• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.5
• /
• pp.169-177
• /
• 2003

We establish the security requirements and derive a generic condition of elliptic curve scalar multiplication to resist against DPA and Goubin’s attack. Also we show that if a scalar multiplication algorithm satisfies our generic condition, then both attacks are infeasible. Showing that the randomized signed scalar multiplication using Ha-Moon's receding algorithm satisfies the generic condition, we recommend the randomized signed scalar multiplication using Ha-Moon's receding algorithm to be protective against both attacks. Also we newly design a random recoding method to Prevent two attacks. Finally, in efficiency comparison, it is shown that the recommended method is a bit faster than Izu-Takagi’s method which uses Montgomery-ladder without computing y-coordinate combined with randomized projective coordinates and base point blinding or isogeny method. Moreover. Izu-Takagi’s method uses additional storage, but it is not the case of ours.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2019.05a
• /
• pp.254-256
• /
• 2019

소수체 GF(p)와 이진체 $GF(2^m)$ 상의 다중 타원곡선을 지원하는 듀얼 필드 ECC (DF-ECC) 프로세서를 설계하였다. DF-ECC 프로세서의 저면적 설와 다양한 타원곡선의 지원이 가능하도록 워드 기반 몽고메리 곱셈 알고리듬을 적용한 유한체 곱셈기를 저면적으로 설계하였으며, 페르마의 소정리(Fermat's little theorem)를 유한체 곱셈기에 적용하여 유한체 나눗셈을 구현하였다. 설계된 DF-ECC 프로세서는 스칼라 곱셈과 점 연산, 그리고 모듈러 연산 기능을 가져 다양한 공개키 암호 프로토콜에 응용이 가능하며, 유한체 및 모듈러 연산에 적용되는 파라미터를 내부 연산으로 생성하여 다양한 표준의 타원곡선을 지원하도록 하였다. 설계된 DF-ECC는 FPGA 구현을 하드웨어 동작을 검증하였으며, 0.18-um CMOS 셀 라이브러리로 합성한 결과 22,262 GEs (gate equivalences)와 11 kbit RAM으로 구현되었으며, 최대 100 MHz의 동작 주파수를 갖는다. 설계된 DF-ECC 프로세서의 연산성능은 B-163 Koblitz 타원곡선의 경우 스칼라 곱셈 연산에 885,044 클록 사이클이 소요되며, B-571 슈도랜덤 타원곡선의 스칼라 곱셈에는 25,040,625 사이클이 소요된다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.57-64
• /
• 2003

Recently, it has been shown that cryptographic devices such as smart cards are vulnerable to power attacks. In this paper, by mixing the randomization concept and the folding in half for secret scalar integer on ECCs, we propose an efficient and fast scalar multiplication algorithm to resist against simple power analysis(SPA) and differential power analysis(DPA) attacks. Our proposed algorithm as a countermeasure against SPA and DPA is estimated as a 33% speedup compared to the binary scalar multiplication.

• Journal of Internet of Things and Convergence
• /
• v.6 no.2
• /
• pp.25-29
• /
• 2020

The elliptic curve crypto-algorithm is widely used in authentication for IoT environment, since it has small key size and low communication overhead compare to the RSA public key algorithm. If the scalar multiplication, a core operation of the elliptic curve crypto-algorithm, is not implemented securely, attackers can find the secret key to use simple power analysis or differential power analysis. In this paper, an elliptic curve scalar multiplication algorithm using a randomized scalar and an elliptic curve point blinding is suggested. It is resistant to power analysis but does not significantly reduce efficiency. Given a random r and an elliptic curve random point R, the elliptic scalar multiplication kP = u(P+R)-vR is calculated by using the regular variant Shamir's double ladder algorithm, where l+20-bit u≡rn+k(modn) and v≡rn-k(modn) using 2^lP=∓cP for the case of the order n=2^l±c.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.13 no.3
• /
• pp.35-43
• /
• 2003

The randomization of scalar multiplication in ECC is one of the fundamental concepts in defense methods against side-channel attacks. This paper proposes a countermeasure against simple and differential power analysis attacks through randomizing the transformed m-ary method based on a random m-ary receding algorithm. The proposed method requires an additional computational load compared to the standard m-ary method, yet the power consumption is independent of the secret key. Accordingly, since computational tracks using random window width can resist against SPA and DPA, the proposed countermeasure can improve the security for smart cards.

• Journal of the Institute of Electronics Engineers of Korea SP
• /
• v.47 no.1
• /
• pp.139-149
• /
• 2010

Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1099-1103
• /
• 2016

The user's secret key can be retrieved by the leakage informations of power consumption occurred during the execution of scalar multiplication for elliptic curve cryptographic algorithm which can be embedded on a security device. Recently, a carry random recoding method is proposed to prevent simple power and differential power analysis attack by recoding the secret key. In this paper, we show that this recoding method is still vulnerable to the differential power analysis attack due to the limitation of the size of carry bits, which is a different from the original claim.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.9 no.1
• /
• pp.85-102
• /
• 1999

In this paper, we propose an EC-SRP(Elliptic Curve - Secure Remote Password) protocol that uses ECDLP(Elliptic Curve Discrete Logarithm Problem) instead SRP protocols’s DLP. Since EC-SRP uses ECDLP, it inherits the high performance and security those are the properties of elliptic curve. And we reduced the number of elliptic curve scalar multiplication to improve EC-SRP protocol’s performance. Also we have proved BC-SRP protocol is a secure AKC(Authenticated Key Agreement with Key Confirmation) protocol in a random oracle model.

• Journal of IKEEE
• /
• v.23 no.1
• /
• pp.58-67
• /
• 2019

A design of an elliptic curve cryptography (ECC) processor that supports both pseudo-random curves and Koblitz curves over $GF(2^m)$ defined by the NIST standard is described in this paper. A finite field arithmetic circuit based on a word-based Montgomery multiplier was designed to support five key lengths using a datapath of fixed size, as well as to achieve a lightweight hardware implementation. In addition, Lopez-Dahab's coordinate system was adopted to remove the finite field division operation. The ECC processor was implemented in the FPGA verification platform and the hardware operation was verified by Elliptic Curve Diffie-Hellman (ECDH) key exchange protocol operation. The ECC processor that was synthesized with a 180-nm CMOS cell library occupied 10,674 gate equivalents (GEs) and a dual-port RAM of 9 kbits, and the maximum clock frequency was estimated at 154 MHz. The scalar multiplication operation over the 223-bit pseudo-random elliptic curve takes 1,112,221 clock cycles and has a throughput of 32.3 kbps.