Jacobian doubling formula with mixed Jacobian-affine addition, so they use the same number of atomic blocks. Like previous atomic blocks formulae, our group operations provide protection against simple side channel attacks by dividing the group operations into smaller sequences of field operations. One of the main differences with our formulae resides in their security against C-safe fault attacks. Unlike previous works, our formulae are designed to completely fill the atomic blocks with field operations that affect the final output (i.e. we avoid "dummy" operations) and are all distinct (none of the operations are repeated). They also have the added bonus of being slightly more "compact" than most previous atomic blocks, having fewer additions/negations for each multiplication/squaring, potentially giving a performance gain.

[1]  Jean-Jacques Quisquater,et al.  Faults, Injection Methods, and Fault Attacks , 2007, IEEE Design & Test of Computers.

[2]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[3]  Benoit Feix,et al.  Distinguishing Multiplications from Squaring Operations , 2009, Selected Areas in Cryptography.

[4]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[5]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[6]  Roberto Maria Avanzi,et al.  Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations , 2004, CHES.

[7]  Fengqi Yu,et al.  Countermeasure of ECC against Side-Channel Attacks: Balanced Point Addition and Point Doubling Operation Procedure , 2009, 2009 Asia-Pacific Conference on Information Processing.

[8]  Andrew Chi-Chih Yao,et al.  On the Evaluation of Powers , 1976, SIAM J. Comput..

[9]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[10]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[11]  Shu Lin,et al.  Applied Algebra, Algebraic Algorithms and Error-Correcting Codes , 1999, Lecture Notes in Computer Science.

[12]  Stefan Mangard,et al.  Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings , 2010, CHES.

[13]  Nicolas Thériault,et al.  SPA Resistant Left-to-Right Integer Recodings , 2005, IACR Cryptol. ePrint Arch..

[14]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[15]  H. Edwards A normal form for elliptic curves , 2007 .

[16]  Marc Joye,et al.  Fast Point Multiplication on Elliptic Curves without Precomputation , 2008, WAIFI.

[17]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[18]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[19]  C. Small Arithmetic of Finite Fields , 1991 .

[20]  Marc Joye,et al.  The Jacobi Model of an Elliptic Curve and Side-Channel Analysis , 2003, AAECC.

[21]  Aggelos Kiayias,et al.  Public Key Cryptography - PKC 2006 , 2006, Lecture Notes in Computer Science.

[22]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[23]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[24]  Daniel J. Bernstein,et al.  Curve25519: New Diffie-Hellman Speed Records , 2006, Public Key Cryptography.

[25]  Marc Joye,et al.  Coordinate Blinding over Large Prime Fields , 2010, CHES.

[26]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[27]  Thomas Jensen,et al.  Smart Card Programming and Security , 2001, Lecture Notes in Computer Science.

[28]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[29]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[30]  Roberto Maria Avanzi Delaying and Merging Operations in Scalar Multiplication: Applications to Curve-Based Cryptosystems , 2006, Selected Areas in Cryptography.

[31]  Bodo Möller,et al.  Securing Elliptic Curve Point Multiplication against Side-Channel Attacks , 2001, ISC.

[32]  Marc Joye,et al.  Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic , 2011, Journal of Cryptographic Engineering.

[33]  Trevor Coward,et al.  Nova Science Publishers , 2013 .

[34]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[35]  Patrick Longa,et al.  New Multibase Non-Adjacent Form Scalar Multiplication and its Application to Elliptic Curve Cryptosystems (extended version) , 2008, IACR Cryptol. ePrint Arch..

[36]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[37]  Mehdi Tibouchi,et al.  Huff's Model for Elliptic Curves , 2010, ANTS.

[38]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[39]  Vassil S. Dimitrov,et al.  Efficient Quintuple Formulas for Elliptic Curves and Efficient Scalar Multiplication Using Multibase Number Representation , 2007, ISC.

[40]  Mehdi Tibouchi,et al.  Model for Elliptic Curves , 2011 .

[41]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2003 , 2003, Lecture Notes in Computer Science.

[42]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[43]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[44]  Jean-Louis Lanet,et al.  Smart Card Research and Advanced Application, 9th IFIP WG 8.8/11.2 International Conference, CARDIS 2010, Passau, Germany, April 14-16, 2010. Proceedings , 2010, CARDIS.

[45]  Berk Sunar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2005, 7th International Workshop, Edinburgh, UK, August 29 - September 1, 2005, Proceedings , 2005, CHES.

[46]  Laurent Imbert,et al.  Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains , 2005, ASIACRYPT.

[47]  Ingrid Verbauwhede,et al.  Cryptographic Hardware and Embedded Systems - CHES 2007, 9th International Workshop, Vienna, Austria, September 10-13, 2007, Proceedings , 2007, CHES.

[48]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[49]  Hans Eberle,et al.  Comparing Elliptic Curve Cryptography and RSA on 8-bit CPUs , 2004, CHES.

[50]  Roberto Maria Avanzi,et al.  Energy-Efficient Software Implementation of Long Integer Modular Arithmetic , 2005, CHES.

[51]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[52]  Catherine H. Gebotys,et al.  Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor , 2002, CHES.

[53]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[54]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[55]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[56]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[57]  Kaoru Kurosawa,et al.  Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings , 2007, International Conference on the Theory and Application of Cryptology and Information Security.

[58]  Roberto Maria Avanzi,et al.  Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives , 2005, IACR Cryptol. ePrint Arch..

[59]  Tanja Lange,et al.  Inverted Edwards Coordinates , 2007, AAECC.

[60]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[61]  Serdar Boztas,et al.  Applied Algebra, Algebraic Algorithms and Error-Correcting Codes , 2001, Lecture Notes in Computer Science.

[62]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[63]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[64]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[65]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[66]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[67]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[68]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[69]  Patrick Longa,et al.  Fast and Flexible Elliptic Curve Point Arithmetic over Prime Fields , 2008, IEEE Transactions on Computers.

[70]  William P. Marnane,et al.  Using templates to distinguish multiplications from squaring operations , 2011, International Journal of Information Security.

[71]  Vincent Verneuil,et al.  Atomicity Improvement for Elliptic Curve Scalar Multiplication , 2010, CARDIS.

[72]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[73]  Nigel P. Smart,et al.  The Hessian Form of an Elliptic Curve , 2001, CHES.

[74]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[75]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[76]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[77]  Marc Joye,et al.  Fast Point Multiplication on Elliptic Curves through Isogenies , 2003, AAECC.