Increasing the Robustness of the Montgomery kP-Algorithm Against SCA by Modifying Its Initialization

• Published in: Innovative Security Solutions for Information Technology and Communications Vol. 10006; pp. 167 - 178
• Main Authors: Alpirez Bock, Estuardo, Dyka, Zoya, Langendoerfer, Peter
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2016; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: algorithm; Computer security; Data encryption; Elliptic curve cryptography; Information retrieval; Montgomery; Power analysis
• ISBN: 9783319472379; 3319472372
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-319-47238-6_12

The Montgomery kP-algorithm using Lopez-Dahab projective coordinates is a well-known method for performing the scalar multiplication in elliptic curve crypto-systems (ECC). It is considered resistant against simple power analysis (SPA) since each key bit is processed by the same type, amount and sequence of operations, independently of the key bit’s value. Nevertheless, its initialization phase affects this algorithm’s robustness against side channel analysis (SCA) attacks. We describe how the first iteration of the kP processing loop reveals information about the key bit being processed, i.e. bit $$k_{l-2}$$ . We explain how the value of this bit can be extracted with SPA and how the power profile of its processing can reveal details about the implementation of the algorithm. We propose a modification of the algorithm’s initialization phase and of the processing of bit $$k_{l-2}$$ , in order to hinder the extraction of its value using SPA. Our proposed modifications increase the algorithm’s robustness against SCA and even reduce the time needed for the initialization phase and for processing $$k_{l-2}$$ . Compared to the original design, our new implementation needs only 0.12 % additional area, while its energy consumption is almost the same, i.e. we improved the security of the design at no cost.