Issue No. 03 - March (2018 vol. 67)
ISSN: 0018-9340
pp: 418-431
Eleonora Guerrini , LIRMM, CNRS, Université de Montpellier, Montpellier, France
Laurent Imbert , LIRMM, CNRS, Université de Montpellier, Montpellier, France
Theo Winterhalter , ENS Cachan, Université Paris-Saclay, Saint-Aubin, France
ABSTRACT
A set of congruence relations is a $\mathbb {Z}$ -covering if each integer belongs to at least one congruence class from that set. In this paper, we first show that most existing scalar multiplication algorithms can be formulated in terms of covering systems of congruences. Then, using a special form of covering systems called exact $n$ -covers, we present a novel uniformly randomized scalar multiplication algorithm with built-in protections against most passive side-channel attacks. Our algorithm randomizes the addition chain using a mixed-radix representation of the scalar. Its reduced overhead and purposeful robustness could make it a sound replacement to several conventional countermeasures. In particular, it is significantly faster than Coron's scalar blinding technique for elliptic curves when the choice of a particular finite field tailored for speed compels to double the size of the scalar, hence the cost of the scalar multiplication.
INDEX TERMS
Elliptic curves, Side-channel attacks, Algorithm design and analysis, Robustness, Correlation, Hidden Markov models
CITATION

E. Guerrini, L. Imbert and T. Winterhalter, "Randomized Mixed-Radix Scalar Multiplication," in IEEE Transactions on Computers, vol. 67, no. 3, pp. 418-431, 2018.
doi:10.1109/TC.2017.2750677