Duo Liu,Zhiyong Tan,Yiqi Dai

DOI: https://doi.org/10.1007/978-3-642-01440-6_20

2008-01-01

Abstract:The Simple Power Analysis (SPA) attack against an elliptic curve cryptosystem distinguishes between point doubling and point addition in a single execution of scalar multiplication. Although many SPA-resistant scalar multiplication algorithms have been proposed, few countermeasures for multi-scalar multiplications are known. In this paper, we propose a new SPA-resistant multi-scalar multiplication for a pair of integers combing the Joint Sparse Form (JSF) representation technique for pair of integers, point randomization, and uniform operation sequence. The new method requires about 8.5% less multiplications in the field compared to the known countermeasures.

Yier Jin,Haibin Shen

DOI: https://doi.org/10.1109/icsict.2006.306633

2006-01-01

Abstract:A new unbalanced exponent modular reduction over GF(2m) is proposed. The algorithm can achieve high efficiency when computing on a certain class of fields generated by f(x) = xm + T(x) where deg[T(x)] Lt C m. The algorithm is applied in modular multiplication on the basis of scalable polynomial basis(SPB) to form scalable modular multiplication. Most of irreducible polynomials used in elliptic curve cryptography(ECC) fulfil the characteristic mentioned above well. So the scalable algorithm is implemented in ECC computation with high flexibility and efficiency both in theoretic calculation and application

Huafeng CHEN,Haibin SHEN,Xiaolang YAN

2008-01-01

Abstract:The design-for-testability structure based on scan-chain often compromises the security of crypto chips.A method to attack certain hardware implementation of elliptic curve cryptography was presented.And an easy but effective secure scan method against the attack was proposed,which would not compromise the security of the chip,while maintaining high fault coverage.By controlling operational mode of the chip,the disability mechanism of scan enable signal was applied.The scan function was disabled when there existed security information in the chip.It solved the problem of secure information disclosure caused by scan chain design.

Hai-bin SHEN,Hua-feng CHEN,Xiao-lang YAN

DOI: https://doi.org/10.3785/j.issn.1008-973X.2006.09.004

2006-01-01

Abstract:To accelerate point multiplication operation of elliptic curve cryptography (ECC), a fast reduction algorithm for modular operation was introduced. The algorithm applied the characteristic of the small second item's degree of irreducible polynomial in characteristic 2 finite field. Based on the algorithm and projective Montgomery point multiplication algorithm, a configurable ECC accelerator using very large scale integrated circuit technology was proposed. Scalable field design and unique pipeline technique was adapted in the accelerator. Simulation results show that the accelerator designed by the algorithm can rapidly complete ECC point multiplication operation. When 162 bits key and 192 bits key are selected, the point multiplication operation takes 0.22 ms and 0.43 ms respectively. The accelerator has simple interface and good flexibility, and provides a method for hardware implementation of public key cryptography algorithm.

Haibin Shen,Yier Jin,Rongquan You

DOI: https://doi.org/10.1109/ICICIC.2006.180

2006-01-01

Abstract:Modular reduction is the basic operation of cryptographic systems. The Barrett's algorithm and Montgomery's algorithm are widely used nowadays and they are both based on pre-computation. In the field of elliptic curve cryptosystem (ECC) over GF(2m), the reduction polynomials recommended by SEC have few items and the degree of second item is much less than that of the first one. Making use of this characteristic, the paper presents a new method to accelerate modular reduction without pre-computation which speeds up modular reduction by 10-30 times over GF(2m) and speeds up ECC point multiplication by 40%-50%. This algorithm has been implemented in a high-speed public-key cipher accelerator

Xiaowei Han,Beibei Wang,An Wang,Liji Wu,Woogeun Rhee

DOI: https://doi.org/10.1109/CIS.2014.116

2014-01-01

Abstract:SM2 is a public-key cryptography algorithm which is based on elliptic curves. Since the side channel leakage of devices can be used to deduce the information of secret keys, algorithms to implement SM2 need to be improved. In this paper, we propose an initialized masking scalar multiplication algorithm (IMSM), a modified atomic point doubling and point addition algorithm (MADA), and a transformed formula countermeasure (TFCS). Analysis shows they can resist Simple Power Analysis (SPA), Differential Power Analysis and Template Attacks. IMSM and MADA have been verified to resist SPA on FPGA board successfully. Compared to Binary Expansion with RIP algorithm, 28.6% calculations can be saved when the scalar is divided into four parts, which is rather fast.

Souhir Gabsi,Yassin Kortli,Vincent Beroulle,Yann Kieffer,Belgacem Hamdi

DOI: https://doi.org/10.1007/s11042-024-18368-9

IF: 2.577

2024-02-18

Multimedia Tools and Applications

Abstract:Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Zhantao Zhang,Weijiang Wang,Jingqi Zhang,Xiang He,Mingzhi Ma,Shiwei Ren,Hua Dang

DOI: https://doi.org/10.3390/mi15101238

IF: 3.4

2024-10-08

Micromachines

Abstract:With the development of mobile communication, digital signatures with low latency, low area, and high security are in increasing demand. Elliptic curve cryptography (ECC) is widely used because of its security and lightweight. Elliptic curve scalar multiplication (ECSM) is the basic arithmetic in ECC. Based on this background information, we propose our own research objectives. In this paper, a low-latency and low-area ECSM architecture based on the comb algorithm is proposed. The detailed methodology is as follows. The recoding-k algorithm and randomization-Z algorithm are used to improve security, which can resist sample power analysis (SPA) and differential power analysis (DPA). A low-area multi-functional architecture for comb is proposed, which takes into account different stages of the comb algorithm. Based on this, the data dependency is considered and the comb architecture is optimized to achieve a uniform and efficient execution pattern. The interleaved modular multiplication algorithm and modified binary inverse algorithm are used to achieve short clock cycle delay and high frequency while taking into account the need for a low area. The proposed architecture has been implemented on Xilinx Virtex-7 series FPGA to perform ECSM on 256-bits prime field GF(p). In the hardware architecture with only 7351 slices of resource usage, a single ECSM only takes 0.74 ms, resulting in an area-time product (ATP) of 5.41. The implementation results show that our design can compete with the existing state-of-the-art engineering in terms of performance and has higher security. Our design is suitable for computing scenarios where security and computing speed are required. The implementation of the overall architecture is of great significance and inspiration to the research community.

chemistry, analytical,nanoscience & nanotechnology,instruments & instrumentation,physics, applied

Zhanzhan Chen,Liji Wu,Zhenhui Zhang,Dehang Xiao,Xiangmin Zhang,Yan Liu

DOI: https://doi.org/10.1109/asid56930.2022.9995777

2022-01-01

Abstract:SM2 algorithm is widely used in financial IC cards. It has the advantages of fast operation speed and short signature, but it may also contain security vulnerabilities. Attackers can crack the secret key via Simple Power Analysis (SPA), which is the inexpensive and extremely effective method, causing a great threat to the security of SM2 algorithm. In order to improve the safety of SM2 algorithm, this paper introduces atomic algorithm to implement point addition and point doubling operation, and proposes precomputed Non Adjacent Form (NAF) random window algorithm to achieve scalar multiplication. Based on experimental analysis with SAKURA-G FPGA board, the improved SM2 algorithm can resist successfully SPA. Compared with the original algorithm, the time of computation is reduced by 67.5%, and the number of slice registers has increased by less than 5%. The security and speed of SM2 algorithm has been significantly improved.

Lihui Wang,Qing Li,Gang Zhang,Jun Yu,Zhimin Zhang,Limin Guo,David Wei Zhang

DOI: https://doi.org/10.1109/CIS.2015.85

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices because of the reduced number of key bits. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain secret keys by measuring power consumption. To resist this attack there appear a number of countermeasures such as Montgomery ladder and double-and-add-always algorithm. This paper proposes a new simple power analysis attack to these countermeasures by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Experimental results on smart cards demonstrate that this attack method can retrieve secret keys easily in several seconds using one power trace. Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

Liping Wang,Weike Wang,Rang Zhang,Xiang Wang

DOI: https://doi.org/10.1109/icsict.2014.7021344

2014-01-01

Abstract:Scalar multiplication algorithm is the core of the elliptic curve cryptosystem, and it plays a crucial role of the efficiency and security in the process operation of the encryption and decryption. Based on comprehensive analysis of NAF scalar multiplication algorithm and power analysis, this paper proposes a new NAF scalar multiplication algorithm, ensuring the same Hamming-weight with the NAF code and introducing the M-sequence into the random replacement process to achieve power randomization. It not only enhances the ability to work against SPA and DPA attacks, but also improves the storage efficiency, speed and security.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

白国强,周涛,陈弘毅

DOI: https://doi.org/10.3321/j.issn:0372-2112.2002.11.018

2002-01-01

Abstract:The selection of secure elliptic curves and the scalar multiplications of elliptic curves are two important problems in the practice of efficiently implementing an elliptic curve cryptosystems.In this paper,we study those two problems jointly,give a class of secure elliptic curves mainly based on the computer words,describe a detailed process of how to selecting those curves,and present a new method,which is based on the idea of baby step giant step,of computing the scalar multiplication concerning those curves.With the new method,the amount of scalar multiplications based on those curves can be reduced greatly. Besides,when those curves are used,special representation method for the elements in the base field is no longer needed,and all the arithmetic in the field can be quickly accomplished.

Lihui Wang,Qing Li,Zhimin Zhang,Weijun Shan,David Wei Zhang

DOI: https://doi.org/10.2991/iset-15.2015.29

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices. However, simple power analysis (SPA) attacks may retrieve secret keys by exploiting the power consumption of ECC devices. To resist the SPA attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a refined simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the power consumption of different jump instructions if the implementation of ECC's countermeasure is not carefully designed. The experiments also demonstrate that the proposed countermeasure in this paper can resist this kind of SPA attack

Congming Wei,Jiazhe Chen,An Wang,Beibei Wang,Hongsong Shi,Xiaoyun Wang

DOI: https://doi.org/10.1049/iet-ifs.2018.5228

2020-01-01

IET Information Security

Abstract:This study revisits the side-channel security of the elliptic curve cryptography (ECC) scalar multiplication implemented with Montgomery ladder. Focusing on a specific implementation that does not use they-coordinate for point addition (ECADD) and point doubling (ECDBL), the authors show that Montgomery ladder on Weierstrass curves is vulnerable to a chosen base-point attack. Unlike the normal implementation withy-coordinate, in the scenario of this study, the chosen base-point strategy will not lead to operations with two same inputs during the ECADD and/or ECDBL. Instead, by choosing a suitable base-point, one will find that there are operations that share a common operand; while it is not the case if the base-point is not chosen correctly. This results in the recovery of the secret (fixed) scalar. They also experiment the methods of shared operand detection on a real-world SoC, where asecp256k1dedicated Montgomery ladder scalar multiplication withx-only coordinate is implemented, to show the efficiency of the scalar recovery attack. Naturally, the attack can be generalised to other Weierstrass curves when they contain special points.

Duo LIU,Yi-qi DAI

DOI: https://doi.org/10.3321/j.issn:0372-2112.2005.08.023

2005-01-01

Tien Tzu Hsueh Pao/Acta Electronica Sinica

Abstract:Elliptic curve cryptosystem is the focus of public cryptology nowadays, for it has many advantages which the RSA lacks. In this paper, a new elliptic curve scalar multiplication algorithm is proposed. The algorithm uses the Frobenius map on optimal extension field (OEF) and the logic operations of binary strings. Based on this algorithm, a new method of computing scalar multiplication of elliptic curve over an OEF is presented. The accurate analysis about it is given. The comparisons of traditional method and the new method are presented. The running time of new method is about 60%-80% of that of the traditional φ-adic scalar multiplication algorithms of elliptic curve over OEF.

lihui wang,qing li,zhimin zhang,weijun shan,davidwei zhang

DOI: https://doi.org/10.2991/iset-15.2015.33

2015-01-01

Abstract:Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems such as RSA. They are especially suited to smartcards because of the limited memory and computational power available on these devices. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain information about the cryptosystem by measuring power consumption and processing time. To resist this attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a novel simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

Yanzhao Yin,Liji Wu,Qian Peng,Xiangmin Zhang

DOI: https://doi.org/10.1109/icasid.2018.8693138

2018-01-01

Abstract:Although SPA (Simple Power Analysis) has been studied for many years, it is still effective on many cryptographic algorithms based on ECC. Double-and-Add and Montgomery ladder can avoid attacks with point double and point add operations, but in software implementation of ECC algorithm, modular addition and subtraction will be the weakness that the hostile attackers may use. In this paper, a black box SPA is performed on a smart card with SM2 algorithm, a Chinese standard of ECC cryptographic algorithm. The card was proved to implement the SM2 algorithm by Jacobi form and non-adjacent form, and its private key can be extracted by SPA within less than 10 power traces, with conditional operations in the modular subtraction. Then we discussed the probability that the ECC cryptography implemented by other forms be attacked with modular subtraction or addition, and illustrate how the problem can be solved by hardware implementation.

Zhijie Jerry Shi,Fan Zhang

2006-01-01

Abstract:Elliptic curve cryptography (ECC) has attracted a lot of attention because it can provide similar levels of security with much shorter keys than the arithmetic of multiple-precision integers in finite fields, which has been widely used in many public-key and key-exchange algorithms. Small key sizes are especially important to resource constrained devices as shorter keys require less storage space and consume less power to transmit and compute. However, ECC algorithms are vulnerable to power analysis attacks, which exploit the instantaneous power consumptions of computing devices to retrieve secret data. Many countermeasures have been proposed to make ECC implementations secure against power analysis. One of the approaches is randomized algorithms that generate different power traces even if the input of the algorithm is the same. For example, the randomized scalar point multiplication algorithm proposed by Oswald et al. combines two algorithms and uses random variables to decide which algorithm to follow at different stages of the execution. The randomized algorithm can thwart traditional power analysis attacks. However, in this paper, we propose an effective attack on the randomized algorithms. Our attack does not require a large number of power traces and has a very high success rate.

Xiaowei Han,Liji Wu,Beibei Wang,An Wang

DOI: https://doi.org/10.7544/issn1000-1239.2016.20150052

2016-01-01

Abstract:SM2 algorithms are commercial elliptic curve public‐key algorithms ,which are released by Chinese Cryptography Administration and similar to ECC . Traditional cryptographic algorithms always have security flaws .Attackers often attack on security weaknesses of algorithms and analyze the secret‐key ,which poses great threat to cryptographic systems and peoples’ property .There are various kinds of attacks ,such as power attack ,fault attack and electromagnetic attack .Among these attacks ,power attack is the most traditional one ,which has many advantages such as small secret‐key searching space and high analysis efficiency .Usually ,power attack utilizes the power leakage during operation processes of cryptographic algorithms ,acquires power waves and retrieves the secret key .In order to resist power attack and enhance the security of SM 2 algorithms , this article learns from elliptic curve cryptography algorithms ,applies the atomic concept into SM2 and proposes a novel atomic algorithm . According to theoretical comparison between the proposed algorithm and other former algorithms ,it show s that the proposed algorithm saves 27 .4% of computation in comparison to double‐and‐add always algorithm . Besides , it has less computation amount than other atomic algorithms .Furthermore ,implementation has been fulfilled on SAKURA‐G FPGA board .Simulation results demonstrate that the proposed algorithm can resist simple power attack successfully .