Side-Channel Attacks in ECC: A General Technique for Varying the Parametrization of the Elliptic Curve
Side-channel attacks in elliptic curve cryptography occur with the unintentional leakage of information during processing. A critical operation is that of computing nP where n is a positive integer and P is a point on the elliptic curve E. Implementations of the binary algorithm may reveal whether P+Q is computed for \(P\ne Q\) or P=Q as the case may be. Several methods of dealing with this problem have been suggested. Here we describe a general technique for producing a large number of different representations of the points on E in characteristic p≥ 5, all having a uniform implementation of P+Q. The parametrization may be changed for each computation of nP at essentially no cost. It is applicable to all elliptic curves in characteristic p≥ 5, and thus may be used with all curves included in present and future standards for p≥ 5.