Browse > Article
http://dx.doi.org/10.13089/JKIISC.2007.17.1.21

SPA-Resistant Unsigned Left-to-Right Receding Method  

Kim, Sung-Kyoung (Graduate School of Information Management and Security, Korea University)
Kim, Ho-Won (Electronics and Telecommunications Research Institute)
Chung, Kyo-Il (Electronics and Telecommunications Research Institute)
Lim, Jong-In (Graduate School of Information Management and Security, Korea University)
Han, Dong-Guk (Electronics and Telecommunications Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.17, no.1, 2007 , pp. 21-32 More about this Journal
Abstract
Vuillaume-Okeya presented unsigned receding methods for protecting modular exponentiations against side channel attacks, which are suitable for tamper-resistant implementations of RSA or DSA which does not benefit from cheap inversions. The proposed method was using a signed representation with digits set ${1,2,{\cdots},2^{\omega}-1}$, where 0 is absent. This receding method was designed to be computed only from the right-to-left, i.e., it is necessary to finish the receding and to store the receded string before starting the left-to-right evaluation stage. This paper describes new receding methods for producing SPA-resistant unsigned representations which are scanned from left to right contrary to the previous ones. Our contributions are as follows; (1) SPA-resistant unsigned left-to-right receding with general width-${\omega}$, (2) special case when ${\omega}=1$, i.e., unsigned binary representation using the digit set {1,2}, (3) SPA-resistant unsigned left-to-right Comb receding, (4) extension to unsigned radix-${\gamma}$ left-to-right receding secure against SPA. Hence, these left-to-right methods are suitable for implementing on memory limited devices such as smartcards and sensor nodes
Keywords
RSA; DSA; SPA; left-to-right recoding; fixed pattern; comb method;
Citations & Related Records
연도 인용수 순위
  • Reference
1 R.Harasawa, Y.Sueyoshi, and A.Kudo, 'Ate pairing for y2=x5-ax in Characteristic Five,' Cryptology ePrint Archive: Report 2006/202, 2006
2 P. Kocher, 'Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,' Advances in Cryptology-CRYPTO'96, LNCS 1109, pp.104-113, 1996
3 V.S. Miller, 'Use of elliptic curves in cryptography,' In Advances in Cryptology- CRYPTO'85, LNCS218, pp. 417-426, 1986
4 X. Ruan and R. Katti, 'Left-to-Right Optimal Signed-Binary Representation of a Pair of Integers,' IEEE Trans. Computers, vol. 54, pp. 124-131, July, 2005   DOI   ScienceOn
5 J.H. Shin, D.J. Park, and P.J. Lee, 'DPA Attack on the Improved Ha-Moon Algorithm,' Workshop on Information Security Applications-WISA 2005, LNCS 3786, pp. 283-291, Springer-Verlag, 2006
6 B. Mӧller, 'Securing Elliptic Curve Point Multiplication against Side-Channel Attacks,' Information Security-ISC'01, LNCS2200, pp. 24-334, 2001
7 N. Theriault 'SPA Resistant Left-to-Right Integer Recodings,' Selected Areas in Cryptography-SAC 2005, LNCS 3897, pp. 345-358, Springer-Verlag, 2006
8 C. Vuillaume and K. Okeya, 'Flexible Exponentiation with Resistance to Side Channel Attacks,' Applied Cyptography and Network Security, ACNS 2006, LNCS 3989, pp. 268-283, Springer-Verlag, 2006
9 P. Kocher, J. Jaffe, B. Jun, 'Differential Power Analysis,' Advances in Cryptology-CRYPTO'99, LNCS1666, pp. 388-397, 1999
10 S.M. Yen, C.N. Chen, S. Moon, and J. Ha 'Improvement on Ha-Moon Randomized Exponentiation Algorithm,' International Conference on Information Security and Cryptology-ICISC 2004, LNCS 3506, pp. 154-167, Springer-Verlag, 2005
11 K. Lauter, 'The advantages of elliptic curve cryptography for wireless security,' IEEE Wireless Communications, vol. 11, Issue 1, pp. 62-67, Feb., 2004
12 M. Aydos, T. Yank, and C.K. Koc, 'High-speed implementation of an ECC-based wireless authentication protocol on an ARM microprocessor,' IEE Proceedings Communications, vol. 148, Issue 5, pp. 273-279, Oct., 2001
13 N. Koblitz, 'Elliptic curve cryptosystems,' In Mathematics of Computation, volume 48, pp. 203-209, 1987   DOI
14 X. Tian, D. Wong, and R. Zhu, 'Analysis and Improvement of an Authenticated Key Exchange Protocol for Sensor Networks,' IEEE Communications letters, vol. 9, pp. 970-972, November, 2005   DOI   ScienceOn
15 K. Okeya, K. Schmidt-Samoa, C. Spahn, and T. Takagi, 'igned Binary Representations Revisited,' dvances in Cryptology-CRYP '04, LNCS 3152, pp. 123-139, Springer-Verlag, 2004
16 M. Hedabou, P. Pinel, and L. Bebeteau, 'Countermeasures for Preventing Comb Method Against SCA Attacks,' Information Security Practise and Experience Conference, ISPEC'05, LNCS 3439, pp. 85-96, Springer-Verlag, 2005
17 K.Harrison, D.Page, and N.Smart, 'Software Implementation of Finite Fields of Characteristic Three,' LMS Journal of Computation and Mathematics, Vol.5, pp. 181-193, 2002   DOI
18 N.Smart, and J.Westwood, 'Point Multiplication on Ordinary Elliptic Curves over Fields of Characteristic Three,' Applicable Algebra in Engineering, Communication and Computing, Vol.13, No.6, pp.485-497, 2003   DOI   ScienceOn
19 D.Boneh, B.Lynn, and H.Shacham, 'Short Signatures from the Weil Pairing,' ASIACRYPT 2001, LNCS 2248, pp.514-532, 2001
20 A.Joux, 'A one round protocol for tripartite Diffie-Hellman,' ANTS V, LNCS 1838, pp.385-394, 2000
21 G.Bertoni, J.Guajardo, S.Kumar, G.Orlando, C.Paar, and T.Wollinger, 'Efficient GF(pm) Arithmetic Architectures for Cryptographic Applications,' CT-RSA 2003, LNCS 2612, pp. 158-175, 2003
22 D.Boneh and M.Franklin, 'Identity Based Encryption from the Weil Pairing,' SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2001   DOI   ScienceOn
23 P.Barreto, S.Galbraith, C.hEigeartaigh, and M.Scott, 'Efficient Pairing Computation on Supersingular Abelian Varieties,' Cryptology ePrint Archive: Report 2004/375, 2005
24 C. Lim, 'A new method for securing elliptic scalar multiplication against side channel attacks,' Information Security and Privacy - ACISP'04, LNCS 3108, pp. 289-300, Springer-Verlag, 2004
25 C. Lim and P. Lee, 'More Flexible Exponentiation with Precomputation,' Advances in Cryptology-CRYPTO'94, LNCS 839, pp. 95-107, Springer-Verlag, 1994
26 I.Duursma and H-S.Lee, 'Tate Pairing Implementation for Hyperelliptic Curves y2 =xp-x + d,' ASIACRYPT 2003, LNCS 2894, pp. 111-123, 2003
27 K. Okeya and T. Takagi, 'The width-wNAF method provids small memory and fast elliptic scalar multiplications secure against side channel attacks,' Topics in Cryptology-CT-RSA'03, LNCS 2612, pp. 328-343, Springer-Verlag, 2003
28 M. Joye and S. Yen, 'Optimal Left-to-Right Binary Signed-Digit Recoding,' IEEE Trans. Computers, vol. 49, pp. 740-748, July, 2000   DOI   ScienceOn
29 D.Page and N.Smart, 'Hardware Implementation of Finite Fields of Characteristic Three,' CHES 2002, LNCS 2523, pp. 529-539, 2002