Extended elliptic curve Montgomery ladder algorithm over binary fields with resistance to simple power analysis

摘要

In this paper, we propose a scalar multiplication algorithm on elliptic curves over GF(2~m). The proposed algorithm is an extended version of the Montgomery ladder algorithm with the quaternary representation of the scalar. In addition, in order to improve performance, we have developed new composite operation formulas and apply them to the proposed scalar multiplication algorithm. The proposed composite formulas are 2P_1 + 2P_2, 3P_1 + P_2, and 4P_1, where P 1 and P2 are points on an elliptic curve. They can be computed using only the x-coordinate of a point P = (x, y) in the affine coordinate system. However, the proposed scalar multiplication algorithm is vulnerable to simple power analysis attacks, because different operations are performed depending on the bits of the scalar unlike the original Montgomery ladder algorithm. Therefore, we combine the concept of the side-channel atomicity with the proposed composite operation formulas to prevent simple power analysis. Furthermore, to optimize the computational cost, we use the Montgomery trick which can reduce the number of finite field inversion operations used in the affine coordinate system. As the result, the proposed scalar multiplication algorithm saves at least 26% of running time with small storage compared to the previous algorithms such as window-based methods and comb-based methods.