Top | Introduction | Members | Activities | Call for Paper | Link | Japanese

    "A study on Hyperelliptic Curve Cryptosystems"

    In the execution on a smart card, side channel attacks such as simple power analysis (SPA) and the differential power analysis (DPA) have become serious threat. Side channel attacks monitor power consumption and even exploit the leakage information related to power consumption to reveal bits of a secret key $d$ although $d$ is hidden inside a smart card. Almost public key cryptosystems including RSA, DLP-based cryptosystems, and elliptic curve cryptosystems execute an exponentiation algorithm with a secret-key exponent, and they thus suffer from both SPA and DPA. Recently, in the case of elliptic curve cryptosystems, DPA is improved to the Refined Power Analysis (RPA), which exploits a special point with a zero value and reveals a secret key. RPA is further generalized to Zero-value Point Attack (ZPA) \cite{aki}. Both RPA and ZPA utilizes a special feature of elliptic curves that happens to have a special point or a register used in addition and doubling formulae with a zero value and that the power consumption of 0 is distinguishable from that of an non-zero element. To make the matters worse, some previous efficient countermeasures are neither resistant against RPA nor ZPA. Although a countermeasure to RPA is proposed, this is not universal countermeasure, gives each different method to each type of elliptic curves, and is still vulnerable against ZPA. The only possible countermeasure ES requires about twice as much as a simple method. This research focuses on countermeasures against RPA, ZPA, DPA and SPA. We show a novel countermeasure resistant against RPA, ZPA, SPA and DPA without any pre-computed table. We also generalize the countermeasure to present more efficient algorithm with a pre-computed table.

    [ back ]