Simple power analysis on fast modular reduction with NIST recommended elliptic curves

Yasuyuki Sakai, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.

Original languageEnglish
Title of host publicationInformation and Communications Security - 7th International Conference, ICICS 2005, Proceedings
Pages169-180
Number of pages12
DOIs
Publication statusPublished - Dec 1 2005
Event7th International Conference on Information and Communications Security, ICICS 2005 - Beijing, China
Duration: Dec 10 2005Dec 13 2005

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3783 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other7th International Conference on Information and Communications Security, ICICS 2005
CountryChina
CityBeijing
Period12/10/0512/13/05

Fingerprint

Power Analysis
Elliptic Curves
Mersenne prime
Montgomery multiplication
Side Channel Attacks
Countermeasures
Doubling
Time Constant
Efficient Implementation
Leakage
Exponent

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Sakai, Y., & Sakurai, K. (2005). Simple power analysis on fast modular reduction with NIST recommended elliptic curves. In Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings (pp. 169-180). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3783 LNCS). https://doi.org/10.1007/11602897_15

Simple power analysis on fast modular reduction with NIST recommended elliptic curves. / Sakai, Yasuyuki; Sakurai, Kouichi.

Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings. 2005. p. 169-180 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3783 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Sakai, Y & Sakurai, K 2005, Simple power analysis on fast modular reduction with NIST recommended elliptic curves. in Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3783 LNCS, pp. 169-180, 7th International Conference on Information and Communications Security, ICICS 2005, Beijing, China, 12/10/05. https://doi.org/10.1007/11602897_15
Sakai Y, Sakurai K. Simple power analysis on fast modular reduction with NIST recommended elliptic curves. In Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings. 2005. p. 169-180. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11602897_15
Sakai, Yasuyuki ; Sakurai, Kouichi. / Simple power analysis on fast modular reduction with NIST recommended elliptic curves. Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings. 2005. pp. 169-180 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{630cd7cb241546ccacc346fc9c451b8b,
title = "Simple power analysis on fast modular reduction with NIST recommended elliptic curves",
abstract = "We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.",
author = "Yasuyuki Sakai and Kouichi Sakurai",
year = "2005",
month = "12",
day = "1",
doi = "10.1007/11602897_15",
language = "English",
isbn = "3540309349",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "169--180",
booktitle = "Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings",

}

TY - GEN

T1 - Simple power analysis on fast modular reduction with NIST recommended elliptic curves

AU - Sakai, Yasuyuki

AU - Sakurai, Kouichi

PY - 2005/12/1

Y1 - 2005/12/1

N2 - We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.

AB - We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.

UR - http://www.scopus.com/inward/record.url?scp=33646741773&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646741773&partnerID=8YFLogxK

U2 - 10.1007/11602897_15

DO - 10.1007/11602897_15

M3 - Conference contribution

AN - SCOPUS:33646741773

SN - 3540309349

SN - 9783540309345

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 169

EP - 180

BT - Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings

ER -