Relative doubling attack against montgomery ladder

Authors:
Sung-Ming Yen;Lee-Chun Ko;SangJae Moon;JaeCheol Ha
Affiliations:
Laboratory of Cryptography and Information Security (LCIS), Dept of Computer Science and Information Engineering, National Central University, Chung-Li, Taiwan, R.O.C;Laboratory of Cryptography and Information Security (LCIS), Dept of Computer Science and Information Engineering, National Central University, Chung-Li, Taiwan, R.O.C;School of Electronic and Electrical Engineering, Kyungpook National University, Taegu, Korea;Dept of Computer and Information, Korea Nazarene University, Choong Nam, Korea
Venue:
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Year:
2005

Citing 8
Cited 3

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A survey of fast exponentiation methods

Journal of Algorithms
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis

IEEE Transactions on Computers
A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack

ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems

Method for Detecting Vulnerability to Doubling Attacks

ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
An efficient CRT-RSA algorithm secure against power and fault attacks

Journal of Systems and Software
An updated survey on secure ECC implementations: attacks, countermeasures and cost

Cryptography and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Highly regular execution and the cleverly included redundant computation make the square-multiply-always exponentiation algorithm well known as a good countermeasure against the conventional simple power analysis (SPA). However, the doubling attack threatens the square-multiply-always exponentiation by fully exploiting the existence of such redundant computation. The Montgomery ladder is also recognized as a good countermeasure against the conventional SPA due to its highly regular execution. Most importantly, no redundant computation is introduced into the Montgomery ladder. In this paper, immunity of the Montgomery ladder against the doubling attack is investigated. One straightforward result is that the Montgomery ladder can be free from the original doubling attack. However, a non-trivial result obtained in this research is that a relative doubling attack proposed in this paper threatens the Montgomery ladder. The proposed relative doubling attack uses a totally different approach to derive the private key in which the relationship between two adjacent private key bits can be obtained as either di=di−−1 or $d_i \ne d_{i-1}$. Finally, a remark is given to the problem of whether the upward (right-to-left) regular exponentiation algorithm is necessary against the original doubling attack and the proposed relative doubling attack.