• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.3
• /
• pp.117-121
• /
• 2007

Most existing countermeasures against classical DPA are vulnerable to new DPA, e.g., refined power analysis attack (RPA), zero-value point attack (ZPA), and doubling attack. More recently, Mamiya et al proposed a new countermeasure (so-called BRIP) against RPA, ZPA, classical DPA and SPA. This countermeasure, however, also has a vulnerability of scalar multiplication computations by exploiting specially chosen input message. Therefore, to prevent various power analysis attacks like DPA and new SPA, we propose an enhanced countermeasure by developing a new random blinding technique.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.4
• /
• pp.99-114
• /
• 2002

Improved algorithms for elliptic scalar multiplication secure against side-channel attacks, such as timing and power analysis, are presented and analyzed. We first point out some potential security flaws often overlooked in most previous algorithms and then present a simple $\pm$1-signed encoding scheme that can be used to enhance the security and performance of existing algorithms. More specifically, we propose concrete signed binary and window algorithms based on the proposed $\pm$ 1-signed encoding and analyze their security and performance. The proposed algorithms are shown to be more robust and efficient than previous algorithms.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.5
• /
• pp.1079-1087
• /
• 2018

Binary scalar multiplication which is the main operation of elliptic curve cryptography is vulnerable to the side-channel analysis. Especially, it is vulnerable to the side-channel analysis which uses power consumption and electromagnetic emission patterns. Thus, various countermeasures have been studied. However, they have focused on eliminating patterns of data dependent branches, statistical characteristic according to intermediate values, or the interrelationships between data. No countermeasure have been taken into account for the secure design of the key bit check phase, although the secret scalar bits are directly loaded during that phase. Therefore, in this paper, we demonstrate that we can extract secret scalar bits with 100% success rate using a single power or a single electromagnetic trace by performing key bit-dependent attack on hardware implementation of binary scalar multiplication algorithm. Experiments are focused on the $Montgomery-L{\acute{o}}pez-Dahab$ ladder algorithm protected by scalar randomization. Our attack does not require sophisticated pre-processing and can defeat existing countermeasures using a single-trace. As a result, we propose a countermeasure and suggest that it should be applied.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.26 no.8
• /
• pp.1172-1179
• /
• 2022

This paper describes a design of point scalar multiplier for public-key cryptography based on binary Edwards curves (BEdC). For efficient implementation of point addition (PA) and point doubling (PD) on BEdC, projective coordinate was adopted for finite field arithmetic, and computational performance was improved because only one inversion was involved in point scalar multiplication (PSM). By applying optimizations to hardware design, the storage and arithmetic steps for finite field arithmetic in PA and PD were reduced by approximately 40%. We designed two types of point scalar multipliers for BEdC, Type-I uses one 257-b×257-b binary multiplier and Type-II uses eight 32-b×32-b binary multipliers. Type-II design uses 65% less LUTs compared to Type-I, but it was evaluated that it took about 3.5 times the PSM computation time when operating with 240 MHz. Therefore, the BEdC crypto core of Type-I is suitable for applications requiring high-performance, and Type-II structure is suitable for applications with limited resources.

• 한국정보통신설비학회:학술대회논문집
• /
• 2008.08a
• /
• pp.323-326
• /
• 2008

This paper describes some field multiplication algorithm over GF($2^m$) on 8-bit processor. Through performance comparisons among algorithm, we show that our proposal is faster than existing algorithms. The proposed algorithm save 26.38% of running time compared with naive comb multiplication algorithm which is a kind of lookup-table (LUT) based algorithm. With the proposed algorithm, a scalar multiplication over GF($2^{163}$) can be computed within 1.04 secs on 8-bit MICAz sensor mote.

• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.1C
• /
• pp.14-21
• /
• 2011

Cryptographic protocols based on bilinear pairings provide excellent alternatives to conventional elliptic curve cryptosystems based on discrete logarithm problems. Through active research has been done toward fast computation of the bilinear pairings, it is still believed that the computational cost of one pairing computation is heavier than the cost of one ECC scalar multiplication. However, there have been many progresses in pairing computations over binary fields. In this paper, we compare the cost of BLS signature scheme with ECDSA with equvalent level of security parameters. Analysis shows that the cost of the pairing computation is quite comparable to the cost of ECC scalar multiplication for the case of binary fields.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.115-123
• /
• 2007

In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.5
• /
• pp.1019-1025
• /
• 2012

Fault attacks manipulate the computation of an algorithm and get information about the private key from the erroneous result. It is the most powerful attack for the cryptographic device. Currently, the research on error detection methods and fault attacks have been studied actively. S. Pontarelli et al. introduced an error detection method in 2009. It can detect an error that occurs during Elliptic Curve Scalar Multiplication (ECSM). In this paper, we present a new fault attack. Our attack can avoid the error detection method introduced by S. Pontarelli et al. We inject a bit flip error in the Euclidean Addition Chain (EAC) on the private key in ECSM and retrieve the private key.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.3
• /
• pp.515-518
• /
• 2019

The performance of Elliptic Curves Cryptosystem(ECC) is dominated by the modular multiplication since the elliptic curve scalar multiplication consists of the modular multiplication in projective coordinates. In this paper, we propose a new method that combines the Karatsuba-Ofman multiplication method and a new modular reduction algorithm in order to improve the performance of the modular multiplication for NIST p224 in the FIPS 186-4 standard. The proposed method leads to a running time improvement for computing the modular multiplication about 25% faster than the previous methods. The results also show that the method can reduce the arithmetic complexity by half when compared with traditional implementations on the standpoint of the modular reduction.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2021.10a
• /
• pp.223-225
• /
• 2021

Modular multiplication is a key operation for point scalar multiplication of ECC, and is the most important factor affecting the performance of ECC processor. This paper describes a design of a 256-bit modular multiplier that adopts 3-way Toom-Cook multiplication algorithm and modified fast reduction algorithm. One 90-bit multiplier and three 264-bit adders were used to optimize the hardware size and the number of clock cycles required. The modular multiplier was verified by implementing it using Zynq UltraScale+ MPSoC device and the modular multiplication operation takes 15 clock cycles.