Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks

Many software implementations of public key cryptosystems have been concerned with efficiency. The advent of side channel attacks, such as timing and power analysis attacks, force us to reconsider the strategy of implementation of group arithmetic. This paper presents a study of software counter measures against side channel attacks for elliptic curve cryptosystems.We introduce two new counter measures. The first is a new implementation technique, namely, homogeneous group operations, which has the property that addition and doubling on elliptic curves cannot be distinguished from side channel analysis. Being inexpensive time-wise, this technique is an alternative to a well-known Montgomery ladder. The second is a non-deterministic method of point exponentiation with precomputations. Although requiring rather large ROM, it provides an effective resistance against high-order power analysis attacks for the price of index re-computations and ROM accesses.An experimental implementation of NIST-recommended elliptic curves over binary fields with a balanced suite of counter measures built-in in group arithmetic is presented, and the penalty paid is analyzed. The results of the implementation in C on an AMD Duron 600 MHz running Linux are included in the paper.

[1]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[2]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[3]  N. Koblitz,et al.  A Fast Software Implementation for Arithmetic Operations in Gf(2 N ) (preprint) , 1996 .

[4]  Servaas Vandenberghe,et al.  A Fast Software Implementation for Arithmetic Operations in GF(2n) , 1996, ASIACRYPT.

[5]  Bart Preneel,et al.  On the Performance of Signature Schemes Based on Elliptic Curves , 1998, ANTS.

[6]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[7]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[8]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[9]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[10]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[11]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[12]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[13]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[14]  L. Goubin,et al.  DES and Differential Power Analysis , 1999 .

[15]  Christof Paar,et al.  Elliptic Curve Cryptography on Smart Cards without Coprocessors , 2001, CARDIS.

[16]  M. Anwar Hasan Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems , 2000, CHES.

[17]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[18]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[19]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[20]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[21]  Manfred Josef Aigner,et al.  Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks , 2001, CHES.

[22]  Henk L. Muller,et al.  Random Register Renaming to Foil DPA , 2001, CHES.

[23]  Marc Joye,et al.  Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[24]  Alfred Menezes,et al.  Software Implementation of the NIST Elliptic Curves Over Prime Fields , 2001, CT-RSA.

[25]  M. Joye,et al.  Universal Exponentiation Algorithm A First Step towards Provable SPA-Resistance , 2001 .

[26]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[27]  Henk L. Muller,et al.  Non-deterministic Processors , 2001, ACISP.

[28]  Christophe Clavier,et al.  Universal Exponentiation Algorithm , 2001, CHES.

[29]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[30]  Tsuyoshi Takagi,et al.  A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[31]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[32]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.