A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve Secure against Side Channel Attacks

  • Katsuyuki Okeya
  • Kunihiko Miyazaki
  • Kouichi Sakurai
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2288)


In this paper, we propose a scalar multiplication method that does not incur a higher computational cost for randomized projective coordinates of the Montgomery form of elliptic curves. A randomized projective coordinates method is a countermeasure against side channel attacks on an elliptic curve cryptosystem in which an attacker cannot predict the appearance of a specific value because the coordinates have been randomized. However, because of this randomization, we cannot assume the Z-coordinate to be 1. Thus, the computational cost increases by multiplications of Z-coordinates, 10%. Our results clarify the advantages of cryptographic usage of Montgomery-form elliptic curves in constrained environments such as mobile devices and smart cards.


Elliptic Curve Cryptosystem Montgomery Form Side Channel Attacks Randomized Projective Coordinates 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. CMO98.
    Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’ 98, LNCS1514, (1998), 51–65.CrossRefGoogle Scholar
  2. Cor99.
    Coron, J.S., Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 292–302.CrossRefGoogle Scholar
  3. DES.
    National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46 (FIPS PUB 46), (1977).Google Scholar
  4. JQ01.
    Joye, M., Quisquater, J.J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 402–410.CrossRefGoogle Scholar
  5. JT01.
    Joye, M., Tymen, C., Protections against differential analysis for elliptic curve cryptography: An algebraic approach, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 377–390.CrossRefGoogle Scholar
  6. Kob87.
    Koblitz, N., Elliptic curve cryptosystems, Math. Comp. 48, (1987), 203–209.MATHCrossRefMathSciNetGoogle Scholar
  7. Koc.
    Kocher, C., Cryptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks, Available at http://www.cryptography.com/
  8. Koc96.
    Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’ 96, LNCS1109, (1996), 104–113.CrossRefGoogle Scholar
  9. KJJ98.
    Kocher, C., Jaffe, J., Jun, B., Introduction to Differential Power Analysis and Related Attacks, Available at http://www.cryptography.com/dpa/technical/
  10. KJJ99.
    Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’ 99, LNCS1666, (1999), 388–397.Google Scholar
  11. LH00.
    Lim, C.H., Hwang, H.S., Fast implementation of Elliptic Curve Arithmetic in GF(p m), Public Key Cryptography (PKC2000) LNCS1751, (2000), 405–421.Google Scholar
  12. LS01.
    Liardet, P.Y., Smart, N.P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 391–401.CrossRefGoogle Scholar
  13. Mil86.
    Miller, V.S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’ 85, LNCS218,(1986),417–426.Google Scholar
  14. Mon87.
    Montgomery, P.L., Speeding the Pollard and Elliptic Curve Methods of Factorizations, Math. Comp. 48, (1987), 243–264MATHCrossRefMathSciNetGoogle Scholar
  15. OKS00.
    Okeya, K., Kurumatani, H., Sakurai, K., Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications, Public Key Cryptography (PKC2000), LNCS1751, (2000), 238–257.Google Scholar
  16. OS00.
    Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190.Google Scholar
  17. OS01.
    Okeya, K., Sakurai, K., Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 126–141.CrossRefGoogle Scholar
  18. RSA78.
    Rivest, R.L., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol.21, No.2, (1978), 120–126.MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Katsuyuki Okeya
    • 1
  • Kunihiko Miyazaki
    • 1
  • Kouichi Sakurai
    • 2
  1. 1.Systems Development LaboratoryHitachi, Ltd.YokohamaJapan
  2. 2.Graduate School of Information Science and Electrical EngineeringKyushu UniversityFukuokaJapan

Personalised recommendations