Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis

Sung Min Cho, Seog Chung Seo, Tae Hyun Kim, Young Ho Park, Seokhie Hong

Research output: Contribution to journalArticle

4 Citations (Scopus)

Abstract

In this paper, we propose a scalar multiplication algorithm on elliptic curves over GF(2m). The proposed algorithm is an extended version of the Montgomery ladder algorithm with the quaternary representation of the scalar. In addition, in order to improve performance, we have developed new composite operation formulas and apply them to the proposed scalar multiplication algorithm. The proposed composite formulas are 2P1 + 2P2, 3P1 + P2, and 4P1, where P 1 and P2 are points on an elliptic curve. They can be computed using only the x-coordinate of a point P = (x, y) in the affine coordinate system. However, the proposed scalar multiplication algorithm is vulnerable to simple power analysis attacks, because different operations are performed depending on the bits of the scalar unlike the original Montgomery ladder algorithm. Therefore, we combine the concept of the side-channel atomicity with the proposed composite operation formulas to prevent simple power analysis. Furthermore, to optimize the computational cost, we use the Montgomery trick which can reduce the number of finite field inversion operations used in the affine coordinate system. As the result, the proposed scalar multiplication algorithm saves at least 26% of running time with small storage compared to the previous algorithms such as window-based methods and comb-based methods.

Original languageEnglish
Pages (from-to)304-312
Number of pages9
JournalInformation Sciences
Volume245
DOIs
Publication statusPublished - 2013 Oct 1

Fingerprint

Power Analysis
Ladders
Elliptic Curves
Binary
Scalar multiplication
Composite
Composite materials
Scalar
Atomicity
P-point
Resistance
Galois field
Computational Cost
Inversion
Optimise
Attack

Keywords

  • Composite formulas
  • Elliptic curve
  • Montgomery ladder algorithm
  • Side-channel atomicity
  • Simple power analysis

ASJC Scopus subject areas

  • Artificial Intelligence
  • Software
  • Control and Systems Engineering
  • Theoretical Computer Science
  • Computer Science Applications
  • Information Systems and Management

Cite this

Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis. / Cho, Sung Min; Seo, Seog Chung; Kim, Tae Hyun; Park, Young Ho; Hong, Seokhie.

In: Information Sciences, Vol. 245, 01.10.2013, p. 304-312.

Research output: Contribution to journalArticle

Cho, Sung Min ; Seo, Seog Chung ; Kim, Tae Hyun ; Park, Young Ho ; Hong, Seokhie. / Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis. In: Information Sciences. 2013 ; Vol. 245. pp. 304-312.
@article{7394e5a8e6d14e2695a6efc1d6869d7d,
title = "Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis",
abstract = "In this paper, we propose a scalar multiplication algorithm on elliptic curves over GF(2m). The proposed algorithm is an extended version of the Montgomery ladder algorithm with the quaternary representation of the scalar. In addition, in order to improve performance, we have developed new composite operation formulas and apply them to the proposed scalar multiplication algorithm. The proposed composite formulas are 2P1 + 2P2, 3P1 + P2, and 4P1, where P 1 and P2 are points on an elliptic curve. They can be computed using only the x-coordinate of a point P = (x, y) in the affine coordinate system. However, the proposed scalar multiplication algorithm is vulnerable to simple power analysis attacks, because different operations are performed depending on the bits of the scalar unlike the original Montgomery ladder algorithm. Therefore, we combine the concept of the side-channel atomicity with the proposed composite operation formulas to prevent simple power analysis. Furthermore, to optimize the computational cost, we use the Montgomery trick which can reduce the number of finite field inversion operations used in the affine coordinate system. As the result, the proposed scalar multiplication algorithm saves at least 26{\%} of running time with small storage compared to the previous algorithms such as window-based methods and comb-based methods.",
keywords = "Composite formulas, Elliptic curve, Montgomery ladder algorithm, Side-channel atomicity, Simple power analysis",
author = "Cho, {Sung Min} and Seo, {Seog Chung} and Kim, {Tae Hyun} and Park, {Young Ho} and Seokhie Hong",
year = "2013",
month = "10",
day = "1",
doi = "10.1016/j.ins.2013.05.009",
language = "English",
volume = "245",
pages = "304--312",
journal = "Information Sciences",
issn = "0020-0255",
publisher = "Elsevier Inc.",

}

TY - JOUR

T1 - Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis

AU - Cho, Sung Min

AU - Seo, Seog Chung

AU - Kim, Tae Hyun

AU - Park, Young Ho

AU - Hong, Seokhie

PY - 2013/10/1

Y1 - 2013/10/1

N2 - In this paper, we propose a scalar multiplication algorithm on elliptic curves over GF(2m). The proposed algorithm is an extended version of the Montgomery ladder algorithm with the quaternary representation of the scalar. In addition, in order to improve performance, we have developed new composite operation formulas and apply them to the proposed scalar multiplication algorithm. The proposed composite formulas are 2P1 + 2P2, 3P1 + P2, and 4P1, where P 1 and P2 are points on an elliptic curve. They can be computed using only the x-coordinate of a point P = (x, y) in the affine coordinate system. However, the proposed scalar multiplication algorithm is vulnerable to simple power analysis attacks, because different operations are performed depending on the bits of the scalar unlike the original Montgomery ladder algorithm. Therefore, we combine the concept of the side-channel atomicity with the proposed composite operation formulas to prevent simple power analysis. Furthermore, to optimize the computational cost, we use the Montgomery trick which can reduce the number of finite field inversion operations used in the affine coordinate system. As the result, the proposed scalar multiplication algorithm saves at least 26% of running time with small storage compared to the previous algorithms such as window-based methods and comb-based methods.

AB - In this paper, we propose a scalar multiplication algorithm on elliptic curves over GF(2m). The proposed algorithm is an extended version of the Montgomery ladder algorithm with the quaternary representation of the scalar. In addition, in order to improve performance, we have developed new composite operation formulas and apply them to the proposed scalar multiplication algorithm. The proposed composite formulas are 2P1 + 2P2, 3P1 + P2, and 4P1, where P 1 and P2 are points on an elliptic curve. They can be computed using only the x-coordinate of a point P = (x, y) in the affine coordinate system. However, the proposed scalar multiplication algorithm is vulnerable to simple power analysis attacks, because different operations are performed depending on the bits of the scalar unlike the original Montgomery ladder algorithm. Therefore, we combine the concept of the side-channel atomicity with the proposed composite operation formulas to prevent simple power analysis. Furthermore, to optimize the computational cost, we use the Montgomery trick which can reduce the number of finite field inversion operations used in the affine coordinate system. As the result, the proposed scalar multiplication algorithm saves at least 26% of running time with small storage compared to the previous algorithms such as window-based methods and comb-based methods.

KW - Composite formulas

KW - Elliptic curve

KW - Montgomery ladder algorithm

KW - Side-channel atomicity

KW - Simple power analysis

UR - http://www.scopus.com/inward/record.url?scp=84880313577&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84880313577&partnerID=8YFLogxK

U2 - 10.1016/j.ins.2013.05.009

DO - 10.1016/j.ins.2013.05.009

M3 - Article

AN - SCOPUS:84880313577

VL - 245

SP - 304

EP - 312

JO - Information Sciences

JF - Information Sciences

SN - 0020-0255

ER -