Abstract
Simple power analysis is a common technique to attack software implementations, especially in the realm of public-key cryptography. An effective countermeasure to protect an implementation is to ensure constant (worst-case) runtime. In this paper we show how to modify an algorithm by Kaliski to compute the Montgomery inverse such that it can compute both the classical and Montgomery modular inverse in constant time. We demonstrate the effectiveness by comparing it to the approach based on Fermat’s little theorem as used in the current simple power analysis resistant implementations in cryptography. Our implementation on the popular 32-bit ARM platform highlights the practical benefits of this algorithm.
References
Beagle Board: BeagleBoard-xM System Reference Manual (2013). http://beagleboard.org/static/BBxMSRM_latest.pdf
Bernstein, D.J.: Curve25519: New Diffie–Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) Public key cryptography—PKC 2006. Lecture notes in computer science, vol. 3958, pp. 207–228. Springer, Heidelberg (2006)
Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) Advances in Cryptology—CRYPTO 2001. Lecture Notes in Computer Science, vol. 2139, pp. 213–229. Springer, Berlin (2001)
Bos, J.W., Costello, C., Hisil, H., Lauter, K.: Fast cryptography in genus 2. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. Lecture notes in computer science, vol. 7881, pp. 194–210. Springer, Berlin (2013). doi:10.1007/978-3-642-38348-9_12
Bos, J.W., Costello, C., Hisil, H., Lauter, K.: High-performance scalar multiplication using 8-dimensional GLV/GLS decomposition. In: Bertoni, G., Coron, J.S. (eds.) Cryptographic hardware and embedded systems—CHES 2013. Lecture Notes in Computer Science, vol. 8086, pp. 331–348. Springer, Heidelberg (2013)
Bos, J.W., Costello, C., Longa, P., Naehrig, M.: Selecting elliptic curves for cryptography: an efficiency and security analysis. Cryptology ePrint Archive, Report 2014/130 (2014). http://eprint.iacr.org/
Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Cryptogr. 2(3), 212–228 (2012)
Brent, R.P.: Analysis of the binary Euclidean algorithm. In: Traub, J.F. (ed.) New Directions and Recent Results in Algorithms and Complexity, pp. 321–355. Academic Press, New York (1976)
Faz-Hernández, A., Longa, P., Sanchez, A.H.: Efficient and secure algorithms for GLV-based scalar multiplication and their implementation on GLV-GLS curves. In: Benaloh, J. (ed.) Topics in Cryptology—CT-RSA 2014. The Cryptographers’ Track at the RSA Conference 2014. Lecture Notes in Computer Science, vol. 8366, pp. 1–27. Springer, Berlin (2014)
Guyot, A.: OCAPI: architecture of a VLSI coprocessor for the GCD and the extended GCD of large numbers. In: IEEE Symposium on Computer Arithmetic, pp. 226–231. IEEE, New York (1991)
Joux, A.: A one round protocol for tripartite Diffie-Hellman. J. Cryptol. 17(4), 263–276 (2004)
Kaliski Jr, B.S.: The Montgomery inverse and its applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)
Knuth, D.E.: Seminumerical Algorithms. The Art of Computer Programming, 3rd edn. Addison-Wesley, Reading (1997)
Koblitz, N.: Elliptic curve cryptosystems. Math. Computat. 48(177), 203–209 (1987)
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Crypto 1996. Lecture Notes in Computer Science, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptol. 14(4), 255–293 (2001)
Longa, P., Sica, F.: Four-dimensional Gallant-Lambert-Vanstone scalar multiplication. In: Wang, X., Sako, K. (eds.) ASIACRYPT, Lecture Notes in Computer Science, vol. 7658, pp. 718–739. Springer, Berlin (2012)
Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) Crypto 1985. Lecture Notes in Computer Science, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
Montgomery, P.L.: Modular multiplication without trial division. Math. Computat. 44(170), 519–521 (1985)
Naccache, D., Smart, N.P., Stern, J.: Projective coordinates leak. In: Cachin, C., Camenisch, J. (eds.) EUROCRYPT. Lecture Notes in Computer Science, vol. 3027, pp. 257–267. Springer, Berlin (2004)
Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S. (eds.) Progress in Cryptology—LATINCRYPT 2010. Lecture Notes in Computer Science, vol. 6212, pp. 109–123. Springer, Berlin (2010)
Osvik, D.A., Shamir, A., Tromer, E.: Cache attacks and countermeasures: the case of AES. In: Pointcheval, D. (ed.) Topics in Cryptology—CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006. Lecture Notes in Computer Science, vol. 3860, pp. 1–20. Springer, Berlin (2006)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120–126 (1978)
Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pp. 135–148 (2000)
Savas, E., Koç, Ç.K.: The Montgomery modular inverse-revisited. IEEE Trans. Comput. 49(7), 763–766 (2000)
Scholz, A.: Aufgabe 253. Jahresbericht der deutschen Mathematiker-Vereingung 47, 41–42 (1937)
Stein, J.: Computational problems associated with Racah algebra. J. Comput. Phys. 1(3), 397–405 (1967)
Tromer, E., Osvik, D.A., Shamir, A.: Efficient cache attacks on AES, and countermeasures. J. Cryptol. 23(1), 37–71 (2010)
U.S. Department of Commerce/National Institute of Standards and Technology: Digital Signature Standard (DSS). FIPS-186-3 (2009). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
Walter, C.D.: Montgomery exponentiation needs no final subtractions. Electron. Lett. 35(21), 1831–1832 (1999)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Bos, J.W. Constant time modular inversion. J Cryptogr Eng 4, 275–281 (2014). https://doi.org/10.1007/s13389-014-0084-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-014-0084-8