Atomicity Improvement for Elliptic Curve Scalar Multiplication

In this paper we address the problem of protecting elliptic curve scalar multiplication implementations against side-channel analysis by using the atomicity principle. First of all we reexamine classical assumptions made by scalar multiplication designers and we point out that some of them are not relevant in the context of embedded devices. We then describe the state-of-the-art of atomic scalar multiplication and propose an atomic pattern improvement method. Compared to the most efficient atomic scalar multiplication published so far, our technique shows an average improvement of up to 10.6%.

[1]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[2]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[3]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[4]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[5]  Roberto Maria Avanzi,et al.  Energy-Efficient Software Implementation of Long Integer Modular Arithmetic , 2005, CHES.

[6]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[7]  Patrick Longa,et al.  New Multibase Non-Adjacent Form Scalar Multiplication and its Application to Elliptic Curve Cryptosystems (extended version) , 2008, IACR Cryptol. ePrint Arch..

[8]  H. Edwards A normal form for elliptic curves , 2007 .

[9]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[10]  Patrick Longa,et al.  Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems over Prime Fields , 2008, IACR Cryptol. ePrint Arch..

[11]  O. Hesse Über die Elimination der Variabeln aus drei algebraischen Gleichungen vom zweiten Grade mit zwei Variabeln. , 1844 .

[12]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .

[13]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[14]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[15]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[16]  Nicolas Meloni,et al.  New Point Addition Formulae for ECC Applications , 2007, WAIFI.

[17]  M. Anwar Hasan,et al.  Elliptic Curve Scalar Multiplication Combining Yao's Algorithm and Double Bases , 2009, CHES.

[18]  Marc Joye,et al.  Highly Regular m-Ary Powering Ladders , 2009, Selected Areas in Cryptography.

[19]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[20]  William E. Burr,et al.  Cryptographic Algorithms and Key Sizes for Personal Identity Verification , 2010 .

[21]  Marc Joye,et al.  Fast Point Multiplication on Elliptic Curves without Precomputation , 2008, WAIFI.

[22]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[23]  Ferrell S. Wheeler,et al.  Signed Digit Representations of Minimal Hamming Weight , 1993, IEEE Trans. Computers.

[24]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[25]  Laurent Imbert,et al.  Efficient and Secure Elliptic Curve Point Multiplication Using Double-Base Chains , 2005, ASIACRYPT.

[26]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[27]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[28]  Elisabeth Oswald,et al.  Template Attacks on ECDSA , 2009, WISA.

[29]  Andrew Chi-Chih Yao,et al.  On the Evaluation of Powers , 1976, SIAM J. Comput..