Efficient Countermeasures Against Power Analysis for Elliptic Curve Cryptosystems

  • Kouichi Itoh
  • Tetsuya Izu
  • Masahiko Takenaka
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 153)


The power analysis on smart cards is a real threat for cryptographic applications. In spite of continuous efforts of previous countermeasures, recent improved and sophisticated attacks against Elliptic Curve Cryptosystems are not protected. This paper proposes two new countermeasures, the Randomized Linearly-transformed Coordinates (RLC) and the Randomized Initial Point (RIP) against the attacks including the Refined Power Analysis (RPC) by Goubin and the Zero-value Point Analysis (ZPA) by Akishita-Takagi. Proposed countermeasures achieve notable speed-up without reducing the security level.


Smart cards power analysis Elliptic Curve Cryptosystems countermeasure 


  1. [1]
    R. Avanzi, “Countermeasures against Differential Power Analysis for Hyperelliptic Curve Cryptosystems”, CHES 2003, LNCS 2779, pp.366–381, Springer-Verlag, 2003.Google Scholar
  2. [2]
    T. Akishita, and T. Takagi, “Zero-value Point Attacks on Elliptic Curve Cryptosystem”, ISC 2003, LNCS 2851, pp.218–233, Springer-Verlag, 2003.Google Scholar
  3. [3]
    T. Akishita, and T. Takagi, “On the Optimal Parameter Choice for Elliptic Curve Cryptosystems Using Isogeny”, PKC 2004, LNCS 2947, pp.346–359, Springer-Verlag, 2004.MathSciNetGoogle Scholar
  4. [4]
    E. Brier, and M. Joye, “Weierstraß Elliptic Curves and Side-Channel Attacks”, PKC 2002, LNCS 2274, pp.335–345, Springer-Verlag, 2002.Google Scholar
  5. [5]
    J. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystem”, CHES’99, LNCS 1717, pp.292–302, Springer-Verlag, 1999.zbMATHGoogle Scholar
  6. [6]
    C. Clavier, and M. Joye, “Universal exponentiation algorithm-A first step towards provable SPA-resistance”, CHES 2001, LNCS 2162, pp. 300–308, Springer-Verlag, 2001.MathSciNetGoogle Scholar
  7. [7]
    M. Ciet, and M. Joye, “(Virtually) Free Randomization Technique for Elliptic Curve Cryptography”, ICICS 2003, LNCS 2836, pp. 348–359, Springer-Verlag, 2003.Google Scholar
  8. [8]
    H. Cohen, A. Miyaji, and T. Ono, “Efficient Elliptic Curve Exponentiation Using Mixed Coordinates”, Asiacrypt’98, LNCS 1514, pp.51–65, Springer-Verlag, 1998.MathSciNetGoogle Scholar
  9. [9]
    L. Goubin, “A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems”, PKC 2003, LNCS 2567, pp.199–210, Springer-Verlag, 2003.MathSciNetGoogle Scholar
  10. [10]
    K. Itoh, T. Izu, M. Takenaka, “Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA”, CHES 2002, LNCS 2523, pp.129–143,2003.Google Scholar
  11. [11]
    T. Izu, B. Möller, and T. Takagi, “Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks”, Indocrypt 2002, LNCS 2551, pp.296–313, Springer-Verlag, 2002.Google Scholar
  12. [12]
    T. Izu, and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks”, PKC 2002, LNCS 2274, pp.280–296, Springer-Verlag, 2002.Google Scholar
  13. [13]
    K. Itoh, M. Takenaka, N. Torii, S. Temma, and Y. Kurihara, “Fast Implementation of Public-Key Cryptography on DSP TMS320C6201”, CHES’99, LNCS 1717, pp.61–72,1999.Google Scholar
  14. [14]
    K. Itoh, J. Yajima, M. Takenaka, and N. Torii, “DPA Countermeasures by Improving the Window Method”, CHES 2002, LNCS 2523, pp.303–317, Springer-Verlag, 2003.Google Scholar
  15. [15]
    M. Joye, C. Tymen, “Protections against Differential Analysis for Elliptic Curve Cryptography”, CHES 2001, LNCS 2162, pp.377–390, Springer-Verlag, 2001.MathSciNetGoogle Scholar
  16. [16]
    M. Joye, and S-M. Yen, “The Montgomery Powering Ladder”, CHES 2002, LNCS 2523, pp.291–302, Springer-Verlag, 2003.Google Scholar
  17. [17]
    C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems”, Crypto’96, LNCS 1109,pp.l04–113, Springer-Verlag, 1996.Google Scholar
  18. [18]
    C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis”, Crypto’99, LNCS 1666, pp.388–397, Springer-Verlag, 1999.Google Scholar
  19. [19]
    B. Möller, “Securing Elliptic Curve Point Multiplication against Side-Channel Attacks”, ISC 2001, LNCS 2200, pp.324–334, Springer-Verlag, 2001.zbMATHGoogle Scholar
  20. [20]
    B. Möller, “Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side-Channel Attacks”, ISC 2002, LNCS 2433, pp.402–413, Springer-Verlag, 2002.zbMATHGoogle Scholar
  21. [21]
    P. Montgomery, “Speeding the Pollard and Elliptic Curve Methods for Factorizations”, Math. of Comp, vol.48, pp.243–264, 1987.zbMATHGoogle Scholar
  22. [22]
    T. Messerges, E. Dabbish, and R. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, CHES’99, LNCS 1717, pp. 144–157, Springer-Verlag, 1999.Google Scholar
  23. [23]
    H. Morimoto, H. Mamiya, and A. Miyaji, “Elliptic Curve Cryptosystems Secure against ZPA”(in Japanese), Technical Report of the Institute of Electronicas, Information and Communication Engineers (IEICE), ISEC 2003-103, March, 2004. English version is to appear in the proceedings of CHES 2004.Google Scholar
  24. [24]
    Recommended Elliptic Curves for Federal Government Use, in the appendix of FIPS 186-2, National Institute of Standards and Technology (NIST).Google Scholar
  25. [25]
    E. Oswald, and M. Aigner, “Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks”, CHES 2001, LNCS 2162, pp.39–50, Springer-Verlag, 2001.MathSciNetGoogle Scholar
  26. [26]
    K. Okeya, H. Kurumatani, and K. Sakurai, “Elliptic curves with the Montgomery form and their cryptographic applications”, PKC 2000, LNCS 1751, pp.446–465, Springer-Verlag, 2000.MathSciNetGoogle Scholar
  27. [27]
    K. Okeya, and K. Sakurai, “Power analysis breaks elliptic curve cryptosystem even secure against the timing attack”, Indocrypt 2000, LNCS 1977, pp. 178–190, Springer-Verlag, 2000.MathSciNetGoogle Scholar
  28. [28]
    K. Okeya, and K. Sakurai, “On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling”, ACISP 2002, LNCS 2384, pp.420–435, Springer-Verlag, 2002.Google Scholar
  29. [29]
    K. Okeya, and K. Sakurai, “A Multiple Power Analysis Breaks the Advanced Version of the Randomized Addition-Subtraction Chains Countermeasure against Side Channel Attacks”, to appear in the proceedings of 2003 IEEE Information Theory Workshop.Google Scholar
  30. [30]
    K. Okeya, and T. Takagi, “The Width-w NAF Method Provides Small Memory”, CT-RSA 2003, LNCS 2612, pp.328–342, Springer-Verlag, 2003.MathSciNetGoogle Scholar
  31. [31]
    K. Okeya, and T. Takagi, “A More Flexible Countermeasure against Side Channel Attacks using Window Method”, CHES 2003, LNCS 2779, pp. 397–410 Springer-Verlag, 2003.Google Scholar
  32. [32]
    N. Smart, “An Analysis of Goubin’s Refined Power Analysis Attack”, CHES 2003, LNCS 2779, pp.281–290, Springer-Verlag, 2003.Google Scholar
  33. [33]
    C. Walter, “Security Constraints on the Oswald-Aigner Exponentiation Algorithm”, Cryptology ePrint Archive, Report 2003/013, 2003.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2004

Authors and Affiliations

  • Kouichi Itoh
    • 1
  • Tetsuya Izu
    • 1
  • Masahiko Takenaka
    • 1
  1. 1.Fujitsu Laboratories Ltd.Japan

Personalised recommendations