Abstract
As Elliptic Curve Cryptosystems are becoming more and more popular and are included in many standards, an increasing demand has appeared for secure implementations that are not vulnerable to sidechannel attacks. To achieve this goal, several generic countermeasures against Power Analysis have been proposed in recent years.
In particular, to protect the basic scalar multiplication – on an elliptic curve — against Differential Power Analysis (DPA), it has often been recommended using “random projective coordinates”, “random elliptic curve isomorphisms” or “random field isomorphisms”. So far, these countermeasures have been considered by many authors as a cheap and secure way of avoiding the DPA attacks on the “scalar multiplication” primitive. However we show in the present paper that, for many elliptic curves, such a DPA-protection of the “scalar” multiplication is not suficient. In a chosen message scenario, a Power Analysis attack is still possible even if one of the three aforementioned countermeasures is used. We expose a new Power Analysis strategy that can be successful for a large class of elliptic curves, including most of the sample curves recommended by standard bodies such as ANSI, IEEE, ISO, NIST, SECG or WTLS.
This result means that the problem of randomizing the basepoint may be more difficult than expected and that “standard” techniques have still to be improved, which may also have an impact on the performances of the implementations.
Chapter PDF
Similar content being viewed by others
Keywords
References
G.B. Agnew, R.C. Mullin, S.A. Vanstone, An Implementation of Elliptic Curve Cryptosystems over F 2155. IEEE Journal on Selected Areas in Communications, vol. 11, n. 5, pp 804–813, 1993. 200, 204
ANSI X9.62, Public Key Cryptography for the Financial Services Industry, The Elliptic Curve Digital Signature Algorithm (ECDSA), 1999. 201, 208
A. Bellezza, Countermeasures against Side-Channel Attacks for Elliptic Curve Cryptosystems. IACR, Cryptology ePrint Archive, 2001/103, 2001. Available from http://eprint.iacr.org/2001/103/ 200, 201
E. Brier, M. Joye, WeierstraßElliptic Curves and Side-Channel Attacks. In Proceedings of PKC’2002, LNCS 2274, pp. 335–345, Springer-Verlag, 2002. 200, 201, 204
C. Clavier, M. Joye, Universal Exponentiation Algorithm–A First Step towards Provable SPA-Resistance. In Proceedings of CHES’2001, LNCS 2162, pp. 300–308, Springer-Verlag, 2001. 200
H. Cohen, A. Miyaji, T. Ono, Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In Proceedings of ASIACRYPT’98, LNCS 1514, pp. 51–65, Springer-Verlag, 1998. 201
J.-S. Coron, Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems. In Proceedings of CHES’99, LNCS 1717, pp. 292–302, Springer-Verlag, 1999. 200, 201, 203
W. Fischer, C. Giraud, E.W. Knudsen, J.-P. Seifert, Parallel Scalar Multiplication on General Elliptic Curves over F p hedged against Non-Differential Side-Channel Attacks. IACR, Cryptology ePrint Archive, 2002/007, 2002. Available from http://eprint.iacr.org/2002/007/ 200, 204
M.A. Hasan, Power analysis attacks and algorithmic approaches to their countermeasures for Koblitz curve cryptosystems. In Proceedings of CHES’2000, LNCS 1965, pp. 93–108, Springer-Verlag, 2000. 200
IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from http://groupe.ieee.org/groups/1363/ 201
ISO/IEC 15946-4, Information technology-Security techniques–Cryptographic techniques based on elliptic curves-Part 4: Digital signatures giving message recovery. Working Draft, JTC 1/SC 27, December 28th, 2001. 201, 208
T. Izu, T. Takagi, A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks. In Proceedings of PKC’2002, LNCS 2274, pp. 280–296, Springer-Verlag, 2002. 200, 201, 203, 204
M. Joye, J.-J. Quisquater, Hessian Elliptic Curves and Side-Channel Attacks. In Proceedings of CHES’2001, LNCS 2162, pp. 412–420, Springer-Verlag, 2001. 200, 202
M. Joye, C. Tymen, Protections against Differential Analysis for Elliptic Curve Cryptography–An Algebraic Approach. In Proceedings of CHES’2001, LNCS 2162, pp. 377–390, Springer-Verlag, 2001. 200, 201
N. Koblitz, Elliptic curve cryptosystems. Mathematics of Computation, Vol. 48, pp. 203–209, 1987. 199
P. Kocher, J. Jaffe, B. Jun, Introduction to Differential Power Analysis and Related Attacks. Technical Report, Cryptography Research Inc., 1998. Available from http://www.cryptography.com/dpa/technical/index.html 200
P. Kocher, J. Jaffe, B. Jun, Differential Power Analysis. In Proceedings of CRYPTO’99, LNCS 1666, pp. 388–397, Springer-Verlag, 1999. 200
P.-Y. Liardet, N.P. Smart, Preventing SPA/DPA in ECC system using the Jacobi Form. In Proceedings of CHES’2001, LNCS 2162, pp. 401–411, Springer-Verlag, 2001. 200
J. López, R. Dahab, Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation. In Proceedings of CHES’99, LNCS 1717, pp. 316–327, Springer-Verlag, 1999. 200, 204
T. S. Messerges, E.A. Dabbish, R.H. Sloan, Power Analysis Attacks of Modular Exponentiation in Smartcards. In Proceedings of CHES’99, pp. 144–157, Springer-Verlag, 1999. 200
V. Miller, Uses of elliptic curves in cryptography. In Proceedings of CRYPTO’85, LNCS 218, pp. 417–426, Springer-Verlag, 1986. 199
B. Möller, Securing Elliptic Curve Point Multiplication against Side-Channel Attacks. In Proceedings of ISC’2001, LNCS 2200, pp. 324–334, Springer-Verlag, 2001. 200, 204
P. L. Montgomery, Speeding the Pollard and Elliptic Curve Methods for Factorizations. Mathematics of Computation, vol. 48, pp. 243–264, 1987. 200, 202, 204
National Institute of Standards and Technology (NIST), Recommended Elliptic Curves for Federal Government Use. In the appendix of FIPS 186-2, available from http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf 201, 208
K. Okeya, H. Kurumatani, K. Sakurai, Elliptic Curve with the Montgomery Form and their cryptographic Applications. In Proceedings of PKC’2000, LNCS 1751, pp. 238–257, Springer-Verlag, 2000. 200, 204
K. Okeya, K. Miyazaki, K. Sakurai, A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks. In Pre-proceedings of ICICS’2001, pp. 475–486, 2001. 201
K. Okeya, K. Sakurai, Power Analysis Breaks Elliptic Curve Cryptosystem even Secure against the Timing Attack. In Proceedings of INDOCRYPT’2000, LNCS 1977, pp. 178–190, Springer-Verlag, 2000. 200, 202, 204
K. Okeya, K. Sakurai, Effcient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-coordinate on a Montgomery-form Elliptic Curve. In Proceedings of CHES’2001, LNCS 2162, pp. 126–141, Springer-Verlag, 2001. 200, 204
N.P. Smart, The Hessian Form of an Elliptic Curve. In Proceedings of CHES’2001, LNCS 2162, pp. 118–125, Springer-Verlag, 2001. 200, 202
Standards for Efficient Cryptography Group (SECG), Specification of Standards for Efficient Cryptography, Ver. 1.0, 2000. Available from http://www.secg.org/secg docs.htm 201, 208
Wireless Application Protocol (WAP) Forum, Wireless Transport Layer Security (WTLS) Specification. Available from http://www.wapforum.org 201, 208
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Goubin, L. (2003). A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (eds) Public Key Cryptography — PKC 2003. PKC 2003. Lecture Notes in Computer Science, vol 2567. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36288-6_15
Download citation
DOI: https://doi.org/10.1007/3-540-36288-6_15
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00324-3
Online ISBN: 978-3-540-36288-3
eBook Packages: Springer Book Archive