Regular Ternary Algorithm for Scalar Multiplication on Elliptic Curves over Finite Fields of Characteristic Three

In this paper we propose an efficient and regular ternary algorithm for scalar multiplication on elliptic curves over finite fields of characteristic three. This method is based on full signed ternary expansion of a scalar to be multiplied. The cost per bit of this algorithm is lower than that of all previous ones

Algorithms and cryptographic protocols using elliptic curves

En els darrers anys, la criptografia amb corbes el.líptiques ha adquirit una importància creixent, fins a arribar a formar part en la actualitat de diferents estàndards industrials. Tot i que s'han dissenyat variants amb corbes el.líptiques de criptosistemes clàssics, com el RSA, el seu màxim interès rau en la seva aplicació en criptosistemes basats en el Problema del Logaritme Discret, com els de tipus ElGamal. En aquest cas, els criptosistemes el.líptics garanteixen la mateixa seguretat que els construïts sobre el grup multiplicatiu d'un cos finit primer, però amb longituds de clau molt menor. Mostrarem, doncs, les bones propietats d'aquests criptosistemes, així com els requeriments bàsics per a que una corba sigui criptogràficament útil, estretament relacionat amb la seva cardinalitat. Revisarem alguns mètodes que permetin descartar corbes no criptogràficament útils, així com altres que permetin obtenir corbes bones a partir d'una de donada. Finalment, descriurem algunes aplicacions, com són el seu ús en Targes Intel.ligents i sistemes RFID, per concloure amb alguns avenços recents en aquest camp.The relevance of elliptic curve cryptography has grown in recent years, and today represents a cornerstone in many industrial standards. Although elliptic curve variants of classical cryptosystems such as RSA exist, the full potential of elliptic curve cryptography is displayed in cryptosystems based on the Discrete Logarithm Problem, such as ElGamal. For these, elliptic curve cryptosystems guarantee the same security levels as their finite field analogues, with the additional advantage of using significantly smaller key sizes. In this report we show the positive properties of elliptic curve cryptosystems, and the requirements a curve must meet to be useful in this context, closely related to the number of points. We survey methods to discard cryptographically uninteresting curves as well as methods to obtain other useful curves from a given one. We then describe some real world applications such as Smart Cards and RFID systems and conclude with a snapshot of recent developments in the field

An Analysis of ZVP-Attack on ECC Cryptosystems

Elliptic curve cryptography (ECC) is an efficient public cryptosystem with a short key size. For this reason it is suitable for implementing on memory-constraint devices such as smart cards, mobile devices, etc. However, these devices leak information about their private key through side channels (power consumption, electromagnetic radiation, timing etc) during cryptographic processing. In this paper we have examined countermeasures against a specific class of side channel attacks (power analysis) called Zero-Value Point Attack (ZVP), using elliptic curve isomorphism and isogeny. We found that these methods are an efficient way of securing cryptographic devices using ECC against ZVP attack. Our main contribution is to extend the work of Akishita and Takagi [3,2] to binary fields. We also provide a more detail analysis of the ZVP attack over prime fields

Fast and Regular Algorithms for Scalar Multiplication over Elliptic Curves

Elliptic curve cryptosystems are more and more widespread in everyday-life applications. This trend should still gain momentum in coming years thanks to the exponential security enjoyed by these systems compared to the subexponential security of other systems such as RSA. For this reason, efficient elliptic curve arithmetic is still a hot topic for cryptographers. The core operation of elliptic curve cryptosystems is the scalar multiplication which multiplies some point on an elliptic curve by some (usually secret) scalar. When such an operation is implemented on an embedded system such as a smart card, it is subject to {\em side channel attacks}. To withstand such attacks, one must constrain the scalar multiplication algorithm to be {\em regular}, namely to have an operation flow independent of the input scalar. A large amount of work has been published that focus on efficient and regular scalar multiplication and the choice leading to the best performances in practice is not clear. In this paper, we look into this question for general-form elliptic curves over large prime fields and we complete the current state-of-the-art. One of the fastest low-memory algorithms in the current literature is the Montgomery ladder using co-$Z$ Jacobian arithmetic {\em with $X$ and $Y$ coordinates only}. We detail the regular implementation of this algorithm with various trade-offs and we introduce a new binary algorithm achieving comparable performances. For implementations that are less constrained in memory, windowing techniques and signed exponent recoding enable reaching better timings. We survey regular algorithms based on such techniques and we discuss their security with respect to side-channel attacks. On the whole, our work give a clear view of the currently best time-memory trade-offs for regular implementation of scalar multiplication over prime-field elliptic curves

Survey for Performance & Security Problems of Passive Side-channel Attacks Countermeasures in ECC

The main objective of the Internet of Things is to interconnect everything around us to obtain information which was unavailable to us before, thus enabling us to make better decisions. This interconnection of things involves security issues for any Internet of Things key technology. Here we focus on elliptic curve cryptography (ECC) for embedded devices, which offers a high degree of security, compared to other encryption mechanisms. However, ECC also has security issues, such as Side-Channel Attacks (SCA), which are a growing threat in the implementation of cryptographic devices. This paper analyze the state-of-the-art of several proposals of algorithmic countermeasures to prevent passive SCA on ECC defined over prime fields. This work evaluates the trade-offs between security and the performance of side-channel attack countermeasures for scalar multiplication algorithms without pre-computation, i.e. for variable base point. Although a number of results are required to study the state-of-the-art of side-channel attack in elliptic curve cryptosystems, the interest of this work is to present explicit solutions that may be used for the future implementation of security mechanisms suitable for embedded devices applied to Internet of Things. In addition security problems for the countermeasures are also analyzed

Zero-Value Point Attacks on Elliptic Curve Cryptosystem

The di#erential power analysis (DPA) might break the implementation of elliptic curve cryptosystem (ECC) on memory constraint devices. Goubin proposed a variant of DPA using the point (0, y), which is not randomized in Jacobian coordinates or in the isomorphic class. This point often exists in the standard curves, and we have to care this attack

Key Randomization Countermeasures to Power Analysis Attacks on Elliptic Curve Cryptosystems

It is essential to secure the implementation of cryptosystems in embedded devices agains side-channel attacks. Namely, in order to resist differential (DPA) attacks, randomization techniques should be employed to decorrelate the data processed by the device from secret key parts resulting in the value of this data. Among the countermeasures that appeared in the literature were those that resulted in a random representation of the key known as the binary signed digit representation (BSD). We have discovered some interesting properties related to the number of possible BSD representations for an integer and we have proposed a different randomization algorithm. We have also carried our study to the $\tau$-adic representation of integers which is employed in elliptic curve cryptosystems (ECCs) using Koblitz curves. We have then dealt with another randomization countermeasure which is based on randomly splitting the key. We have investigated the secure employment of this countermeasure in the context of ECCs