Same Values Power Analysis Using Special Points on Elliptic Curves

摘要

Elliptic Curve Cryptosystems (ECC) on Smart-Cards can be vulnerable to Side Channel Attacks such as the Simple Power Analysis (SPA) or the Differential Power Analysis (DPA) if they are not carefully implemented. Goubin proposed a variant of the DPA using the point (0, y). This point is randomized neither by projective coordinates nor by isomorphic class. Akishita and Takagi extended this attack by considering not only points with a zero coordinate, but also points containing a zero value on intermediate registers during doubling and addition formulas. This attack increases the number of possible special points on elliptic curve that need a particular attention. In this paper, we introduce a new attack based on special points that show up internal collision power analysis. This attack increases more the number of possible special points on elliptic curve that need a particular attention. Like Goubin's attack and Akishita and Takagi's attack, our attack works if a fixed scalar is used and the attacker can chose the base point.