A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
Abstract:As Elliptic Curve Cryptosystems are becoming more and more popular and are included in many standards, an increasing demand has appeared for secure implementations that are not vulnerable to side-channel attacks. To achieve this goal, several generic countermeasures against Power Analysis have been proposed in recent years.In particular, to protect the basic scalar multiplication - on an elliptic curve - against Differential Power Analysis (DPA), it has often been recommended using "random projective coordinates", "random elliptic curve isomorphisms" or "random field isomorphisms". So far, these countermeasures have been considered by many authors as a cheap and secure way of avoiding the DPA attacks on the "scalar multiplication" primitive. However we show in the present paper that, for many elliptic curves, such a DPA-protection of the "scalar" multiplication is not sufficient. In a chosen message scenario, a Power Analysis attack is still possible even if one of the three aforementioned countermeasures is used. We expose a new Power Analysis strategy that can be successful for a large class of elliptic curves, including most of the sample curves recommended by standard bodies such as ANSI, IEEE, ISO, NIST, SECG or WTLS.This result means that the problem of randomizing the basepoint may be more difficult than expected and that "standard" techniques have still to be improved, which may also have an impact on the performances of the implementations.
暂无分享,去 创建一个
[1] Kunihiko Miyazaki,et al. A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve Secure against Side Channel Attacks , 2001, ICISC.
[2] Kouichi Sakurai,et al. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve , 2001, CHES.
[3] Jean-Pierre Seifert,et al. Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks , 2002, IACR Cryptol. ePrint Arch..
[4] Antonio Bellezza. Countermeasures against Side-Channel Attacks for Elliptic Curve Cryptosystems , 2001, IACR Cryptol. ePrint Arch..
[5] Victor S. Miller,et al. Use of Elliptic Curves in Cryptography , 1985, CRYPTO.
[6] Alfred Menezes,et al. The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.
[7] Tsuyoshi Takagi,et al. A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.
[8] Atsuko Miyaji,et al. Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.
[9] M. Anwar Hasan,et al. Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems , 2000, IEEE Trans. Computers.
[10] Marc Joye,et al. Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.
[11] C. Paar,et al. Universal Exponentiation Algorithm – A First Step Towards Provable SPA-resistance – , 2001 .
[12] Kouichi Sakurai,et al. Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.
[13] Nigel P. Smart,et al. The Hessian Form of an Elliptic Curve , 2001, CHES.
[14] Christophe Clavier,et al. Universal Exponentiation Algorithm , 2001, CHES.
[15] Nigel P. Smart,et al. Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.
[16] Robert H. Sloan,et al. Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.
[17] Kouichi Sakurai,et al. Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.
[18] P. L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization , 1987 .
[19] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .
[20] N. Koblitz. Elliptic curve cryptosystems , 1987 .
[21] Marc Joye,et al. Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.
[22] Bodo Möller,et al. Securing Elliptic Curve Point Multiplication against Side-Channel Attacks , 2001, ISC.
[23] Jean-Sébastien Coron,et al. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.
[24] Marc Joye,et al. Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.
[25] Ian F. Blake,et al. Elliptic curves in cryptography , 1999 .
[26] Gordon B. Agnew,et al. An Implementation of Elliptic Curve Cryptosystems Over F2155 , 1993, IEEE J. Sel. Areas Commun..
[27] Ricardo Dahab,et al. Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.