Secure Elliptic Curve Exponentiation against RPA, ZRA, DPA, and SPA

In the execution on a smart card, side channel attacks such as the simple power analysis (SPA) and the differential power analysis (DPA) have become serious threat. Side channel attacks monitor the side channel information such as power consumption and even exploit the leakage information related to power consumption to reveal bits of a secret key d although d is hidden inside a smart card. Almost public key cryptosystems including RSA, DLP-based cryptosystems, and elliptic curve cryptosystems execute an exponentiation algorithm with a secret-key exponent, and they thus suffer from both SPA and DPA. In the case of elliptic curve cryptosystems, DPA is improved to the refined power analysis (RPA), which exploits a special point with a zero value and reveals a secret key. RPA is further generalized to zero-value register attack (ZRA). Both RPA and ZRA utilize a special feature of elliptic curves that happens to have a special point or a register used in addition and doubling formulae with a zero value and that the power consumption of 0 is distinguishable from that of a non-zero element. To make the matters worse, some previous efficient countermeasures to DPA are neither resistant to RPA nor ZRA. This paper focuses on elegant countermeasures of elliptic curve exponentiations against RPA, ZRA, DPA and SPA. Our novel countermeasure is easily generalized to be more efficient algorithm with a pre-computed table.

[1]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[2]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[3]  J. Pollard,et al.  Monte Carlo methods for index computation () , 1978 .

[4]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[7]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[8]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[9]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[10]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1991, STOC '91.

[11]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[12]  G. Frey,et al.  A remark concerning m -divisibility and the discrete logarithm in the divisor class group of curves , 1994 .

[13]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[14]  Atsuko Miyaji,et al.  Efficient elliptic curve exponentiation , 1997, ICICS.

[15]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[16]  Takakazu Satoh,et al.  Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves , 1998 .

[17]  Igor A. Semaev,et al.  Evaluation of discrete logarithms in a group of p-torsion points of an elliptic curve in characteristic p , 1998, Math. Comput..

[18]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[19]  Kouichi Itoh,et al.  Fast Implementation of Public-Key Cryptography ona DSP TMS320C6201 , 1999, CHES.

[20]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[21]  Nigel P. Smart,et al.  The Discrete Logarithm Problem on Elliptic Curves of Trace One , 1999, Journal of Cryptology.

[22]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[23]  J. Solinas Low-Weight Binary Representations for Pairs of Integers , 2001 .

[24]  Bodo Möller,et al.  Securing Elliptic Curve Point Multiplication against Side-Channel Attacks , 2001, ISC.

[25]  M. Joye,et al.  Universal Exponentiation Algorithm A First Step towards Provable SPA-Resistance , 2001 .

[26]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[27]  Bodo Möller,et al.  Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks , 2002, ISC.

[28]  Roberto Maria Avanzi,et al.  On multi-exponentiation in cryptography , 2002, IACR Cryptol. ePrint Arch..

[29]  Kouichi Itoh,et al.  Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA , 2002, CHES.

[30]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[31]  Tsuyoshi Takagi,et al.  The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks , 2003, CT-RSA.

[32]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[33]  Nigel P. Smart,et al.  An Analysis of Goubin's Refined Power Analysis Attack , 2003, CHES.

[34]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.

[35]  Kouichi Itoh,et al.  Efficient Countermeasures against Power Analysis for Elliptic Curve Cryptosystems , 2004, CARDIS.

[36]  JaeCheol Ha,et al.  Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption , 2005, Mycrypt.

[37]  Tsuyoshi Takagi,et al.  Zero-Value Register Attack on Elliptic Curve Cryptosystem , 2005, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[38]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[39]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.