Skip to main content
SpringerLink
Log in

Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves

  • Conference paper
  • First Online:
Smart Card Research and Advanced Applications (CARDIS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8419))

Abstract

This paper deals with the protection of elliptic curve scalar multiplications against side-channel analysis by using the atomicity principle. Unlike other atomic patterns, we investigate new formulæ with same cost for both doubling and addition. This choice is particularly well suited to evaluate double scalar multiplications with the Straus-Shamir trick. Thus, in situations where this trick is used to evaluate single scalar multiplications our pattern allows an average improvement of \(40\,\%\) when compared with the most efficient atomic scalar multiplication published so far. Surprisingly, in other cases our choice remains very efficient. Besides, we also point out a security threat when the curve parameter \(a\) is null and propose an even more efficient pattern in this case.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A trick from Montgomery [24] enables to evaluate several inverses at the cost of only one inversion and few multiplications: \(\frac{1}{a}=\frac{1}{ab}\cdot b\), \(\frac{1}{b}=\frac{1}{ab}\cdot a\).

References

  1. Arno, S., Wheeler, F.: Signed digit representations of minimal Hamming weight. IEEE Trans. Comput. 42(8), 1007–1009 (1993)

    Article  Google Scholar 

  2. Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache and Paillier [25], pp. 335–345

    Google Scholar 

  3. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. Cryptology ePrint Archive, Report 2003/237 (2003). http://eprint.iacr.org/

  4. Chudnovsky, D.V., Chudnovsky, G.V.: Sequences of numbers genereated by addition in formal groups and new primality and factorization tests. Adv. Appl. Math. 7, 385–434 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  5. Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  6. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  7. ECC Brainpool: ECC brainpool standard curves and curve generation. BSI, internet Draft v. 3, (2009). http://tools.ietf.org/html/draft-lochter-pkix-brainpool-ecc-03

  8. ElGamal, T.: A public-key cryptosystems and a signature scheme based on discret logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  9. Faugère, J.-C., Goyet, C., Renault, G.: Attacking (EC)DSA given only an implicit hint. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 252–274. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. FIPS PUB 186–4: Digital Signature Standard. National Institute of Standards and Technology, July 2013

    Google Scholar 

  11. Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P.: Parallel scalar multiplication on general elliptic curves over \(\mathbb{F}_p\) hedged against non-differential side-channel attacks. Cryptology ePrint Archive, Report 2002/007, Jan 2002. http://eprint.iacr.org/

  12. Giraud, C., Verneuil, V.: Atomicity improvement for elliptic curve scalar multiplication. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 80–101. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Giry, D., Bulens, P.: Keylength.com - Cryptographic Key Length Recommandation, Aug 2007. http://www.keylength.com

  14. Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on weierstraß elliptic curves from co- z arithmetic. J. Cryptol. 1(2), 161–176 (2011)

    Article  Google Scholar 

  15. Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography: Professional Computing Series. Springer, New York (2003)

    Google Scholar 

  16. Hutter, M., Joye, M., Sierra, Y.: Memory-constrained implementations of elliptic curve cryptography in co-Z coordinate representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 170–187. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  17. ISO/IEC JTC1 SC17 WG3/TF5: Supplemental Access Control for Machine Readable Travel Documents. International Civial Aviation Organization, Nov 2010

    Google Scholar 

  18. Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache and Paillier [25], pp. 280–296

    Google Scholar 

  19. JORF n: Avis relatif aux paramètres de courbes elliptiques définis par l’État français, Oct 2011

    Google Scholar 

  20. Knuth, D.: The Art of Computer Programming, vol. 2, 3rd edn. Addison Wesley, Reading (1988)

    Google Scholar 

  21. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  22. Longa, P.: Accelerating the scalar multiplication on elliptic curve cryptosystems over prime fields. Master’s thesis, School of Information Technology and Engineering, University of Ottawa, Canada (2007)

    Google Scholar 

  23. Möller, B.: Improved techniques for fast exponentiation. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 298–312. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Montgomery, P.: Modular multiplication without trial division. Math. Comp. 44(170), 519–521 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  25. Naccache, D., Paillier, P. (eds.): PKC 2002. LNCS, vol. 2274. Springer, Heidelberg (2002)

    MATH  Google Scholar 

  26. Okeya, K., Kato, H., Nogami, Y.: Width-3 joint sparse form. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 67–84. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  28. Solinas, J.: Low-Weight Binary Representations for Pairs of Integers. Technical report (2001). http://cacr.uwaterloo.ca/techreports/2001/corr2001-41.ps

  29. Solinas, J.A.: Efficient arithmetic on koblitz curves. Des. Codes Crypt. 19(2/3), 195–249 (2000)

    Article  MATH  MathSciNet  Google Scholar 

  30. Straus, E.G.: Addition chains of vectors (problem 5125). Am. Math. Monthly 70, 806–808 (1964)

    MathSciNet  Google Scholar 

Download references

Acknowledgements

The author is grateful to Christophe Giraud and Emmanuelle Dottax for their valuable comments on preliminary versions of this article. Many thanks also go to anonymous reviewers of Cardis 2013 for their advices.

Author information

Authors and Affiliations

  1. Oberthur Technologies, Crypto Group, 420, Rue Estienne D’Orves, 92 700, Colombes, France

    Franck Rondepierre

Authors
  1. Franck Rondepierre
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Franck Rondepierre .

Editor information

Editors and Affiliations

  1. EURECOM, Biot, France

    Aurélien Francillon

  2. Cryptography Research Inc., San Francisco, California, USA

    Pankaj Rohatgi

Atomic Patterns

Atomic Patterns

The patterns for any value \(a\) allow to perform an addition or doubling at a cost of \(3S+8M+9A\). These patterns implement Formulæ (9) and (4):

Table 11. Atomic patterns for the case \(a=0\) (left-hand side) and for any value \(a\) (right-hand side)
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Rondepierre, F. (2014). Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves. In: Francillon, A., Rohatgi, P. (eds) Smart Card Research and Advanced Applications. CARDIS 2013. Lecture Notes in Computer Science(), vol 8419. Springer, Cham. https://doi.org/10.1007/978-3-319-08302-5_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-08302-5_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-08301-8

  • Online ISBN: 978-3-319-08302-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation