This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems
October 2001 (vol. 50 no. 10)
pp. 1071-1083

Abstract—Because of their shorter key sizes, cryptosystems based on elliptic curves are being increasingly used in practical applications. A special class of elliptic curves, namely, Koblitz curves, offers an additional, but crucial, advantage of considerably reduced processing time. In this article, power analysis attacks are applied to cryptosystems that use scalar multiplication on Koblitz curves. Both the simple and the differential power analysis attacks are considered and a number of countermeasures are suggested. While the proposed countermeasures against the simple power analysis attacks rely on making the power consumption for the elliptic curve scalar multiplication independent of the secret key, those for the differential power analysis attacks depend on randomizing the secret key prior to each execution of the scalar multiplication. These countermeasures are computationally efficient and suitable for hardware implementation.

[1] E. Biham and A. Shamir, “Differential Cryptanalysis of DES-Like Cryptosystems,” J. Cryptology, vol. 4, pp. 3-72, 1991.
[2] E. Biham and A. Shamir,“Differential cryptanalysis of the full 16-round DES,” Advances in Cryptology: Proc. CRYPTO’92, pp. 487-496,Berlin, Springer-Verlag, 1993.
[3] E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” Advances in Cryptology—CRYPTO '97, pp. 513-525, 1997.
[4] N. Smart, I.F. Blake, and G. Seroussi, Elliptic Curves in Cryptography, Cambridge Univ. Press, Cambridge, UK, 1999.
[5] D. Boneh, R.A. Demillo, and R.J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” Proc. Advances in Cryptology (CRYPTO '97), pp. 37-51, 1997.
[6] Certicom Research, GEC2: Recommended Elliptic Curve Domain Parameters, Standards for Efficient Cryptography Group,http:/www.secg.org, Sept. 2000.
[7] S. Chari, J.R. Rao, C.S. Jutla, and P. Rohatgi, “Towards Sound Approaches to Counteract Power-Analysis Attacks,” Proc. Advances in Cryptology (CRYPTO '99), pp. 398-412, 1999.
[8] J.-S. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems,” Proc. Workshop Cryptographic Hardware and Embedded Systems, pp. 292-302, 1999.
[9] D.M. Gordon, “A Survey of Fast Exponentiation Methods” J. Algorithms, vol. 27, no. 1, pp. 129-146, Apr. 1998.
[10] M.A. Hasan, “Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystem,” Proc. Workshop Cryptographic Hardware and Embedded Systems, pp. 94-109, 2000.
[11] J. Kelsey, B. Schneider, D. Wagner, and C. Hall, “Side Channel Cryptanalysis of Product Ciphers,” J. Computer Security, pp. 141-158, 2000.
[12] T. Kobayashi, H. Morita, K. Kobayashi, and F. Hoshino, “Fast Elliptic Curve Algorithm Combining Frobenius Map and Table Reference to Adapt to Higher Characteristic,” Proc. Advances in Cryptology (EUROCRYPT '99), pp. 176-189, 1999.
[13] N. Koblitz, “CM-Curves with Good Cryptographic Properties,” Proc. Advances in Cryptology (CRYPTO '91), p. 279-287, 1992.
[14] N. Koblitz, “Elliptic Curve Cryptosystems,” Math. Computing, vol. 48, pp. 203-209, 1993.
[15] P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," N. Koblitz, ed., Advances in Cryptology (Crypto 96), Springer-Verlag LNCS 1109, pp. 104-113.
[16] P. Kocher, J. Jaffe, and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpatechnical , 1998.
[17] P.C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Advances in Cryptology—CRYPTO 1999, pp. 388-397, 1999.
[18] M. Matsui,“Linear cryptanalysis method for DES cipher,” Advances in Cryptology: Proc. EUROCRYPT’93, pp. 386-397,Berlin, Springer-Verlag, 1994.
[19] A.J. Menezes, Elliptic Curve Public Key Cryptosystems. Kluwer Academic, 1993.
[20] T. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigation of Power Analysis Attacks on Smartcards,” Proc. USENIX Workshop Electronic Commerce, pp. 151-161, 1999.
[21] T. Messerges, E.A. Dabbish, and R.H. Sloan, “Power Analysis Attacks on Modular Exponentiation in Smartcards,” Proc. Workshop Cryptographic Hardware and Embedded Systems, pp. 144-157, 1999.
[22] V.S. Miller, “Use of Elliptic Curves in Cryptography,” Proc. Advances in Cryptology (CRYPTO '85), pp. 417-426, 1986.
[23] R. Schroeppel, S. O'Malley, H. Orman, and O. Spatscheck, “A Fast Software Implementation for Arithmetic Operations in GF($2^n$),” Proc. Advances in Cryptology–CRYPTO '95, pp. 43-56, 1995.
[24] J.H. Silverman, The Arithmetic of Elliptic Curves, vol. 106.New York: Springer-Verlag, 1986.
[25] J. Solinas, “An Improved Algorithm for Arithmetic on a Family of Elliptic Curves,” Proc. Advances in Cryptology (CRYPTO '97), pp. 357-371, 1997.
[26] US Dept. of Commerce/NIST, Digital Signature Standards (DSS), Federal Information Processing Standards Publications,http://csrc.nist.govcryptval, Jan. 2000.
[27] H. Wu, Low Complexity Bit-Parallel Finite Field Arithmetic Using Polynomial Basis Cryptographic Hardware and Embedded Systems, Ç.K. Koçand C. Paar, eds., pp. 280-291, Berlin: Springer-Verlag, 1999.
[28] H. Wu, M.A. Hasan, and I.F. Blake, “Highly Regular Architectures for Finite Field Computation Using Redundant Basis,” Proc. Cryptographic Hardware and Embedded Systems, First Int'l Workshop (CHES '99), ÇK. Koçand C. Paar, eds., pp. 269-279, 1999.

Index Terms:
Cryptography, elliptic curve scalar multiplication, finite (or Galois) fields, Koblitz curves, number system, power analysis attacks.
Citation:
M.A. Hasan, "Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems," IEEE Transactions on Computers, vol. 50, no. 10, pp. 1071-1083, Oct. 2001, doi:10.1109/12.956092
Usage of this product signifies your acceptance of the Terms of Use.