SPA Resistant Left-to-Right Integer Recodings

  • Nicolas Thériault
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3897)


We present two left-to-right integer recodings which can be used to perform scalar multiplication with a fixed sequence of operations. These recodings make it possible to have a simple power analysis resistant implementation of a group-based cryptosystem without using unified formulas or introducing dummy operations. This approach is very useful for groups in which the doubling step are less expensive than the addition step, for example with hyperelliptic curves over binary fields or elliptic curves with mixed coordinates.


Elliptic Curf Scalar Multiplication Hyperelliptic Curve Side Channel Attack Binary Expansion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The em side-channel(s). In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Avanzi, R.M.: A note on the signed sliding window integer recoding and a leftto- right analogue. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 130–143. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Avanzi, R.M.: Side channel attacks on implementations of curve-based cryptographic primitives. Cryptology ePrint Archive, Report 2005/017 (2005), Available at:
  4. 4.
    Billet, O., Joye, M.: The jacobi model of an elliptic curve and side-channel analysis. In: Fossorier, M., Høholdt, T., Poli, A. (eds.) AAECC 2003. LNCS, vol. 2643, pp. 34–42. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Brier, É., Joye, M.: Weierstraß Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Brier, É., Joye, M., Déchène, I.: Unified point addition formulæfor elliptic curve cryptosystems. In: Nedjah, N., de Macedo Mourelle, L. (eds.) Embedded Cryptographic Hardware: Methodologies & Architectures. Nova Science Publishers (2004)Google Scholar
  7. 7.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation. In: Han, Y., Quing, S. (eds.) ICICS 1997. LNCS, vol. 1334, pp. 282–290. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  8. 8.
    Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  9. 9.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Guyot, C., Kaveh, K., Patankar, V.: Explicit algorithm for the arithmetic on the hyperelliptic jacobians of genus 3. J. Ramanujan Math. Soc. 19(2), 75–115 (2004)MathSciNetMATHGoogle Scholar
  11. 11.
    Joye, M., Quisquater, J.-J.: Hessian elliptic curves and side-channel attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Lange, T., Stevens, M.: Efficient doubling on genus two curves over binary fields. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 170–181. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC Systems Using the Jacobi Form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Lim, C.H.: A new method for securing elliptic scalar multiplication against side-channel attacks. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 289–300. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Möller, B.: Securing elliptic curve point multiplication against side-channel attacks. In: Davida, G.I., Frankel, Y. (eds.) ISC 2001. LNCS, vol. 2200, pp. 324–334. Springer, Heidelberg (2001), Extended version available at:
  18. 18.
    Muir, J., Stinson, D.: New minimal weight representations for left-to-right window methods. CACR Technical Report, CORR 2004-19 (2004), Available at:
  19. 19.
    Okeya, K., Schmidt-Samoa, K., Spahn, C., Takagi, T.: Signed binary representations revisited. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 123–139. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Okeya, K., Takagi, T.: The width-w NAF method provides small memory and fast elliptic scalar multiplications secure against side channel attacks. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 328–342. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Okeya, K., Takagi, T., Vuillaume, C.: On the exact flexibility of the flexible countermeasure against side channel attacks. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 466–477. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  22. 22.
    Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic curve cryptosystems: Closing the performance gap to elliptic curves. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 351–365. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    Pelzl, J., Wollinger, T., Paar, C.: Low cost security: Explicit formulae for genus- 4 hyperelliptic curves. In: Matsui, M., Zuccherato, R. (eds.) SAC 2003. LNCS, vol. 3006, pp. 1–16. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  24. 24.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over gf(p) and its cryptographic significance. IEEE Trans. Information Theory 24(1), 106–110 (1978)MathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Reitwiesner, G.W.: Binary arithmetic. In: Advances in computers, vol. 1, pp. 231–308. Academic Press, New York (1960)Google Scholar
  26. 26.
    Solinas, J.A.: An improved algorithm for arithmetic on a family of elliptic curves. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 357–371. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  27. 27.
    Walter, C.D.: Simple power analysis of unified code for ecc double and add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  28. 28.
    Yao, A.C.C.: On the evaluation of powers. SIAM J. Comput. 5(1), 100–103 (1976)MathSciNetCrossRefMATHGoogle Scholar
  29. 29.
    Yen, S.-M., Joye, M.: Checking before output may not be enough against faultbased cryptanalysis. IEEE Trans. on Computers 49(9), 967–970 (2000)CrossRefMATHGoogle Scholar
  30. 30.
    Yen, S.-M., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Nicolas Thériault
    • 1
  1. 1.Department of Combinatorics and OptimizationUniversity of WaterlooCanada

Personalised recommendations