Countermeasures for Preventing Comb Method Against SCA Attacks
Side Channel Attacks have become a serious threat for cryptographic applications on devices with small resources. Indeed, it turns out that the usual randomization techniques can not prevent the recent DPA attacks (RPA and ZPA). The implementation of elliptic curve cryptosystems (ECC) on such devices must combine an optimized use of space memory with a high level of security and efficiency. In this paper we present an efficient SCA-resistant algorithm based on the fixed-base comb method. We propose to modify the binary representation of the secret scalar in order to obtain a new sequence of non-zero bit-strings. This, combined with the use of Randomized Linearly-transformed coordinates (RLC), will prevent the SCA attacks on the comb method, including RPA and ZPA. Furthermore, our algorithm optimizes the size of the precomputed table; we only store 2 w − − 1 points instead of 2 w – 1 for the fixed-base comb method, without affecting in any way the computation time. We also present another countermeasure using a Randomized Initial Point (RIP) to protect the fixed-base comb method against SCA attacks including RPA and ZPA, with an optimized amount of computing time. The cost of this countermeasure does not exceed 2% of the total cost of the fixed-base comb method.
KeywordsElliptic curve comb method side channel attacks scalar multiplication pre-computed table memory space
Unable to display preview. Download preview PDF.
- [IIT04]Itoh, K., Izu, T., Takenaka, M.: Efficient countermeasures against power analysis for elliptic curve cryptosystems. In: Proceedings of CARDIS-WCC (2004)Google Scholar
- [JQ01]Joye, M., Quisquater, J.J.: Hessian elliptic curves and side-channel attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 412–420. Springer, Heidelberg (2001)Google Scholar
- [JT01]Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography: an algebraic approach. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 386–400. Springer, Heidelberg (2001)Google Scholar
- [KJJ99]Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- [Koc96]Kocher, P.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- [LL94]Lim, C., Lee, P.: More flexible exponentiation with precomputation. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 95–107. Springer, Heidelberg (1994)Google Scholar