Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems

  • Jean-Sébastien Coron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1717)


Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smart-cards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC Diffie-Hellman key exchange and EC El-Gamal type encryption. Those attacks enable to recover the private key stored inside the smart-card. Moreover, we suggest countermeasures that thwart our attack.


Elliptic curve power consumption Differential Power Analysis 


  1. 1.
    E. Biham, A. Shamir. Power analysis of the key scheduling of the AES candidates, Proceedings of the second AES Candidate Conference, March 1999, pp. 115–121.Google Scholar
  2. 2.
    E. Brickell, D. Gordon, K. McCurley, D. Wilson. Fast Exponentiation with Pre-computation (Extended Abstract), Advances in Cryptology-Eurocrypt’ 92, LNCS 658 (1993), Springer-Verlag, pp.200–207.CrossRefGoogle Scholar
  3. 3.
    S. Chari, C. Jutla, J.R. Rao, P. Rohatgi. A cautionary note regarding evaluation of AES candidates on smart-cards, Proceedings of the second AES Candidate Conference, March 1999, pp. 133–147.Google Scholar
  4. 4.
    D. Chaum. Security without identification: transaction systems to make Big Brother obsolete, Communications of the ACM, vol.28, n.10, Oct 1985, pp.1030–1044.CrossRefGoogle Scholar
  5. 5.
    J. Daemen, V. Rijmen. Resistance against implementation attacks A comparative study of the AES proposals, Proceedings of the second AES Candidate Conference, March 1999, pp. 122–132.Google Scholar
  6. 6.
    FIPS 46, Data encryption standard, Federal Information Processing Standards Publication 46, U.S. Department of Commerce/National Bureau of Standards, National Technical Information Service, Springfield, Virginia, 1977.Google Scholar
  7. 7.
    W. Diffie and M. Hellman. New directions in cryptography, IEEE Trans. Info. Theory, IT-22, 1976, pp 644–654.MathSciNetCrossRefGoogle Scholar
  8. 8.
    T. El Gamal. A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Info. Theory, IT-31, 1985, pp 469–472.MathSciNetCrossRefGoogle Scholar
  9. 9.
    D.M. Gordon. A Survey of Fast Exponentiation Methods, Journal of Algorithms 27, 129–146 (1998).MathSciNetCrossRefGoogle Scholar
  10. 10.
    IEEE P1363/D7. Standard Specifications for Public Key Cryptography. September 11, 1998.Google Scholar
  11. 11.
    D.E. Knuth, Seminumerical Algorithms, The Art of Computer Programming,2 Addison Wesley, 1969.Google Scholar
  12. 12.
    N. Koblitz. Elliptic Curve Cryptosystems, Mathematics of Computation, vol. 48, 1987, pp. 203–209.MathSciNetCrossRefGoogle Scholar
  13. 13.
    Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems, Advances in Cryptology, Proceedings of Crypto’96, LNCS 1109, N. Koblitz, Ed., Springer-Verlag, 1996, pp. 104–113.Google Scholar
  14. 14.
    Paul Kocher, Joshua Jaffe, and Benjamin Jun, Introduction to Differential Power Analysis and Related Attacks,, 1998.
  15. 15.
    K. Koyama, Y. Tsuruoka, Speeding up elliptic cryptosystems by using a signed binary window method, Advances in Cryptology-Proceedings of Crypto’ 92, LNCS 740, pp. 345–357, Springer-Verlag, Berlin/New-York, 1993.CrossRefGoogle Scholar
  16. 16.
    A. J. Menezes, “Elliptic Curve Public Key Cryptosystems”, Kluwer Academic Publishers, 1993.Google Scholar
  17. 17.
    V.S. Miller. Use of Elliptic Curves in Cryptography, Proceedings of Crypto 85, LNCS 218, Springer, 1986, pp. 417–426.Google Scholar
  18. 18.
    F. Morain, J. Olivos. Speeding up the computation of an elliptic curve using addition-subtraction chains, Inform. Theory Appl. 24 (1990), 531–543.MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Belin Heidelberg 1999

Authors and Affiliations

  • Jean-Sébastien Coron
    • 1
    • 2
  1. 1.Ecole Normale SupérieureParisFrance
  2. 2.Gemplus Card InternationalIssy-les-MoulineauxFrance

Personalised recommendations