DOI QR코드

DOI QR Code

A Combined Random Scalar Multiplication Algorithm Resistant to Power Analysis on Elliptic Curves

전력분석 공격에 대응하는 타원곡선 상의 결합 난수 스칼라 곱셈 알고리즘

  • Jung, Seok Won (Department of Information Security Engineering, Mokpo National University)
  • Received : 2020.04.27
  • Accepted : 2020.06.12
  • Published : 2020.06.30

Abstract

The elliptic curve crypto-algorithm is widely used in authentication for IoT environment, since it has small key size and low communication overhead compare to the RSA public key algorithm. If the scalar multiplication, a core operation of the elliptic curve crypto-algorithm, is not implemented securely, attackers can find the secret key to use simple power analysis or differential power analysis. In this paper, an elliptic curve scalar multiplication algorithm using a randomized scalar and an elliptic curve point blinding is suggested. It is resistant to power analysis but does not significantly reduce efficiency. Given a random r and an elliptic curve random point R, the elliptic scalar multiplication kP = u(P+R)-vR is calculated by using the regular variant Shamir's double ladder algorithm, where l+20-bit u≡rn+k(modn) and v≡rn-k(modn) using 2lP=∓cP for the case of the order n=2l±c.

타원곡선 암호 알고리즘은 RSA 공개키 알고리즘에 비해 짧은 키의 길이와 적은 통신 부하 때문에 IoT 환경에서 인증용으로 많이 사용되고 있다. 타원곡선 암호 알고리즘의 핵심연산인 스칼라 곱셈이 안전하게 구현되지 않으면, 공격자가 단순 전력분석이나 차분 전력분석을 사용하여 비밀 키를 찾을 수 있다. 본 논문에서는 스칼라 난수화와 타원곡선점 가리기를 함께 적용하고, 연산의 효율성이 크게 떨어지지 않으며 전력분석 공격법에 대응하는 결합 난수 타원곡선 스칼라 알고리즘을 제안한다. 난수 r과 랜덤 타원곡선 점 R에 대해 변형된 Shamir의 두 배 사다리 알고리즘을 사용하여 타원곡선 스칼라 곱셈 kP = u(P+R)-vR을 계산한다. 여기에서 위수 n=2l±c일 때, 2lP=∓cP를 이용하여 l+20 비트 정도의 u≡rn+k(modn)과 ν≡rn-k(modn)를 구한다.

Keywords

References

  1. Ministry of the Interior and Safety, Guideline for introduction of government internet of things, pp.19-22, 2019.
  2. S.Park, K.Han and K.Kim, "The Simplified V2V Communication Authentication Service for Privacy Protection", Jour. of The Korea Internet of Things Society , Vol.2, No.1, pp.35-40, 2016. https://doi.org/10.20465/KIOTS.2016.2.1.035
  3. T.Kim and S.Jung, "Test Vector Generator of timing simulation for 224-bit ECDSA hardware", Jour. of The Korea Internet of Things Society , Vol.1, No.1, pp.33-38, 2015. https://doi.org/10.20465/KIOTS.2015.1.1.033
  4. J-S.Coron, "Resistance against differential power analysis for elliptic curve cryptosystems", CHES'99, LNCS 1717, pp.292-302, 1999.
  5. E.Brier and M.Joye, "Weirstrass elliptic curves and side-channel attacks", PKC 2002, LNCS 2274, pp.335-345, 2002.
  6. M.Joye, "Highly regular right-to-left algorithms for scalar multiplication", CHES 2007, LNCS 4727, pp.135-147, 2007.
  7. A.Bauer, E.Jaulmes, E.Pruff, J.R.Reinhard and J.Wild, "Horizontal collision correlation attack on elliptic curves:-Extended Version-", Cryptography and Communications , Vol.7, No.1, pp.91-119, 2014. https://doi.org/10.1007/s12095-014-0111-8
  8. L.Goubin, "A refined power-analysis attack on elliptic curve cryptosystem", PKC 2003, LNCS 2567, pp.199-211, 2002.
  9. T.Akishita and T.Takagi, "Zero-value point attacks on elliptic curve cryptosystem", ISC 2003, LNCS 2851, pp.218-233, 2003.
  10. N.Hanley, H.S.Kim and M.Tunstall, "Exploiting collisions in addition chain-based exponentiation algorithms using a single trace", CT-RSA 2015, LNCS 9048, pp.431-448, 2015.
  11. C.Clavier and M.Joye, "Universal exponentiation algorithm", CHES 2001, LNCS 2162, pp.300-308, 2001.
  12. M.Ciet and M.Joye, "(Virtually) Free randomization techniques for elliptic curve cryptography", ICICS 2003, LNCS 2836, pp.348-359, 2003.
  13. N.Smart, E.Oswald and D.Page, "Randomised representations", IET Information Security, Vol.2, pp.19-27, 2008. https://doi.org/10.1049/iet-ifs:20070017
  14. P-A.Fouque and R.Valette, "The doubling attack why upwards is better than downloads", CHES 2003, LNCS 2779, pp.269-280, 2003.
  15. J.Ha, J.Park, S.Moon and S.Yen, "Provably secure countermeasure resistant to several types if power attack for ECC", WISA 2007, LNCS 4867, pp.333-344, 2007.
  16. D.Hankerson, A.Menezes, and S.Vanstone, Guide to Elliptic Curve Cryptography, pp.75-97, 2004.
  17. B.Feix, M.Roussellet and A.Vnelli, "Side-channel analysis on blinded regular scalar multiplications", INDOCRYPT 2014, LNCS 8885, pp.3-20, 2014.
  18. N.M.Ebeid, Key randomization countermeasures to power analysis attacks on elliptic curve cryptosystems, University of Waterloo, Phd.D. Electrical and Computer Engineering, 2007.
  19. K.Okeya and K.Sakurai, "Power analysis breaks elliptic curve cryptosystems even secure against the timing attack", INDOCRYPT 2000, LNCS 1977, pp.178-190, 2000.
  20. S.Jung, "A Method for Scalar Multiplication on Elliptic Curves against Differential Power Analysis using Efficient Key-Randomization", Jour. of the Korea contents association, Vol.20, No.1, pp.356-363, 2019. https://doi.org/10.5392/JKCA.2020.20.01.356