For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
Secure Elliptic Curve Exponentiation against RPA, ZRA, DPA, and SPA
Hideyo MAMIYA Atsuko MIYAJI Hiroaki MORIMOTO
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Publication Date: 2006/08/01
Online ISSN: 1745-1337
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Information Security
elliptic curve exponentiation, ZPA, RPA, DPA, SPA,
Full Text: PDF(228.5KB)>>
In the execution on a smart card, side channel attacks such as the simple power analysis (SPA) and the differential power analysis (DPA) have become serious threat. Side channel attacks monitor the side channel information such as power consumption and even exploit the leakage information related to power consumption to reveal bits of a secret key d although d is hidden inside a smart card. Almost public key cryptosystems including RSA, DLP-based cryptosystems, and elliptic curve cryptosystems execute an exponentiation algorithm with a secret-key exponent, and they thus suffer from both SPA and DPA. In the case of elliptic curve cryptosystems, DPA is improved to the refined power analysis (RPA), which exploits a special point with a zero value and reveals a secret key. RPA is further generalized to zero-value register attack (ZRA). Both RPA and ZRA utilize a special feature of elliptic curves that happens to have a special point or a register used in addition and doubling formulae with a zero value and that the power consumption of 0 is distinguishable from that of a non-zero element. To make the matters worse, some previous efficient countermeasures to DPA are neither resistant to RPA nor ZRA. This paper focuses on elegant countermeasures of elliptic curve exponentiations against RPA, ZRA, DPA and SPA. Our novel countermeasure is easily generalized to be more efficient algorithm with a pre-computed table.