Zero-value register attack on elliptic curve cryptosystem

Toru Akishita, Tsuyoshi Takagi

Research output: Contribution to journalArticlepeer-review

7 Citations (Scopus)

Abstract

Differential power analysis (DPA) might break implementations of elliptic curve cryptosystem (ECC) on memory constraint devices. Goubin proposed a variant of DPA using a point (0, y). which is not randomized in Jacobian coordinates or in an isomorphic class. This point often exists in standardized elliptic curves, and we have to care this attack. In this paper, we propose zero-value register attack as an extension of Goubin's attack. Note that even if a point has no zero-value coordinate, auxiliary registers might take zero value. We investigate these zero-value registers that cannot be randomized by the above randomization. Indeed, we have found several points P = (x, y) which cause the zero-value registers, e.g., (1) 3x2+a = 0, (2) 5x 4+2ax2-4bx+a2 = 0, (3) P is y-coordinate self-collision point, etc. We demonstrate the elliptic curves recommended in SECG that have these points. Interestingly, some conditions required for zero-value register attack depend on explicit implementation of addition formulae - in order to resist this type of attacks, we have to care how to implement the addition formulae. Finally, we note that Goubin's attack and the proposed attack assume that a base point P can be chosen by attackers and a secret scalar d is fixed, so that they are not applicable to ECDSA.

Original languageEnglish
Pages (from-to)132-139
Number of pages8
JournalIEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
VolumeE88-A
Issue number1
DOIs
Publication statusPublished - Jan 1 2005

All Science Journal Classification (ASJC) codes

  • Signal Processing
  • Computer Graphics and Computer-Aided Design
  • Electrical and Electronic Engineering
  • Applied Mathematics

Fingerprint Dive into the research topics of 'Zero-value register attack on elliptic curve cryptosystem'. Together they form a unique fingerprint.

Cite this