Abstract
The side channel attack (SCA) is a serious attack on wearable devices that have scarce computational resources. Cryptographic algorithms on them should be efficient using small memory — we have to make efforts to optimize the trade-off between efficiency and memory. In this paper we present efficient SCA-resistant scalar multiplications based on window method. Möller proposed an SPA-resistant window method based on 2w-ary window method, which replaces w-consecutive zeros to 1 plus w-consecutive 1 and it requires 2w points of table (or 2w-1 +1 points if the signed 2w-ary is used). The most efficient window method with small memory is the width-w NAF, which requires 2w-2 points of table. In this paper we convert the width-w NAF to an SPA-resistant addition chain. Indeed we generate a scalar sequence with the fixed pattern, e.g. 0..0x0..0x...0..0x, where x is positive odd points < 2w. Thus the size of the table is 2w-1, which is optimal in the construction of the SPA-resistant chain based on width-w NAF. The table sizes of the proposed scheme are 6% to 50% smaller than those of Möller’s scheme for w = 2, 3, 4, 5, which are relevant choices in the sense of efficiency for 160-bit ECC.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ANSI X9.62, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), (1999). 333
Brier, É., Joye, M., Weierstrass Elliptic Curves and Side-Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 335–345. 329, 332, 333
I. Blake, G. Seroussi, and N. Smart, Elliptic Curves in Cryptography, Cambridge University Press, 1999. 331
Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’ 98, LNCS1514, (1998), 51–65. 330
Coron, J. S., Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 292–302. 329, 332, 333, 337, 339, 340
National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46 (FIPS PUB 46), (1977). 332
Fischer, W., Giraud, C., Knudsen, E. W., Seifert, J. P., Parallel scalar multiplication on general elliptic curves over F p hedged against Non-Differential Side-Channel Attacks, International Association for Cryptologic Research (IACR), Cryptology ePrint Archive 2002/007, (2002). Available at http://eprint.iacr.org/ 329, 332
Hitchcock, Y., Montague, P., A New Elliptic Curve Scalar Multiplication Algorithm to Resist Simple Power Analysis, Information Security and Privacy, 7th Australasian Conference, (ACISP 2002), LNCS2384, (2002), 214–225. 329, 339, 340
Itoh, K., Izu, T., and Takenaka, M., Address-bit Differential Power Analysis on Cryptographic Schemes OK-ECDH and OK-ECDSA, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.
Itoh, K., Yajima, J., Takenaka, M., and Torii, N., DPA Countermeasures by improving the Window Method, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002. 329
IEEE P1363, Standard Specifications for Public-Key Cryptography. http://groupe.ieee.org/groups/1363/ 330
Izu, T., Takagi, T., A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks, Public Key Cryptography (PKC2002), LNCS2274, (2002), 280–296. 329, 332, 333
Joye, M., Quisquater, J. J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 402–410. 333
Joye, M., Tymen, C., Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography, Public Key Cryptography 2001 (PKC2001), pp.353–364, LNCS1992, 2001. 338
Joye, M., Tymen, C., Protections against differential analysis for elliptic curve cryptography: An algebraic approach, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 377–390. 333, 337
Koblitz, N., Elliptic curve cryptosystems, Math. Comp. 48, (1987), 203–209.
Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’ 96, LNCS1109, (1996), 104–113. 328, 332
Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’ 99, LNCS1666, (1999), 388–397. 328, 332
K. Koyama and Y. Tsuruoka, Speeding Up Elliptic Curve Cryptosystems using a Signed Binary Windows Method, Advances in Cryptology-CRYPTO’ 92, LNCS740, (1992), pp.345–357. 331
Liardet, P. Y., Smart, N. P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 391–401. 329, 333
Miller, V. S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’ 85, LNCS218,(1986), pp.417–426.
Atsuko Miyaji, Takatoshi Ono, Henri Cohen, Efficient elliptic curve exponentiation, Information and Communication Security (ICICS 1997), (1997), pp.282–291. 331
Möller, B., Securing Elliptic Curve Point Multiplication against Side-Channel Attacks, Information Security (ISC2001), LNCS2200, (2001), 324–334. 329, 337
Möller, B., Securing elliptic curve point multiplication against side-channel attacks, addendum: Efficiency improvement. http://www.informatik.tudarmstadt.de/TI/Mitarbeiter/moeller/ecc-scaisc01.pdf, (2001). 329, 337
Möller, B., Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks, Information Security Conference (ISC 2002), LNCS2433, (2002), 402–413.
National Institute of Standards and Technology, FIPS 186-2, http://csrc.nist.gov/publication/fips/fips186-2/fips186-2.pdf
Oswald, E., Aigner, M., Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 39–50. 329, 333
Okeya, K., Miyazaki, K., Sakurai, K., A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks, The 4th International Conference on Information Security and Cryptology (ICISC 2001), LNCS2288, (2002), 428–439. 333
Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190. 329, 332
Okeya, K., Sakurai, K., On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling, The 7th Australasian Conference in Information Security and Privacy, (ACISP 2002), LNCS2384, (2002), 420–435. 329, 333
Okeya, K., Sakurai, K., Fast Multi-Scalar Multiplication Methods on Elliptic Curves with Precomputation Strategy using Montgomery Trick, Cryptographic Hardware and Embedded System (CHES 2002), Pre-Proceedings, (2002), 566–581. 338
Okeya, K., Sakurai, K., A Second-Order DPA Attack Breaks a Windowmethod based Countermeasure against Side Channel Attacks, Information Security Conference (ISC 2002), LNCS2433, (2002), 389–401. 337
Oswald, E., Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.
Rivest, R. L., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol.21, No.2, (1978), 120–126. 332
Solinas, J. A., Efficient Arithmetic on Koblitz Curves, Design, Codes and Cryptography, 19, (2000), 195–249. 329, 331
Walter, C. D., Some Security Aspects of the Mist Randomized Exponentiation Algorithm, to appear in Workshop on Cryptographic Hardware and Embedded Systems 2002 (CHES 2002), 2002.
Walter, C. D., Breaking the Liardet-Smart Randomized Exponentiation Algorithm, to apper in CARDIS’02. 329, 333
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okeya, K., Takagi, T. (2003). The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_23
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_23
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive