(Virtually) Free Randomization Techniques for Elliptic Curve Cryptography

  • Mathieu Ciet
  • Marc Joye
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2836)

Abstract

Randomization techniques play an important role in the protection of cryptosystems against implementation attacks. This paper studies the case of elliptic curve cryptography and propose three novel randomization methods, for the elliptic curve point multiplication, which do not impact the overall performance.

Our first method, dedicated to elliptic curves over prime fields, combines the advantages of two previously known solutions: randomized projective coordinates and randomized isomorphisms. It is a generic point randomization and can be related to a certain multiplier randomization technique. Our second method introduces new elliptic curve models that are valid for all (non-supersingular) elliptic curves over binary fields. This allows to use randomized elliptic curve isomorphisms, which in turn allows to randomly compute on elliptic curves with affine coordinates. Our third method adapts a double ladder attributed to Shamir. We insist that all our randomization methods share the common feature to be free: the cost of our randomized implementations is virtually the same as the cost of the corresponding non-randomized implementations.

Keywords

Randomization elliptic curve cryptography implementation attacks side-channel analysis elliptic curve models point multiplication algorithms 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    IEEE Std 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, Los Alamitos (August 29, 2000)Google Scholar
  2. 2.
    SECG: Standard for Efficient Cryptography Group. SEC 1: Elliptic Curve Cryptography. Certicom Research, Version 1.0, September 20 (2000), Available at http://www.secg.org/secgdocs.htm
  3. 3.
    Blake, I., Seroussi, G., Smart, N.: Elliptic Curves in Cryptography. London Mathematical Society, vol. 265. Cambridge University Press, Cambridge (2000)Google Scholar
  4. 4.
    Clavier, C., Joye, M.: Universal exponentiaion algorithm. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 300–308. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  6. 6.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    De Win, E., Mister, S., Preneel, B., Wiener, M.: On the performance of signature schemes based on elliptic curves. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 252–266. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Gao, S., Lenstra Jr., H.W.: Optimal normal bases. Designs, Codes and Cryptography 2, 315–323 (1992)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 1–24. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Hitchcock, Y., Montague, P.: A new elliptic curve scalar multiplication algorithm to resist simple power analysis. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 214–225. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Itoh, K., Yajima, J., Takenaka, M., Torii, N.: DPA countermeasures by improving the window method. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 303–317. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography: An algebraic approach. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  15. 15.
    Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)Google Scholar
  16. 16.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  18. 18.
    Menezes, A.J.: Elliptic curve public key cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  19. 19.
    Morain, F., Olivos, J.: Speeding up the computations on an elliptic curve using addition-subtraction chains. Inform. Theor. Appl. 24, 531–543 (1990)MATHMathSciNetGoogle Scholar
  20. 20.
    Okeya, K., Miyazaki, K., Sakurai, K.: A fast scalar multiplication method with randomized projective coordinates on a Montgomery-form elliptic curve secure against side channel attacks. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 428–439. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  21. 21.
    Okeya, K., Sakurai, K.: Power analysis breaks elliptic curve cryptosystems even secure against the timing attack. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 178–190. Springer, Heidelberg (2000)Google Scholar
  22. 22.
    Schroeppel, R., Orman, H., O’Malley, S.W., Spatscheck, O.: Fast key exchange with elliptic curve systems. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 43–56. Springer, Heidelberg (1995)Google Scholar
  23. 23.
    Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)Google Scholar
  24. 24.
    Solinas, J.A.: Efficient arithmetic on Koblitz curves. Designs, Codes and Cryptography 19, 195–249 (2000)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Solinas, J.A.: Low-weight binary representations for pairs of integers. Technical Report CORR 2001-41, CACR, Waterloo (2001), Available at http://www.cacr.math.uwaterloo.ca/~techreports/2001/corr2001-41.ps

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Mathieu Ciet
    • 1
  • Marc Joye
    • 2
  1. 1.UCL Crypto GroupLouvain-la-NeuveBelgium
  2. 2.Gemplus, Card Security Group, La VigieLa Ciotat CedexFrance

Personalised recommendations