Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves

This paper deals with the protection of elliptic curve scalar multiplications against side-channel analysis by using the atomicity principle. Unlike other atomic patterns, we investigate new formulae with same cost for both doubling and addition. This choice is particularly well suited to evaluate double scalar multiplications with the Straus-Shamir trick. Thus, in situations where this trick is used to evaluate single scalar multiplications our pattern allows an average improvement of \(40\,\%\) when compared with the most efficient atomic scalar multiplication published so far. Surprisingly, in other cases our choice remains very efficient. Besides, we also point out a security threat when the curve parameter \(a\) is null and propose an even more efficient pattern in this case.

[1]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[2]  William Dupuy,et al.  Resistance of Randomized Projective Coordinates Against Power Analysis , 2005, CHES.

[3]  Henk L. Muller,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001, Lecture Notes in Computer Science.

[4]  Elisabeth Oswald,et al.  Template Attacks on ECDSA , 2009, WISA.

[5]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[6]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[7]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[8]  J. Solinas Low-Weight Binary Representations for Pairs of Integers , 2001 .

[9]  Elaine B. Barker Digital Signature Standard (DSS) [includes Change Notice 1 from 12/30/1996] | NIST , 1994 .

[10]  James A. Muir,et al.  Efficient Integer Representations for Cryptographic Operations , 2004 .

[11]  Tsuyoshi Takagi,et al.  Zero-Value Point Attacks on Elliptic Curve Cryptosystem , 2003, ISC.

[12]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[13]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[14]  Ferrell S. Wheeler,et al.  Signed Digit Representations of Minimal Hamming Weight , 1993, IEEE Trans. Computers.

[15]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[16]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[17]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[18]  Marc Joye,et al.  Memory-Constrained Implementations of Elliptic Curve Cryptography in Co-Z Coordinate Representation , 2011, AFRICACRYPT.

[19]  Marc Joye,et al.  Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic , 2011, Journal of Cryptographic Engineering.

[20]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[21]  Jean-Charles Faugère,et al.  Attacking (EC)DSA Given Only an Implicit Hint , 2012, Selected Areas in Cryptography.

[22]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[23]  Helmut Prodinger,et al.  The alternating greedy expansion and applications to computing digit expansions from left-to-right in cryptography , 2005, Theor. Comput. Sci..

[24]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[25]  Patrick Longa,et al.  Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems over Prime Fields , 2008, IACR Cryptol. ePrint Arch..

[26]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .

[27]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[28]  Yasuyuki Nogami,et al.  Width-3 Joint Sparse Form , 2010, ISPEC.

[29]  Bodo Möller,et al.  Improved Techniques for Fast Exponentiation , 2002, ICISC.

[30]  Éliane Jaulmes,et al.  Horizontal Collision Correlation Attack on Elliptic Curves , 2013, Selected Areas in Cryptography.

[31]  Vincent Verneuil,et al.  Atomicity Improvement for Elliptic Curve Scalar Multiplication , 2010, CARDIS.

[32]  Tsuyoshi Takagi,et al.  A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[33]  Alexandre Venelli,et al.  Redundant Modular Reduction Algorithms , 2011, CARDIS.

[34]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[35]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[36]  D. Chudnovsky,et al.  Sequences of numbers generated by addition in formal groups and new primality and factorization tests , 1986 .

[37]  Tsuyoshi Takagi,et al.  Signed Binary Representations Revisited , 2004, CRYPTO.

[38]  Jean-Pierre Seifert,et al.  Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks , 2002, IACR Cryptol. ePrint Arch..

[39]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.