This invention relates to a method for scalar multiplication and more particularly to a method for manipulating and modifying an elliptic curve cryptographic key to render the encryption resistant to power analysis attacks.
Elliptic curve cryptography has recently been attracting increased interest. For example, standards for elliptic curve cryptography have been adapted by IEEE, ANSI, NIST, SEC and WTLS. The ability to use smaller key sizes and more computationally efficient elliptic curve cryptographic algorithms than those used in early public key cryptosystems are two reasons why elliptic curve cryptography is becoming more popular. In addition, elliptic curve cryptography is particularly suitable for implementations on smart cards and mobile devices.
A U.S. Patent of Mohammad Ibrahim U.S. Pat. No. 7,483,534 discloses a method for cryptographic encryptions and decryptions which use more than one quadratic variable that are termed y-coordinates to obtain an elliptic polynomial equation with multi y-coordinates instead of one y-coordinate. The additional y-coordinates are used to embed extra message data bits. Any-fold increase in the number of embedded message data bits in a single elliptic point can be achieved with the improved method. For example, any-fold increase in the number of embedded message data bits in a single elliptic point is achieved with the improved method. The reason is that the number of points that satisfy an elliptic polynomial equation defined over F(p) and which can be used in the corresponding cryptosystem is increased. The use of the additional y-coordinates can be used to reduce computational complexity or to increase security by making the bit positions where data bits are embedded known only to the sender and receiver. Also, it can be used as a countermeasure by randomizing the bit positions where data bits are embedded.
A more recent U.S. Pat. No. 8,422,685 of the present inventor and Alaaeldin Amin is entitled, “Method for Elliptic Curve Scalar Multiplication.” The patent discloses a method for elliptic curve scalar multiplication that provides several countermeasures to protect scalar multiplication of a private key by a point Pk to produce the product kP from power analysis attacks. First, the private key k, is partitioned into a plurality of key partitions which are processed in a random order, the resulting points being accumulated to produce the scalar product kP. Second, in each partition the encoding is randomly selected to occur in binary form or in Non-Adjacent form with the direction of bit inspection being randomly assigned between most-to-least and least-to-most. Third, in each partition each 0 in the key may randomly perform a dummy point addition operation in addition to the doubling operation. The method may be implemented in software, smart cards, circuits, processors, or application specific integrated circuits designed to carry out the method.
Notwithstanding the above, it is presently believed that there is a need and a potential commercial market for an improved method for scalar multiplication in accordance with the present invention. There should be a need and a potential commercial market for such methods in accordance with the present invention because they provide further protection against power analysis attacks. The method comprise and/or consists of the following steps: a) dividing secret key into number of partitions, b) computing reference points, c) associating key partitions with reference points, d) selecting a key partition randomly, e) processing the selected key partition from least to most until reaching the leftmost ‘1’, f) repeating the previous two steps until all key partitions have been processed, g) accumulating the resulting points of processing key partitions to produce the scalar multiplication product kP.
In essence, the present invention contemplates a method for securing elliptic curve scalar multiplication against power analysis attacks. The method comprises and/or consists of the following steps and/or elements:
dividing secret key into number of partitions,
computing reference points,
associating key partitions with reference points,
selecting a key partition randomly,
processing the selected key partition from least to most until reaching the
leftmost “1”,
repeating the previous two steps until all key partitions have been
processed,
accumulating the resulting points of processing key partitions to produce
the scalar multiplication product kP.
The invention will now be described in connection with the accompanying drawings.
Scalar multiplication is the basic operation for ECCs. Scalar multiplication of a group of points on an elliptic curve is analogous to the exponentiation of a multiplicative group of integers modulo a fixed integer m. The scalar multiplication operation, denoted as kP, where k is an integer and P is a point on the elliptic curve, represents the addition of k copies of point P. Scalar multiplication is then computed by a series of point doubling and point addition operations of the point P that depends on the bit sequence that represents the scalar multiplier k. Several scalar multiplication methods have been proposed in the literature (Gordon, 1998). Computing kP can be done using a straightforward binary method, the double-and-add method, based on the binary expression of the multiplier k. Computing kP using the binary method is described as follows:
Let k=(km-1, . . . , k0), where km-1 is the most significant bit of k, be the binary representation of k. The multiplier k can be written as:
The binary method algorithm is shown below:
The binary scalar multiplication method is the most straightforward scalar multiplication method. It inspects the bits of the scalar multiplier k, if the inspected bit ki=0, only point doubling is performed. If, however, the inspected bit ki=1, both point doubling and point addition are performed. The binary method requires m point doublings and an average of m/2 point additions.
Power analysis attacks are usually divided into two types. The first type, Simple Power Analysis (SPA) attack, which is based on a single observation of power consumption, while the second type, Differential Power Analysis (DPA) attack combines SPA attack with an error-correcting technique using statistical analysis (Kocher, 1996), (Kocher, et. al. 1999). More importantly, classical DPA attacks have been extensively researched for each cryptosystem and new types of DPA attacks are continuously being developed. Many of the existing countermeasures are vulnerable to the more recent attacks including the Doubling Attack (Fouque and Valette, 2003), the Refined Power Analysis (RPA) (Goubin, 2003) and the Zero-Value Point Analysis (ZVP) (Akishita and Takagi, 2003).
As illustrated in
DPA attacks use error correction techniques and statistical analysis to extract small differences in the power consumption signals. Several countermeasures have been proposed to provide security against DPA attacks (Coron, 1999; Ha and Moon, 2002; Okeya and Sakurai 2000; Liardet and Smart, 2001; Joye and Quisquater, 2001; Joye and Tymen, 2001; Mamiya et. al., 2004; Zhang, 2007; Ciet and Joye, 2003). These countermeasures include algorithms based on: randomizing the private exponent (Coron, 1999), blinding the base point P (Coron, 1999; Ha and Moon, 2002; Mamiya et. al., 2004; Zhang, 2007; Ciet and Joye, 2003), randomizing the projective coordinates (Coron, 1999), using a random isomorphism of an elliptic curve (Joye and Tymen, 2001) and using special forms of certain elliptic curves (the Montgomery form (Okeya and Sakurai 2000), the Jacobian form (Liardet and Smart, 2001) and the Hessian form (Joye and Quisquater, 2001)). All of these countermeasures, however, add computational overhead and are still vulnerable to the more recent DPA attacks, e.g. the Doubling attack (Fouque and Valette, 2003), the Refined Power Analysis (RPA) (Goubin, 2003) and the Zero-Value Point (ZVP) attack (Akishita and Takagi, 2003). Resistance against these recent DPA attacks can be achieved by combining two or more of the countermeasures proposed in the literature thus far. This patent presents an efficient countermeasure against DPA attacks which requires no additional computation overhead.
The proposed method partitions the secret key into a number of partitions that can be processed by the processor independently. The points resulting from processing these key partitions are accumulated to produce the scalar product kP. Each key partition is associated with a precomputed point to keep its significance. The precomputed points are computed off-line and stored in the memory to be reused as needed. The precomputed points are used as reference points. Scalar multiplication starts by processing key partitions from least to most randomly. A key observation is that the number of doublings could be reduced since we need to perform doublings till we reach the leftmost “1” in a key partition. This means that we don't have to perform doublings after we reach this bit since we could jump directly to the next partition with its associated reference point. For example, if we have the following key partition: “0010”, we only need to perform two doublings since we are inspecting the key partition from least to most. Key partitioning, on the other hand, is performed as following:
The key is divided into u partitions as:
k=k
(u-1)
∥k
(u-2)
∥ . . . ∥k
(1)
∥k
(0)
To compute the scalar product kP, these partitions are associated with a set of reference points to keep the significance of each key partition, thus these partitions can be processed independently either sequentially or in parallel.
where Pi (i=1, 2, . . . , u−1) is the reference point associated with key partition k(i) and size(j)=Σi=0j-1 size of k(i). Thus, each partition k(i) is associated with a reference point Pi forming the pair:
(k(i),Pi),where P0=P.
The key partition sizes may be equal or different. For equal sizes, the key partition size is equal to
for u key partitions. Reference points are computed using a sequence of doubling operations of the base point P. For u key partitions, the required number of reference points is (u−1). The resulting points of processing these key partitions are assimilated at the end to produce the scalar multiplication product kP=Σi=0u-1k(i)Pi where P0=P. The pseudo-code of the proposed scalar multiplication method is given in Algorithm 2.
In the best case, the proposed method requires
point doublings. On the other hand, the worst case requires m point doublings, which happens if all key partitions have “1” in their leftmost bit. Accordingly, the proposed method requires
and an average of m/2 point additions. This performance improves to
point doublings and an average of m/3 point additions when NAF encoding is used (Joye and Tymen, 2001).
The security of the proposed method depends on the confusion level that could be reached by using the number of key partitions and randomization. A moderate key partition number should be log2(m) to reach a confusion level that secures scalar multiplication against power analysis attacks. An attacker of such scalar multiplication method will be totally confused with leaked information in such randomized environment. The adopted resistance measures depend on confusing not only the scalar multiplication's intermediate values, but also the key bit positions. Thus, even if leaked information can identify the type of performed operation, e.g. point doubling or point addition, attackers can neither be sure of the corresponding key bit value nor its position.
While the invention has been described in connection with its preferred embodiments, it should be recognized that changes and modifications may be made therein without departing from the scope of the appended claims.