Fast Elliptic Curve Arithmetic and Improved Weil Pairing Evaluation

The side channel attack (SCA) is a serious attack on wearable devices that have scarce computational resources. Cryptographic algorithms on them should be efficient using small memory -- we have to make efforts to optimize the trade-off between efficiency and memory. In this paper we present efficient SCA-resistant scalar multiplications based on window method. Moller proposed an SPA-resistant window method based on 2w-ary window method, which replaces w-consecutive zeros to 1 plus w-consecutive 1 and it requires 2w points of table (or 2w-1 +1 points if the signed 2w-ary is used). The most efficient window method with small memory is the width-w NAF, which requires 2w-2 points of table. In this paper we convert the width-w NAF to an SPA-resistant addition chain. Indeed we generate a scalar sequence with the fixed pattern, e.g. |0..0x|0..0x|...|0..0x|, where x is positive odd points < 2w. Thus the size of the table is 2w-1, which is optimal in the construction of the SPA-resistant chain based on width-w NAF. The table sizes of the proposed scheme are 6% to 50% smaller than those of Moller's scheme for w = 2, 3, 4, 5, which are relevant choices in the sense of efficiency for 160-bit ECC.

[1]  Kunihiko Miyazaki,et al.  A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve Secure against Side Channel Attacks , 2001, ICISC.

[2]  Marc Joye,et al.  Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography , 2001, Public Key Cryptography.

[3]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[4]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[5]  Bodo Möller,et al.  Securing Elliptic Curve Point Multiplication against Side-Channel Attacks , 2001, ISC.

[6]  C. D. Walter,et al.  Some Security Aspects of the M IST Randomized Exponentiation Algorithm , 2002, CHES.

[7]  Bodo Möller,et al.  Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks , 2002, ISC.

[8]  Jean-Pierre Seifert,et al.  Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks , 2002, IACR Cryptol. ePrint Arch..

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Paul Montague,et al.  A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis , 2002, ACISP.

[11]  Kouichi Sakurai,et al.  On the Power of Multidoubling in Speeding Up Elliptic Scalar Multiplication , 2001, Selected Areas in Cryptography.

[12]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[13]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[14]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[15]  Kouichi Sakurai,et al.  On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling , 2002, ACISP.

[16]  Bodo Möller Algorithms for Multi-exponentiation , 2001, Selected Areas in Cryptography.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Marc Joye,et al.  Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[19]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[20]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[21]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[22]  Atsuko Miyaji,et al.  Efficient elliptic curve exponentiation , 1997, ICICS.

[23]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[24]  Jerome A. Solinas,et al.  Efficient Arithmetic on Koblitz Curves , 2000, Des. Codes Cryptogr..

[25]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[26]  Yukio Tsuruoka,et al.  Speeding up Elliptic Cryptosystems by Using a Signed Binary Window Method , 1992, CRYPTO.

[27]  Antoine Joux,et al.  The Weil and Tate Pairings as Building Blocks for Public Key Cryptosystems , 2002, ANTS.

[28]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[29]  Tsuyoshi Takagi,et al.  A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[30]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[31]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[32]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[33]  C. D. Walter,et al.  Breaking the Liardet-Smart Randomized Exponentiation Algorithm , 2002, CARDIS.

[34]  Kouichi Sakurai,et al.  Fast Multi-scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy Using Montgomery Trick , 2002, CHES.

[35]  Manfred Josef Aigner,et al.  Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks , 2001, CHES.

[36]  Kouichi Itoh,et al.  Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA , 2002, CHES.

[37]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[38]  Kouichi Sakurai,et al.  A Second-Order DPA Attack Breaks a Window-Method Based Countermeasure against Side Channel Attacks , 2002, ISC.

[39]  Elisabeth Oswald,et al.  Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems , 2002, CHES.

[40]  C.K. Koc,et al.  Architectures for unified field inversion with applications in elliptic curve cryptography , 2002, 9th International Conference on Electronics, Circuits and Systems.

[41]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.