Cryptology ePrint Archive: Report 2002/007

Parallel scalar multiplication on general elliptic curves over $\mathbb{F}_p$ hedged against Non-Differential Side-Channel Attacks

Wieland Fischer and Christophe Giraud and Erik Woodward Knudsen and Jean-Pierre Seifert

Abstract: For speeding up elliptic curve scalar multiplication and making it secure against side-channel attacks such as timing or power analysis, various methods have been proposed using specifically chosen elliptic curves. We show that both goals can be achieved simultaneously even for conventional elliptic curves over $\mathbb{F}_p$. This result is shown via two facts. First, we recall the known fact that every elliptic curve over $\mathbb{F}_p$ admits a scalar multiplication via a (Montgomery ladder) Lucas chain. As such chains are known to be resistant against timing- and simple power/electromagnetic radiation analysis attacks, the security of our scalar multiplication against timing and simple power/electromagnetic radiation analysis follows. Second, we show how to parallelize the 19 multiplications within the resulting \lq\lq double" and \lq\lq add" formulas of the Lucas chain for the scalar multiplication. This parallelism together with the Lucas chain results in 10 parallel field multiplications per bit of the scalar.

Finally, we also report on a concrete successful implementation of the above mentioned scalar multiplication algorithm on a very recently developed and commercially available coprocessor for smart cards.

Category / Keywords: implementation / Elliptic Curves, Power Analysis, Efficient and Parallel Implementation, Scalar Multiplication

Date: received 9 Jan 2002

Contact author: Jean-Pierre Seifert at infineon com

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20020109:194111 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]