TY - GEN
T1 - Simple power analysis on fast modular reduction with NIST recommended elliptic curves
AU - Sakai, Yasuyuki
AU - Sakurai, Kouichi
PY - 2005
Y1 - 2005
N2 - We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.
AB - We discuss side channel leakage from modular reduction for NIST recommended domain parameters. FIPS 186-2 has 5 recommended prime fields. These primes have a special form which is referred to as generalized Mersenne prime. These special form primes facilitate especially efficient implementation. A typical implementation of efficient modular reduction with such primes includes extra reduction. The extra reduction in modular reduction can constitute an information channel on the secret exponent. Several researchers have produced unified code for elliptic point addition and doubling in order to avoid a simple power analysis (SPA). However, Walter showed that SPA still be possible if Montgomery multiplication with extra reduction is implemented within the unified code. In this paper we show SPA on the modular reduction with NIST recommended primes, combining with the unified code for elliptic point operations. As Walter stated, our results also indicate that even if the unified codes are implemented for elliptic point operations, underlying field operations should be implemented in constant time. The unified approach in itself cannot be a countermeasure for side channel attacks.
UR - http://www.scopus.com/inward/record.url?scp=33646741773&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33646741773&partnerID=8YFLogxK
U2 - 10.1007/11602897_15
DO - 10.1007/11602897_15
M3 - Conference contribution
AN - SCOPUS:33646741773
SN - 3540309349
SN - 9783540309345
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 169
EP - 180
BT - Information and Communications Security - 7th International Conference, ICICS 2005, Proceedings
T2 - 7th International Conference on Information and Communications Security, ICICS 2005
Y2 - 10 December 2005 through 13 December 2005
ER -