Weierstraß Elliptic Curves and Side-Channel Attacks

  • Éric Brier
  • Marc Joye
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2274)

Abstract

Recent attacks show how an unskilled implementation of elliptic curve cryptosystems may reveal the involved secrets from a single execution of the algorithm. Most attacks exploit the property that addition and doubling on elliptic curves are different operations and so can be distinguished from side-channel analysis. Known countermeasures suggest to add dummy operations or to use specific parameterizations. This is at the expense of running time or interoperability.

This paper shows how to rewrite the addition on the general Weierstraß form of elliptic curves so that the same formulæ apply equally to add two different points or to double a point. It also shows how to generalize to the Weierstraß form a protection method previously applied to a specific form of elliptic curves due to Montgomery.

The two proposed methods offer generic solutions for preventing sidechannel attacks. In particular, they apply to all the elliptic curves recommended by the standards.

References

  1. CJ01.
    Christophe Clavier and Marc Joye. Universal exponentiation algorithm: A first step towards provable SPA-resistance. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 305–314. Springer-Verlag, 2001.CrossRefGoogle Scholar
  2. Cor99.
    Jean-Sébastien Coron. Resistance against differential power analysis for elliptic curve cryptosystems. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems (CHES’ 99), volume 1717 of Lecture Notes in Computer Science, pages 292–302. Springer-Verlag, 1999.CrossRefGoogle Scholar
  3. DMPW98.
    Erik De Win, Serge Mister, Bart Preneel, and Michael Wiener. On the performance of signature schemes based on elliptic curves. In J.-P. Buhler, editor, Algorithmic Number Theory Symposium, volume 1423 of Lecture Notes in Computer Science, pages 252–266. Springer-Verlag, 1998.Google Scholar
  4. JQ01.
    Marc Joye and Jean-Jacques Quisquater. Hessian elliptic curves and sidechannel attacks. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 412–420. Springer-Verlag, 2001.Google Scholar
  5. JT01.
    Marc Joye and Christophe Tymen. Protections against differential analysis for elliptic curve cryptography: an algebraic approach. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 386–400. Springer-Verlag, 2001.Google Scholar
  6. KJJ99.
    Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology-CRYPTO’99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag, 1999.CrossRefGoogle Scholar
  7. Knu81.
    Donald E. Knuth. The art of computer programming, v. 2. Seminumerical algorithms. Addison-Welsley, 2nd edition, 1981.Google Scholar
  8. Koc96.
    Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology —CRYPTO’96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, 1996.Google Scholar
  9. LD99.
    Julio López and Ricardo Dahab. Fast multiplication on elliptic curves over GF(2m) without precomputation. In Ç.K. Koç and C. Paar, editors, Cryptographic Hardware and Embedded Systems, volume 1717 of Lecture Notes in Computer Science, pages 316–327. Springer-Verlag, 1999.CrossRefGoogle Scholar
  10. LS01.
    Pierre-Yvan Liardet and Nigel P. Smart. Preventing SPA/DPA in ECC systems using the Jacobi form. In Ç.K. Koç, D. Naccache, and C. Paar, editors, Cryptographic Hardware and Embedded Systems-CHES 2001, volume 2162 of Lecture Notes in Computer Science, pages 401–411. Springer-Verlag, 2001.CrossRefGoogle Scholar
  11. MO90.
    François Morain and Jorge Olivos. Speeding up the computations on an elliptic curve using addition-subtraction chains. Theoretical Informatics and Applications, 24:531–543, 1990.MATHMathSciNetGoogle Scholar
  12. Möl01.
    Bodo Möller. Securing elliptic curve point multiplication against sidechannel attacks. In G.I. Davida and Y. Frankel, editors, Information Security, volume 2200 of Lecture Notes in Computer Science, pages 324–334. Springer-Verlag, 2001.CrossRefGoogle Scholar
  13. Mon87.
    Peter L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation, 48(177):243–264, January 1987.MATHCrossRefMathSciNetGoogle Scholar
  14. NIST00.
    National Institute of Standards and Technology (NIST). Digital signature standard (DSS). FIPS PUB 186-2, 2000.Google Scholar
  15. OS00.
    Katsuyuki Okeya and Kouichi Sakurai. Power analysis breaks elliptic curve cryptosystems even secure against the timing attack. In B. Roy and E. Okamoto, editors, Progress in Cryptology — INDOCRYPT2000, volume 1977 of Lecture Notes in Computer Science, pages 178–190. Springer-Verlag, 2000.Google Scholar
  16. SECG00.
    Certicom Research. Standards for efficient cryptography. Version 1.0, 2000. Available at url http://www.secg.org/.
  17. Sil86.
    Joseph H. Silverman. The arithmetic of elliptic curves, volume 106 of Graduate Texts in Mathematics. Springer-Verlag, 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Éric Brier
    • 1
  • Marc Joye
    • 1
  1. 1.Card Security GroupGemplus Card InternationalGémenosFrance

Personalised recommendations