Combining leak-resistant arithmetic for elliptic curves defined over 𝔽 p and RNS representation

Abstract

In this paper we combine the residue number system (RNS) representation and the leakresistant arithmetic on elliptic curves. These two techniques are relevant for implementation of elliptic curve cryptography on embedded devices. It is well known that the RNS multiplication is very ecient whereas the reduction step is costly. Hence, we optimize formulae for basic operations arising in leak-resistant arithmetic on elliptic curves (uni ed addition, Montgomery ladder) in order to minimize the number of modular reductions. We also improve the complexity of the RNS modular reduction step. As a result, we show how to obtain a competitive secured implementation. Finally, we show that, contrary to other approaches, ours takes optimally the advantage of a dedicated parallel architecture.