|
In the execution on a smart card, side channel attacks such
as simple power analysis (SPA) and the differential power analysis (DPA)
have become serious threat.
Side channel attacks monitor power consumption
and even exploit the leakage
information related to power consumption to reveal bits of a secret key
$d$ although $d$ is hidden inside a smart card.
Almost public key cryptosystems
including RSA, DLP-based cryptosystems, and elliptic curve cryptosystems
execute an exponentiation algorithm with a secret-key exponent,
and they thus suffer from both SPA and DPA.
Recently, in the case of elliptic curve cryptosystems,
DPA is improved to the Refined Power Analysis (RPA),
which exploits a special point with a zero value and reveals
a secret key.
RPA is further generalized to Zero-value Point Attack (ZPA) \cite{aki}.
Both RPA and ZPA utilizes a special feature of elliptic curves
that happens to have a special point or a register used in addition and
doubling formulae with a zero value and
that the power consumption of 0 is distinguishable from that of an non-zero
element.
To make the matters worse, some previous efficient countermeasures
are neither resistant against RPA nor ZPA.
Although a countermeasure to RPA is proposed, this is not universal
countermeasure, gives each different method to each type of elliptic curves,
and is still vulnerable against ZPA. The only possible
countermeasure ES requires about twice as much as a simple method.
This research focuses on countermeasures against RPA, ZPA, DPA and SPA.
We show a novel countermeasure resistant against RPA, ZPA, SPA and DPA
without any pre-computed table.
We also generalize the countermeasure to present
more efficient algorithm with a pre-computed table.
|
