Low-Cost Countermeasure against RPA

  • Jean-Luc Danger
  • Sylvain Guilley
  • Philippe Hoogvorst
  • Cédric Murdica
  • David Naccache
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7771)


On smart-cards, Elliptic Curve Cryptosystems (ECC) can be vulnerable to Side Channel Attacks such as the Refined Power Analysis (RPA). This attack takes advantage of the apparition of special points of the form (0, y). In this paper, we propose a new countermeasure based on co-Z formulæ and an extension of the curve isomorphism countermeasure. It permits to transform the base point P = (x, y) into a base point P′ = (0, y′), which, with − P′, are the only points with a zero X-coordinate. In such case, the RPA cannot be applied. Moreover, the cost of this countermeasure is very low compared to other countermeasures against RPA.


Elliptic Curve Cryptosystem Co-Z formulæ Differential Power Analysis Refined Power Analysis 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Akishita, T., Takagi, T.: Zero-Value Point Attacks on Elliptic Curve Cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Akishita, T., Takagi, T.: On the Optimal Parameter Choice for Elliptic Curve Cryptosystems Using Isogeny. In: Bao, F., Deng, R., Zhou, J. (eds.) PKC 2004. LNCS, vol. 2947, pp. 346–359. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J., Lange, T.: Explicit-formulas database (2004),
  4. 4.
    Brier, E., Joye, M.: Fast Point Multiplication on Elliptic Curves through Isogenies. In: Fossorier, M.P.C., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 43–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Ciet, M., Joye, M.: (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  7. 7.
    Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–211. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Goundar, R.R., Joye, M., Miyaji, A.: Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves - (Extended Abstract). In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 65–79. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic. Journal of Cryptographic Engineering 1, 161–176 (2011)CrossRefGoogle Scholar
  10. 10.
    Hutter, M., Joye, M., Sierra, Y.: Memory-Constrained Implementations of Elliptic Curve Cryptography in Co-Z Coordinate Representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 170–187. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Itoh, K., Izu, T., Takenaka, M.: Efficient Countermeasures against Power Analysis for Elliptic Curve Cryptosystems. In: Proceedings of CARDIS 2004, pp. 99–114. Kluwer Academic Publishers (2004)Google Scholar
  12. 12.
    Izu, T., Takagi, T.: Exceptional Procedure Attackon Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Joye, M.: Smart-Card Implementation of Elliptic Curve Cryptography and DPA-type Attacks. In: Proceedings of CARDIS 2004, pp. 115–126. Kluwer Academic Publisher (2004)Google Scholar
  14. 14.
    Joye, M.: Highly Regular Right-to-Left Algorithms for Scalar Multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Joye, M., Tymen, C.: Protections against Differential Analysis for Elliptic Curve Cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Koblitz, N.: Elliptic Curve Cryptosystems. J. Mathematics of Computation 48, 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  19. 19.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  20. 20.
    Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 343–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  21. 21.
    Meloni, N.: New Point Addition Formulae for ECC Applications. In: Carlet, C., Sunar, B. (eds.) WAIFI 2007. LNCS, vol. 4547, pp. 189–201. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  22. 22.
    Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers (1993)Google Scholar
  23. 23.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  24. 24.
    Okeya, K., Sakurai, K.: Power Analysis Breaks Elliptic Curve Cryptosystems Even Secure against the Timing Attack. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 178–190. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  25. 25.
    Smart, N.P.: An Analysis of Goubin’s Refined Power Analysis Attack. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 281–290. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jean-Luc Danger
    • 1
    • 2
  • Sylvain Guilley
    • 1
    • 2
  • Philippe Hoogvorst
    • 2
  • Cédric Murdica
    • 1
    • 2
  • David Naccache
    • 3
  1. 1.Secure-IC S.A.S.RennesFrance
  2. 2.Département COMELEC, Institut TELECOMTELECOM ParisTech, CNRS LTCIParisFrance
  3. 3.Département d’informatiqueÉcole normale supérieureParis Cedex 05France

Personalised recommendations