Journal of Cryptology
Algebraic aspects of cryptography
Algebraic aspects of cryptography
Elliptic curves in cryptography
Elliptic curves in cryptography
Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
Securing Elliptic Curve Point Multiplication against Side-Channel Attacks
ISC '01 Proceedings of the 4th International Conference on Information Security
Counting Points on Hyperelliptic Curves over Finite Fields
ANTS-IV Proceedings of the 4th International Symposium on Algorithmic Number Theory
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity
IEEE Transactions on Computers
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series)
Montgomery Ladder for All Genus 2 Curves in Characteristic 2
WAIFI '08 Proceedings of the 2nd international workshop on Arithmetic of Finite Fields
Hi-index | 0.00 |
Hyperelliptic curve cryptosystems (HECC) can be implemented on a variety of computing devices, starting from smart cards to high end workstations. Side-channel attacks are one of the most potential threats against low genus HECC. Thus efficient algorithms resistant against side channel attacks are the need of the hour. In the current work we provide implementation ready formulae for addition and doubling on curves of genus 2 which are shielded against simple side-channel analysis by having a uniform performance. This is achieved by applying the concept of side-channel atomicity – introducing cheap dummy operations to make all traces look identical. So far a detailed study of countermeasures against side-channel attacks exists only for differential attacks. There one assumes that the performance is made predictable by other means. But apart from the double-and-alway-add approach only generalizations of the Montgomery form were suggested and only for odd characteristic. They are less efficient and do not combine well with some of the countermeasures against differential attacks. Hence, our contribution closes the gap to achieve secured implementations of HECC on devices exposed to side-channel attacks. To increase the performance even further we show how our formulae can be implemented in parallel on two multipliers using a low number of registers. It is also possible to combine our method with precomputations.