Efficient Representations on Koblitz Curves with Resistance to Side Channel Attacks

Okeya, Katsuyuki; Takagi, Tsuyoshi; Vuillaume, Camille

doi:10.1007/11506157_19

Cited by 16 publications

(26 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These include, e.g., regular w-NAF and m-ary methods [20,34,40,45,51], regular width-w τ -adic NAF method for Koblitz curves [46], the regular signed-digit comb methods [21,30], and scalar multiplications on curves with fast endomorphisms that use multiscalar multiplications with precomputations (e.g., GLV [24] and GLS [23] methods and, in particular, the recent regular algorithm [19]). Some of these methods have been recently utilized in lightweight ECC implementations to achieve protection against single-trace attacks: e.g., [30] was used in [47], [46] in [48], and [19] in [14]. All deterministic countermeasures inside Ψ such as atomicity of point addition and point doubling, unified addition formulae, etc., do not work against the attack and are, thus, also in the list of vulnerable methods when used in a scalar multiplication algorithm that utilizes precomputations in the above sense.…”

Section: Preliminariesmentioning

confidence: 99%

“…Nevertheless, direct use of, e.g., w-NAF still leaks a lot of information about the scalar and cannot be considered side-channel secure. Fully regular patterns of operations can be achieved with atomic scalar multiplication algorithms with precomputations which typically combine side-channel security with efficiency (see, e.g., [19,30,45,46]). Such algorithms have been recently used for side-channel protected lightweight hardware implementations, e.g., in [47,48] as well as fast software, e.g., in [14].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Järvinen

Balasch

2017

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. Single-trace side-channel attacks are a serious threat to elliptic curve cryptography in practice because they can break also cryptosystems where scalars are nonces (e.g., ECDSA). Previously it was believed that single-trace attacks can be avoided by using scalar multiplication algorithms with regular patterns of operations but recently we have learned that they can be broken with correlation tests to decide whether different operations share common operands. In this work, we extend these attacks to scalar multiplication algorithms with precomputations. We show that many algorithms are vulnerable to our attack which correlates measurements with precomputed values. We also show that successful attacks are possible even without knowledge of precomputed values by using clustering instead of correlations. We provide extensive evidence for the feasibility of the attacks with simulations and experiments with an 8-bit AVR. Finally, we discuss the effectiveness of certain countermeasures against our attacks.

show abstract

Section: Preliminariesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Järvinen

Balasch

2017

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

show abstract

“…Finally, applied to the countermeasures in [14], the N-1 attack can work only if the randomization factor doesn't vary during the computation, which is not the case for the new countermeasures.…”

Section: [0]mentioning

confidence: 99%

“…Some of these remarkable techniques include the simple power analysis attack (SPA) and the differential power analysis attack (DPA) [9], which are suitably applicable to ECC realizations. Fortunately, many researchers proposed elegant countermeasures against these power attacks [9], [10]- [14], and we briefly review some of those which are related to our proposals.…”

Section: Introductionmentioning

confidence: 99%

Random Point Blinding Methods for Koblitz Curve Cryptosystem

Baek¹

2010

ETRI J

View full text Add to dashboard Cite

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.

show abstract

“…The first step in improving precomputations is to utilize the fact that the same inversion is computed in both P 1 + P 2 and P 1 − P 2 computations. The same fact has been previously used at least in [20] but it is shown in the following that it is also possible to save some additions.…”

Section: Precomputationmentioning

confidence: 84%

FPGA Design of Self-certified Signature Verification on Koblitz Curves

Järvinen¹,

Forsten²,

Skyttä³

Cryptographic Hardware and Embedded Systems - CHES 2007

View full text Add to dashboard Cite

Abstract. Elliptic curve signature schemes offer shorter signatures compared to other methods and a family of curves called Koblitz curves can be used for reducing the cost of signing and verification. This paper presents an FPGA implementation designed specifically for rapid verification of self-certified identity based signatures using Koblitz curves. Verification requires computation of three elliptic curve point multiplications which are computed efficiently with 3-term multiple point multiplication and joint sparse form. Certain improvements to precomputations associated with multiple point multiplications are introduced. It is shown that, when using parallel processors, it is possible to gain considerable increases in the number of operations per second by allowing slightly longer computation times for single operations. It is demonstrated that up to 166,000 verifications per second can be computed using a single Altera Stratix II FPGA.

show abstract

Efficient Representations on Koblitz Curves with Resistance to Side Channel Attacks

Cited by 16 publications

References 15 publications

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Random Point Blinding Methods for Koblitz Curve Cryptosystem

FPGA Design of Self-certified Signature Verification on Koblitz Curves

Contact Info

Product

Resources

About