Secure Elliptic Curve Exponentiation against RPA, ZRA, DPA, and SPA

Mamiya, Hideyo; Miyaji, Atsuko; Morimoto, Hiroaki

doi:10.1093/ietfec/e89-a.8.2207

Cited by 11 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Algorithm 5 has a very similar structure with the methods in [12]. Actually, the only difference between them lies in the usage of the Frobenius map in algorithm 5 instead of the point doubling map in [12].…”

Section: L-r Versionsmentioning

confidence: 99%

“…First, [12] proposed new random point blinding methods by using the simple observation that While their methods are directly applicable to Koblitz curves as well, this paper uses the specific properties of Koblitz curves to get more efficient power attack countermeasures. Second, [10] proposed several power attack countermeasures specifically applicable for Koblitz curve cryptosystems, which include the SPA countermeasures and the DPA countermeasures.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Random Point Blinding Methods for Koblitz Curve Cryptosystem

Baek¹

2010

ETRI J

View full text Add to dashboard Cite

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.

show abstract

Section: L-r Versionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Random Point Blinding Methods for Koblitz Curve Cryptosystem

Baek¹

2010

ETRI J

View full text Add to dashboard Cite

show abstract

“…The overhead of the proposed countermeasure is just 0.5nM for the η T pairing over F 3 n . This method is similar to the randomized linearly transformed coordinate (RLC) method for ECC [11,17] although RLC is a relatively slow countermeasure against SCAs. However, our method is a very efficient countermeasure for the η T pairing.…”

Section: Introductionmentioning

confidence: 99%

An Efficient Countermeasure against Side Channel Attacks for Pairing Computation

Shirase

Takagi

Okamoto

Information Security Practice and Experience

View full text Add to dashboard Cite

Abstract. Pairing-based cryptosystems have been widely researched, and several efficient hardware implementations of pairings have also been proposed. However, side channel attacks (SCAs) are serious attacks on hardware implementations. Whelan et al. pointed out that pairings except the η T pairing might not be vulnerable against SCAs by setting the secret point to the first parameter [25]. This paper deals with SCAs for the η T pairing over F 3 n . To our knowledge, the randomized-projectivecoordinate method has the smallest overhead among all countermeasures against SCAs for the η T pairing. The cost of that overhead is 3nM , where M is the cost of a multiplication in F 3 n . In this paper, we propose another countermeasure based on random value additions (xp + λ) and (y p + λ), where P = (x p , y p ) is the input point, and λ is a random value in F3n . The countermeasure using the random value addition was relatively slow in the case of the scalar multiplication of elliptic curve cryptosystems. However, in the case of the η T pairing, we can construct an efficient countermeasure due to the form of the function g P (x, y) = y 3 p y − (x 3 p + x − 1) 2 for a point P = (x p , y p ). The overhead of our proposed scheme is just 0.5nM , which is a reduction of more than 75% compared with the randomized-projective-coordinate method.

show abstract