The Montgomery Powering Ladder

This paper gives a comprehensive analysis of Montgomery powering ladder. Initially developed for fast scalar multiplication on elliptic curves, we extend the scope of Montgomery ladder to any exponentiation in an abelian group. Computationally, the Montgomery ladder has the triple advantage of presenting a Lucas chain structure, of being parallelized, and of sharing a common operand. Furthermore, contrary to the classical binary algorithms, it behaves very regularly, which makes it naturally protected against a large variety of implementation attacks.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[5]  Sung-Ming Yen,et al.  Common-multiplicand multiplication and its applications to public key cryptography , 1993 .

[6]  Gordon B. Agnew,et al.  An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..

[7]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[8]  Sung-Ming Yen,et al.  Fast algorithms for LUC digital signature computation , 1995 .

[9]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[10]  Bart Preneel,et al.  Topics in Cryptology — CT-RSA 2002 , 2002, Lecture Notes in Computer Science.

[11]  Tsuyoshi Takagi,et al.  A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[12]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[13]  Kouichi Sakurai,et al.  Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve , 2001, CHES.

[14]  Jean-Pierre Seifert,et al.  Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks , 2002, IACR Cryptol. ePrint Arch..

[15]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[16]  Tzong-Chen Wu,et al.  Improved generalisation common-multiplicand multiplications algorithm of Yen and Laih , 1995 .

[17]  Kouichi Sakurai,et al.  Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.

[18]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[19]  Sung-Ming Yen,et al.  Improved Common-Multiplicand Multiplication and Fast Exponentiation by Exponent Decomposition , 1997 .

[20]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[21]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[22]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[23]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[24]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[25]  Peter J. Smith,et al.  LUC: A New Public Key System , 1993, SEC.

[26]  Kwangjo Kim,et al.  Information Security and Cryptology — ICISC 2001 , 2002, Lecture Notes in Computer Science.

[27]  Moti Yung,et al.  Observability Analysis - Detecting When Improved Cryptosystems Fail , 2002, CT-RSA.

[28]  Atsuko Miyaji,et al.  Efficient elliptic curve exponentiation , 1997, ICICS.

[29]  Marc Joye,et al.  Efficient computation of full Lucas sequences , 1996 .

[30]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[31]  C. Pomerance,et al.  Prime Numbers: A Computational Perspective , 2002 .