Weierstraß elliptic curves and side-channel attacks

Abstract

Recent attacks show how an unskilled implementation of elliptic curve cryptosystems may reveal the involved secrets from a single execution of the algorithm. Most attacks exploit the property that addition and doubling on elliptic curves are different operations and so can be distinguished from side-channel analysis. Known countermeasures suggest to add dummy operations or to use specific parameterizations. This is at the expense of running time or interoperability. This paper shows how to rewrite the addition on the general Weierstraß form of elliptic curves so that the same formulæ apply equally to add two different points or to double a point. It also shows how to generalize to the Weierstraß form a protection method previously applied to a specific form of elliptic curves due to Montgomery. The two proposed methods offer generic solutions for preventing sidechannel attacks. In particular, they apply to all the elliptic curves recommended by the standards.