A survey of fast exponentiation methods
Journal of Algorithms
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Faster Point Multiplication on Elliptic Curves with Efficient Endomorphisms
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Improved Algorithm for Arithmetic on a Family of Elliptic Curves
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Securing Elliptic Curve Point Multiplication against Side-Channel Attacks
ISC '01 Proceedings of the 4th International Conference on Information Security
An Alternate Decomposition of an Integer for Faster Point Multiplication on Certain Elliptic Curves
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Preventing SPA/DPA in ECC Systems Using the Jacobi Form
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Hessian Elliptic Curves and Side-Channel Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Protections against Differential Analysis for Elliptic Curve Cryptography
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
New families of hyperelliptic curves with efficient gallant-lambert-vanstone method
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
A DPA countermeasure by randomized frobenius decomposition
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Hi-index | 0.00 |
In [2], Gallant, Lambert and Vanstone proposed a very efficient algorithmto compute Q = kP on elliptic curves having non-trivial efficiently computable endomorphisms. Cryptographic protocols are sensitive to implementations, indeed as shown in [6,7] information about the secret can be revealed analysing external leakage of the support, typically a smart card. Several software countermeasures have been proposed to protect the secret. However, speed computation is needed for practical use. In this paper, we propose a method to protect scalar multiplication on elliptic curves against Differential Analysis, that benefits fromthe speed of the Gallant, Lambert and Vanstone method. It can be viewed as a two-dimensional analogue of Coron's method [1] of randomising the exponent k. We propose two variants of this method (one linear and one affine), the second one slightly more effective, whereas the first one offers "two in one", combining point-blinding and exponent randomisation, which have hitherto been dealt separately. For instance, for at most a mere 37.5% (resp. 25%) computation speed loss on elliptic curves over fields with 160 (resp. 240) bits the computation of kP can take on 240 different consumption patterns.