Coordinate Blinding over Large Prime Fields

  • Michael Tunstall
  • Marc Joye
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6225)

Abstract

In this paper we propose a multiplicative blinding scheme for protecting implementations of a scalar multiplication over elliptic curves. Specifically, this blinding method applies to elliptic curves in the short Weierstraß form over large prime fields. The described countermeasure is shown to be a generalization of the use of random curve isomorphisms to prevent side-channel analysis, and our best configuration of this countermeasure is shown to be equivalent to the use of random curve isomorphisms. Furthermore, we describe how this countermeasure, and therefore random curve isomorphisms, can be efficiently implemented using Montgomery multiplication.

Keywords

Elliptic curve cryptography side-channel analysis countermeasures 

References

  1. 1.
    Akishita, T., Takagi, T.: Zero-value point attacks on elliptic curve cryptosystems. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Akishita, T., Takagi, T.: On the optimal parameter choice for elliptic curve cryptosystems using isogeny. In: Bao, F., Deng, R.H., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 346–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Akkar, M.-L., Giraud, C.: An implementation of DES and AES secure against some attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 309–318. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Bernstein, D.J.: A software implementation of NIST P-224 (2001), http://cr.yp.to/nistp224.html
  5. 5.
    Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Brier, E., Joye, M.: Weierstraß elliptic curve and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)CrossRefGoogle Scholar
  9. 9.
    Clavier, C., Joye, M.: Universal exponentiation algorithm. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 300–308. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  11. 11.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Goubin, L.: A refined power analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Hachez, G., Quisquater, J.-J.: Montgomery exponentiation with no final subtractions: Improved results. In: Koç, C.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 293–301. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Itoh, K., Izu, T., Takenaka, M.: Efficient countermeasures against power analysis for elliptic curve cryptosystems. In: Quisquater, J.-J., et al. (eds.) Smart Card Research and Advanced Applications VI, pp. 99–113. Kluwer Academic Publishers, Dordrecht (2004)CrossRefGoogle Scholar
  16. 16.
    Joye, M., Tunstall, M.: Exponent recoding and regular exponentiation algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography: An algebraic approach. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  19. 19.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  20. 20.
    Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks — Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)MATHGoogle Scholar
  21. 21.
    Montgomery, P.: Modular multiplication without trial division. Mathematics of Computation 44, 519–521 (1985)MATHMathSciNetGoogle Scholar
  22. 22.
    National Institute of Standards and Technology (NIST). Recommended elliptic curves for federal government use. In: The appendix of FIPS 186-3 (June 2009), http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
  23. 23.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, I., Jensen, T.P. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Rivest, R., Shamir, A., Adleman, L.M.: Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Smart, N., Oswald, E., Page, D.: Randomised representations. IET Proceedings on Information Security 2(2), 19–27 (2008)CrossRefGoogle Scholar
  26. 26.
    Smart, N.P.: An analysis of Goubin’s refined power analysis attack. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 281–290. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  27. 27.
    Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electronic Letters 35(21), 1831–1832 (1999)CrossRefGoogle Scholar
  28. 28.
    Walter, C.D.: Longer keys may facilitate side channel attacks. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 42–57. Springer, Heidelberg (2004)Google Scholar
  29. 29.
    Walter, C.D.: Simple power analysis of unified code for ECC double and add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Walter, C.D., Thompson, S.: Distinguishing exponent digits by observing modular subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  31. 31.
    De Win, E., Mister, S., Preneel, B., Wiener, M.: On the performance of signature schemes based on elliptic curves. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 252–266. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  32. 32.
    Wireless Application Protocol (WAP) Forum. Wireless transport layer security (WTLS) specification, http://www.wapforum.org
  33. 33.
    ANSI X9.62. Public key cryptography for the financial services industry, the elliptic curve digital signature algorithm, ECDSA (1999)Google Scholar
  34. 34.
    Yen, S.-M., Joye, M.: Checking before output not be enough against fault based cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Michael Tunstall
    • 1
  • Marc Joye
    • 2
  1. 1.Department of Computer ScienceUniversity of BristolBristolUnited Kingdom
  2. 2.Technicolor, Security & Content Protection LabsCesson-Sévigné CedexFrance

Personalised recommendations