T_SM: Elliptic Curve Scalar Multiplication Algorithm Secure Against Single-Trace Attacks

  • Bo-Yeon Sim
  • Kyu Young Choi
  • Dukjae Moon
  • Hyo Jin Yoon
  • Jihoon Cho
  • Dong-Guk HanEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11125)


At present, Elliptic Curve Digital Signature Algorithm (ECD-SA) is extensively used because its implementation can be achieved more efficiently with the same security level compared to RSA and Digital Signature Algorithm (DSA). In particular, blockchain and Fast IDentity Online (FIDO), which are attracting attention as key infrastructure technologies to lead the fourth industrial revolution, use ECDSA. However, scalar multiplication, which is the main operation of ECDSA, has been reported to be vulnerable to side-channel attacks that use only a single-trace. Notably, there is no perfectly secure countermeasure against Collision Attack (CA), which is the main form of attack using a single-trace. As the attacks become more and more sophisticated and powerful, such as CA, taking countermeasures against them is required. Thus, in this paper, we propose a new scalar multiplication algorithm called the T_SM method. It is secure against Simple Power Analysis (SPA) and Key Bit-dependent Attack (KBA). In particular, the T_SM method can fully cope with CA. To the best of our knowledge, the T_SM method is the first countermeasure against SPA, CA, and KBA. Although it requires memory for pre-computation tables, it has a computational advantage when we apply it to cryptosystems, such as ECDSA, which use ordinary scalar multiplication based on a fixed point P and random scalar k. The main operation consists of the smallest number of operations compared with existing scalar multiplication algorithms in which P is fixed.


ECC Scalar multiplication Side-channel attacks Single-trace attacks Countermeasures 



This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No.2017-0-00520, Development of SCR-Friendly Symmetric Key Cryptosystem and Its Application Modes).


  1. 1.
    Belgarric, P., Fouque, P.-A., Macario-Rat, G., Tibouchi, M.: Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In: CT-RSA 2016 (2016)Google Scholar
  2. 2.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010). Scholar
  3. 3.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999). Scholar
  4. 4.
    Diop, I., Liardet, P.Y., Maurine, P.: Collision based attacks in practice. In: DSD 2015, pp. 367–374 (2015)Google Scholar
  5. 5.
    Diop, I., Carbone, M., Ordas, S., Linge, Y., Liardet, P.Y., Maurine, P.: Collision for estimating SCA measurement quality and related applications. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 143–157. Springer, Cham (2016). Scholar
  6. 6.
    Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012). Scholar
  7. 7.
    Faz-Hernández, A., Longa, P., Sánchez, A.H.: Efficient and secure algorithms for GLV-Based scalar multiplication and their implementation on GLV-GLS curves. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 1–27. Springer, Cham (2014). Scholar
  8. 8.
    FIPS 186: Digital signature standard. In: Federal Information Processing Standards Publication 186, U.S. Department of commerce (1994)Google Scholar
  9. 9.
    Fouque, P.-A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003). Scholar
  10. 10.
    Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: ACM-CCS 2016 (2016). ISBN 978-1-4503-4139-4/16/10Google Scholar
  11. 11.
    Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2003). ISBN 0-387-95273-XCrossRefzbMATHGoogle Scholar
  12. 12.
    Hanley, N., Kim, H.S., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 431–448. Springer, Cham (2015). Scholar
  13. 13.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012). Scholar
  14. 14.
    Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 79–93. Springer, Cham (2014). Scholar
  15. 15.
    Homma, N., Miyamoto, A., Aoki, T., Satoh, A.: Comparative power analysis of modular exponentiation algorithms. IEEE Trans. Comput. 59(6), 795–807 (2010)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Järvinen, K., Balasch, J.: Single-trace side-channel attacks on scalar multiplications with precomputations. In: Lemke-Rust, K., Tunstall, M. (eds.) CARDIS 2016. LNCS, vol. 10146, pp. 137–155. Springer, Cham (2017). Scholar
  17. 17.
    Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). Scholar
  18. 18.
    Karame, G., Androulaki, E.: Bitcoin and Blockchain Security. Artech House, Norwood (2016)Google Scholar
  19. 19.
    Kenworthy, G., Rohatgi, P.: Mobile device security: the case for side channel resistance. In: Cryptography Research Inc. (2012)Google Scholar
  20. 20.
    Kim, H.-S., Kim, T.-H., Yoon, J.-C., Hong, S.-H.: Practical second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA. ETRI J. 32(1), 102–111 (2010)CrossRefGoogle Scholar
  21. 21.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). Scholar
  23. 23.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). Scholar
  24. 24.
    Lindemann, R.: FIDO ECDAA Algorithm. In: FIDO Alliance Implementation Draft 2 (2017).
  25. 25.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986). Scholar
  26. 26.
    Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001). Scholar
  27. 27.
    Okeya, K., Sakurai, K.: A second-order DPA attack breaks a window-method based countermeasure against side channel attacks. In: Chan, A.H., Gligor, V. (eds.) ISC 2002. LNCS, vol. 2433, pp. 389–401. Springer, Heidelberg (2002). Scholar
  28. 28.
    Okeya, K., Takagi, T.: The width-w NAF method provides small memory and fast elliptic scalar multiplications secure against side channel attacks. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 328–343. Springer, Heidelberg (2003). Scholar
  29. 29.
    Perin, G., Imbert, L., Torres, L., Maurine, P.: Attacking randomized exponentiations using unsupervised learning. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 144–160. Springer, Cham (2014). Scholar
  30. 30.
    Perin, G., Chmielewski, Ł.: A semi-parametric approach for side-channel attacks on protected RSA implementations. In: Homma, N., Medwed, M. (eds.) CARDIS 2015. LNCS, vol. 9514, pp. 34–53. Springer, Cham (2016). Scholar
  31. 31.
    van de Pol, J., Smart, N.P., Yarom, Y.: Just a little bit more. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 3–21. Springer, Cham (2015). Scholar
  32. 32.
    Rivest, R., Shamir, A., Adelman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefGoogle Scholar
  33. 33.
    Specht, R., Heyszl, J., Kleinsteuber, M., Sigl, G.: Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 3–19. Springer, Cham (2015). Scholar
  34. 34.
    Sugawara, T., Suzuki, D., Saeki, M.: Internal collision attack on RSA under closed EM measurement. In: SCIS 2014 (2014)Google Scholar
  35. 35.
    Sugawara, T., Suzuki, D., Saeki, M.: Two operands of multipliers in side-channel attack. In: Mangard, S., Poschmann, A.Y. (eds.) COSADE 2014. LNCS, vol. 9064, pp. 64–78. Springer, Cham (2015). Scholar
  36. 36.
    Sim, B.-Y., Han, D.-G.: Key bit-dependent attack on protected PKC using a single trace. In: Liu, J.K., Samarati, P. (eds.) ISPEC 2017. LNCS, vol. 10701, pp. 168–185. Springer, Cham (2017). Scholar
  37. 37.
    Walter, C.D.: Sliding windows succumbs to big Mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001). Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Bo-Yeon Sim
    • 1
  • Kyu Young Choi
    • 2
  • Dukjae Moon
    • 2
  • Hyo Jin Yoon
    • 2
  • Jihoon Cho
    • 2
  • Dong-Guk Han
    • 1
    Email author
  1. 1.Department of MathematicsKookmin UniversitySeoulSouth Korea
  2. 2.Security Research Team, Samsung SDS, Inc.SeoulSouth Korea

Personalised recommendations