Abstract
Highly regular execution and the cleverly included redundant computation make the square-multiply-always exponentiation algorithm well known as a good countermeasure against the conventional simple power analysis (SPA). However, the doubling attack threatens the square-multiply-always exponentiation by fully exploiting the existence of such redundant computation. The Montgomery ladder is also recognized as a good countermeasure against the conventional SPA due to its highly regular execution. Most importantly, no redundant computation is introduced into the Montgomery ladder. In this paper, immunity of the Montgomery ladder against the doubling attack is investigated. One straightforward result is that the Montgomery ladder can be free from the original doubling attack. However, a non-trivial result obtained in this research is that a relative doubling attack proposed in this paper threatens the Montgomery ladder. The proposed relative doubling attack uses a totally different approach to derive the private key in which the relationship between two adjacent private key bits can be obtained as either d i =d i − − 1 or \(d_i \ne d_{i-1}\). Finally, a remark is given to the problem of whether the upward (right-to-left) regular exponentiation algorithm is necessary against the original doubling attack and the proposed relative doubling attack.
This work was supported by University IT Research Center Project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystem. Commun. of ACM 21(2), 120–126 (1978)
Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theory 31(4), 469–472 (1985)
Miller, V.: Uses of elliptic curve in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Fouque, P.-A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)
Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Yen, S.M., Joye, M.: Checking Before Output May Not be Enough against Fault-Based Cryptanalysis. IEEE Trans. on Computers 49(9), 967–970 (2000)
Yen, S.M., Kim, S.J., Lim, S.G., Moon, S.J.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002)
Gordon, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27, 129–146 (1998)
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)
Yen, S.M., Laih, C.S.: Fast algorithms for LUC digital signature computation. IEE Proc. Computers and Digital Techniques 142(2), 165–169 (1995)
Schramm, K., Wollinger, T., Paar, C.: A new class of collision attacks and its application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)
PKCS #1 v2.1, RSA Cryptography Standard (January 5, 2001), http://www.rsasecurity.com/rsalabs/pkcs/
Bellare, M., Rogaway, P.: Optimal asymmetric encryption padding – How to encrypt with RSA. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Yen, S.M., Lu, C.C., Tseng, S.Y.: Method for protecting public key schemes from timing, power and fault attacks. U.S. Patent Number US2004/0125950 A1 (July 2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yen, SM., Ko, LC., Moon, S., Ha, J. (2006). Relative Doubling Attack Against Montgomery Ladder. In: Won, D.H., Kim, S. (eds) Information Security and Cryptology - ICISC 2005. ICISC 2005. Lecture Notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734727_11
Download citation
DOI: https://doi.org/10.1007/11734727_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33354-8
Online ISBN: 978-3-540-33355-5
eBook Packages: Computer ScienceComputer Science (R0)