Side-channel attacks in ECC: A general technique for varying the parametrization of the elliptic curve

Abstract

Side-channel attacks in elliptic curve cryptography occur with the unintentional leakage of information during processing. A critical operation is that of computing nP where n is a positive integer and P is a point on the elliptic curve E. Implementations of the binary algorithm may reveal whether P + Q is computed for P ≠ Q or P = Q as the case may be. Several methods of dealing with this problem have been suggested. Here we describe a general technique for producing a large number of different representations of the points on E in characteristic p ≥ 5, all having a uniform implementation of P + Q. The parametrization may be changed for each computation of nP at essentially no cost. It is applicable to all elliptic curves in characteristic p ≥ 5, and thus may be used with all curves included in present and future standards for p ≥ 5. © International Association for Cryptologic Research 2004.