Isogeny for elliptic curve cryptosystems was initially used for efficient improvement of order counting methods. Recently, Smart proposed a countermeasure using isogeny for resisting a refined differential power analysis by Goubin (Goubin's attack). In this paper, we examine a countermeasure using isogeny against zero-value point (ZVP) attack that is generalization of Goubin's attack. We show that some curves require higher order of isogeny to prevent ZVP attack. Moreover, we prove that the class of curves that satisfies (-3/p) = 1 and whose order is odd cannot be mapped by isogeny to curves with a = -3 and secure against ZVP attack. We point out that three SECG curves are in this class. In the addition, we compare some efficient algorithms that are secure against both Goubin's attack and ZVP attack, and present the most efficient method of computing a scalar multiplication for each curve from SECG. Finally, we discuss another improvement for an efficient scalar multiplication, namely the usage of a point (0, y) for a base point of curve parameters. We are able to improve about 11% for double-and-add-always method, when the point (0, y) exists in an underlying curve or its isogeny.
|ジャーナル||IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences|
|出版ステータス||出版済み - 1 2005|
All Science Journal Classification (ASJC) codes
- コンピュータ グラフィックスおよびコンピュータ支援設計