Side-Channel Attacks in ECC: A General Technique for Varying the Parametrization of the Elliptic Curve

摘要

Side-channel attacks in elliptic curve cryptography occur with the unintentional leakage of information during processing. A critical operation is that of computing nP where n is a positive integer and P is a point on the elliptic curve E. Implementations of the binary algorithm may reveal whether P+Q is computed for P ≠ Q or P=Q as the case may be. Several methods of dealing with this problem have been suggested. Here we describe a general technique for producing a large number of different representations of the points on E in characteristic p ≥ 5, all having a uniform implementation of P+Q. The parametrization may be changed for each computation of nP at essentially no cost. It is applicable to all elliptic curves in characteristic p ≥ 5, and thus may be used with all curves included in present and future standards for p ≥ 5.