A DPA countermeasure by randomized frobenius decomposition

Tae Jun Park; Mun Kyu Lee; Dowon Hong; Kyoil Chung

A DPA countermeasure by randomized frobenius decomposition

Tae Jun Park, Mun Kyu Lee, Dowon Hong, Kyoil Chung

Electronics and Telecommunications Research Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

There have been various methods to prevent DPA (Differential Power Analysis) on elliptic curve cryptosystems. As for the curves with efficient endomorphisms, Hasan suggested several countermeasures on anomalous binary curves, and Ciet, Quisquater and Sica proposed a countermeasure on GLV curves. Ciet et al.'s method is based on random decomposition of a scalar, and it is a two-dimensional generalization of Coron's method. Hasan's and Ciet et al.'s countermeasures are applied only to a small class of elliptic curves. In this paper, we enlarge the class of DPA-resistant curves by proposing a DPA countermeasure applicable to any curve where the Frobenius expansion method can be used. Our analysis shows that our countermeasure can produce a probability of collision around script O sign(2^-20) with only 15.4-34.0% extra computation for scalar multiplications on various practical settings.

Original language	English
Title of host publication	Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers
Pages	271-282
Number of pages	12
State	Published - 2005
Event	6th International Workshop on Information Security Applications, WISA 2005 - Jeju Island, Korea, Republic of Duration: 22 Aug 2005 → 24 Aug 2005

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3786 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	6th International Workshop on Information Security Applications, WISA 2005
Country/Territory	Korea, Republic of
City	Jeju Island
Period	22/08/05 → 24/08/05

Keywords

DPA
Elliptic curve
Frobenius expansion
GLV decomposition
Scalar multiplication

Cite this

Park, T. J., Lee, M. K., Hong, D., & Chung, K. (2005). A DPA countermeasure by randomized frobenius decomposition. In Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers (pp. 271-282). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3786 LNCS).

@inproceedings{48838ba1ed514903b77459f016916c37,

title = "A DPA countermeasure by randomized frobenius decomposition",

abstract = "There have been various methods to prevent DPA (Differential Power Analysis) on elliptic curve cryptosystems. As for the curves with efficient endomorphisms, Hasan suggested several countermeasures on anomalous binary curves, and Ciet, Quisquater and Sica proposed a countermeasure on GLV curves. Ciet et al.'s method is based on random decomposition of a scalar, and it is a two-dimensional generalization of Coron's method. Hasan's and Ciet et al.'s countermeasures are applied only to a small class of elliptic curves. In this paper, we enlarge the class of DPA-resistant curves by proposing a DPA countermeasure applicable to any curve where the Frobenius expansion method can be used. Our analysis shows that our countermeasure can produce a probability of collision around script O sign(2-20) with only 15.4-34.0% extra computation for scalar multiplications on various practical settings.",

keywords = "DPA, Elliptic curve, Frobenius expansion, GLV decomposition, Scalar multiplication",

author = "Park, {Tae Jun} and Lee, {Mun Kyu} and Dowon Hong and Kyoil Chung",

year = "2005",

language = "English",

isbn = "3540310126",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "271--282",

booktitle = "Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers",

note = "6th International Workshop on Information Security Applications, WISA 2005 ; Conference date: 22-08-2005 Through 24-08-2005",

}

Park, TJ, Lee, MK, Hong, D & Chung, K 2005, A DPA countermeasure by randomized frobenius decomposition. in Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3786 LNCS, pp. 271-282, 6th International Workshop on Information Security Applications, WISA 2005, Jeju Island, Korea, Republic of, 22/08/05.

A DPA countermeasure by randomized frobenius decomposition. / Park, Tae Jun; Lee, Mun Kyu; Hong, Dowon et al.
Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers. 2005. p. 271-282 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3786 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A DPA countermeasure by randomized frobenius decomposition

AU - Park, Tae Jun

AU - Lee, Mun Kyu

AU - Hong, Dowon

AU - Chung, Kyoil

PY - 2005

Y1 - 2005

N2 - There have been various methods to prevent DPA (Differential Power Analysis) on elliptic curve cryptosystems. As for the curves with efficient endomorphisms, Hasan suggested several countermeasures on anomalous binary curves, and Ciet, Quisquater and Sica proposed a countermeasure on GLV curves. Ciet et al.'s method is based on random decomposition of a scalar, and it is a two-dimensional generalization of Coron's method. Hasan's and Ciet et al.'s countermeasures are applied only to a small class of elliptic curves. In this paper, we enlarge the class of DPA-resistant curves by proposing a DPA countermeasure applicable to any curve where the Frobenius expansion method can be used. Our analysis shows that our countermeasure can produce a probability of collision around script O sign(2-20) with only 15.4-34.0% extra computation for scalar multiplications on various practical settings.

AB - There have been various methods to prevent DPA (Differential Power Analysis) on elliptic curve cryptosystems. As for the curves with efficient endomorphisms, Hasan suggested several countermeasures on anomalous binary curves, and Ciet, Quisquater and Sica proposed a countermeasure on GLV curves. Ciet et al.'s method is based on random decomposition of a scalar, and it is a two-dimensional generalization of Coron's method. Hasan's and Ciet et al.'s countermeasures are applied only to a small class of elliptic curves. In this paper, we enlarge the class of DPA-resistant curves by proposing a DPA countermeasure applicable to any curve where the Frobenius expansion method can be used. Our analysis shows that our countermeasure can produce a probability of collision around script O sign(2-20) with only 15.4-34.0% extra computation for scalar multiplications on various practical settings.

KW - DPA

KW - Elliptic curve

KW - Frobenius expansion

KW - GLV decomposition

KW - Scalar multiplication

UR - http://www.scopus.com/inward/record.url?scp=33744947336&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33744947336

SN - 3540310126

SN - 9783540310129

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 271

EP - 282

BT - Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers

T2 - 6th International Workshop on Information Security Applications, WISA 2005

Y2 - 22 August 2005 through 24 August 2005

ER -

A DPA countermeasure by randomized frobenius decomposition

Abstract

Publication series

Conference

Keywords

Other files and links

Fingerprint

Cite this