Exact analysis of montgomery multiplication

Hisayoshi Sato, Daniel Schepers, Tsuyoshi Takagi

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

The Montgomery multiplication is often used for efficient implementations of public-key cryptosystems. This algorithm occasionally needs an extra subtraction in the final step, and the correlation of these subtractions can be considered as an invariant of the algorithm. Some side channel attacks on cryptosystems using Montgomery Multiplication has been proposed applying the correlation estimated heuristically. In this paper, we theoretically analyze the properties of the final subtraction in Montgomery multiplication. We investigate the distribution of the outputs of multiplications in the fixed length interval included between 0 and the underlying modulus. Integrating these distributions, we present some proofs with a reasonable assumption for the appearance ratio of the final subtraction, which have been heuristically estimated by previous papers. Moreover, we present a new invariant of the final subtraction: x · y with y = 3z mod m, where m is the underlying modulus. Finally we show a possible attack on elliptic curve cryptosystems using this invariant. Keywords: timing attack, elliptic curve cryptosystem, Montgomery multiplication, randomization.

Original languageEnglish
Pages (from-to)290-304
Number of pages15
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3348
Publication statusPublished - Dec 1 2004

    Fingerprint

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this