Abstract
It has recently been reported that the performance of hyperelliptic curve cryptosystems (HECC) is competitive to that of elliptic curve cryptosystems (ECC). However, it is expected that HECC still can be improved due to their mathematically rich structure. We consider here the application of degenerate divisors of HECC to scalar multiplication. We investigate the operations of the degenerate divisors in the Harley algorithm and the Cantor algorithm of genus 2. The timings of these operations are reported. We then present a novel efficient scalar multiplication method using the degenerate divisors. This method is applicable to cryptosystems with fixed base point, e.g., ElGamal-type encryption, sender of Diffie-Hellman, and DSA. Using a Xeon processor, we found that the double-and-add-always method using the degenerate base point can achieve about a 20% increase in speed for a 160-bit HECC. However, we mounted an timing attack using the time difference to designate the degenerate divisors. The attack assumes that the secret key is fixed and the base point can be freely chosen by the attacker. Therefore, the attack is applicable to ElGamal-type decryption and single-pass Diffie-Hellman – SSL using a hyperelliptic curve could be vulnerable to the proposed attack. Our experimental results show that one bit of the secret key for a 160-bit HECC can be recovered by calling the decryption oracle 500 times.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Akishita, T., Takagi, T.: Zero-Value Point Attacks on Elliptic Curve Cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)
Avanzi, R.: Countermeasures against Differential Power Analysis for Hyperelliptic Curve Cryptosystems. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 366–381. Springer, Heidelberg (2003)
Avanzi, R.: Aspects of Hyperelliptic Curves over Large Prime Fields in Software Implementations. Cryptology ePrint Archive, 2003/253, IACR (2003)
Cantor, D.: Computing in the Jacobian of a Hyperelliptic Curve. Mathematics of Computation 48, 95–101 (1987)
Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)
Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Dhem, J.F., Koeune, F., Leroux, P.A., Mestré, P., Quisquater, J.J., Willems, J.L.: A Practical Implementation of the Timing Attack. UCL Crypto Group Technical Report CG 1998/1 (1998)
GMP, GNU MP Library GMP, http://www.swox.com/gmp
Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystem. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2003)
Harley, R.: Adding.text (2000), http://cristal.inria.fr/~harley/hyper/
Harley, R.: Doubling.c (2000), http://cristal.inria.fr/~harley/hyper/
Hess, F., Seroussi, G., Smart, N.: Two Topics in Hyperelliptic Cryptography. CSTR-00-008, Depart. of Computer Science, University of Bristol (2000)
Izu, T., Takagi, T.: Exceptional Procedure Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 224–239. Springer, Heidelberg (2002)
Joye, M., Tymen, C.: Protection against Differential Analysis for Elliptic Curve Cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)
Katagi, M., Kitamura, I., Akishita, T., Takagi, T.: Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems using Degenerate Divisors. Cryptology ePrint Archive, IACR (2004), http://eprint.iacr.org/
Koblitz, N.: Hyperelliptic Cryptosystems. Journal of Cryptology 1, 139–150 (1989)
Kocher, C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Kuroki, J., Gonda, M., Matsuo, K., Chao, J., Tsujii, S.: Fast Genus Three Hyperelliptic Curve Cryptosystems. In: Proc. of SCIS 2002 (2002)
Lange, T.: Efficient Arithmetic on Genus 2 Hyperelliptic Curves over Finite Fields via Explicit Formulae. Cryptology ePrint Archive, 2002/121, IACR (2002)
Lange, T.: Inversion-Free Arithmetic on Genus 2 Hyperelliptic Curves. Cryptology ePrint Archive, 2002/147, IACR (2002)
Lange, T.: Weighed Coordinate on Genus 2 Hyperellipitc Curve. Cryptology ePrint Archive, 2002/153, IACR (2002)
Mumford, D.: Tata Lectures on Theta II. In: Progress in Mathematics 43, Birkhäuser, Basel (1984)
Matsuo, K., Chao, J., Tsuji, S.: Fast Genus Two Hyperelliptic Curve Cryptosystems. Technical Report ISEC2001-31, IEICE Japan, pp. 89–96 (2001)
Nagao, N.: Improving Group Law Algorithms for Jacobians of Hyperelliptic Curves. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 439–448. Springer, Heidelberg (2000)
NTL: A Library for Doing Number Theory, http://www.shoup.net/ntl
Pelzl, J.: Hyperelliptic Cryptosystems on Embedded Microprocessors. Diploma Thesis, Rühr-Universität Bochum (2002)
Pelzl, J., Wollinger, T., Guajardo, J., Paar, C.: Hyperelliptic Curve Cryptosystems: Closing the Performance Gap to Elliptic Curves. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 351–365. Springer, Heidelberg (2003)
Sugizaki, T., Matsuo, K., Chao, J., Tsujii, S.: An Extension of Harley Addition Algorithm for Hyperelliptic Curves over Finite Fields of Characteristic Two. Technical Report ISEC2002-9, IEICE Japan, pp. 49–56 (2002)
Schindler, W.: A Timing Attack against RSA with the Chinese Remainder Theorem. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000)
Schindler, W.: A Combined Timing and Power Attack. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 263–279. Springer, Heidelberg (2002)
Schindler, W., Koeune, F., Quisquater, J.-J.: Improving Divide and Conquer Attacks against Cryptosystems by Better Error Detection/Correction Strategies. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 245–267. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Katagi, M., Kitamura, I., Akishita, T., Takagi, T. (2005). Novel Efficient Implementations of Hyperelliptic Curve Cryptosystems Using Degenerate Divisors. In: Lim, C.H., Yung, M. (eds) Information Security Applications. WISA 2004. Lecture Notes in Computer Science, vol 3325. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31815-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-540-31815-6_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24015-0
Online ISBN: 978-3-540-31815-6
eBook Packages: Computer ScienceComputer Science (R0)