椭圆曲线密码中抗功耗分析攻击的标量乘改进方案

J4 ›› 2014, Vol. 36 ›› Issue (04): 644-648.

椭圆曲线密码中抗功耗分析攻击的标量乘改进方案

张友桥1，周武能1，申晔2，刘玉军2

(1.东华大学信息科学与技术学院,上海 201620;2.上海华虹集成电路有限责任公司,上海 201203)

收稿日期:2012-09-17 修回日期:2012-12-30 出版日期:2014-04-25 发布日期:2014-04-25
基金资助:
国家自然科学基金资助项目(61075060);上海市教育委员会科研创新项目(12zz064)

Improved scheme for scalar multiplication against
power analysis attacks in elliptic curve cryptography

ZHANG Youqiao1,ZHOU Wuneng1,SHEN Ye2,LIU Yujun2

(1.College of Information Science and Technology,Donghua University,Shanghai 201620;
2.Shanghai Huahong Integrated Circuit Co.,Ltd.,Shanghai 201203,China)

Received:2012-09-17 Revised:2012-12-30 Online:2014-04-25 Published:2014-04-25

摘要/Abstract

摘要：

椭圆曲线标量乘法运算是椭圆曲线密码(ECC)体制中最主要的计算过程，标量乘法的效率和安全性一直是研究的热点。针对椭圆曲线标量乘运算计算量大且易受功耗分析攻击的问题，提出了一种抗功耗分析攻击的快速滑动窗口算法，在雅可比和仿射混合坐标系下采用有符号滑动窗口算法实现椭圆曲线标量乘计算，并采用随机化密钥方法抵抗功耗分析攻击。与二进制展开法、密钥分解法相比的结果表明，新设计的有符号滑动窗口标量乘算法计算效率、抗攻击性能有明显提高。

关键词: 椭圆曲线密码, 标量乘, 功耗分析攻击, 滑动窗口算法, 混合坐标系

Abstract:

Elliptic curve scalar multiplication is the main computing process in Elliptic Curve Cryptography (ECC), and the efficiency and security of scalar multiplication is always the research hotspot. Aiming at the problem that elliptic curve scalar multiplication has a tremendous computation and is vulnerable to power analysis attacks, a fast sliding window algorithm against power analysis attacks is proposed. In Jacobian and Affine mixed coordinates, the signed sliding window algorithm strategy is used to perform elliptic curve scalar multiplication, and random keys method is applied against power analysis attacks. The analysis results show that, compared with binary expansion method and key assignment method, the improved signed sliding window scalar multiplication algorithm improves calculation efficiency and antiattack performance significantly.

Key words: elliptic curve cryptography;scalar multiplication;power analysis attack;sliding window algorithm;mixed coordinates

张友桥1，周武能1，申晔2，刘玉军2. 椭圆曲线密码中抗功耗分析攻击的标量乘改进方案[J]. J4, 2014, 36(04): 644-648.

ZHANG Youqiao1,ZHOU Wuneng1,SHEN Ye2,LIU Yujun2. Improved scheme for scalar multiplication against
power analysis attacks in elliptic curve cryptography [J]. J4, 2014, 36(04): 644-648.

参考文献

［1］Solinas J A. Efficient arithmetic on Koblitz curves［J］. Designs, Codes and Cryptography, 2000,19(23):195249.
［2］Adachi D,Hirata T.Combination of mixed coordinates strategy and direct computations for efficient scalar multiplications［C］∥Proc of the Communications, Computers and Signal Processing, 2005:117120.
［3］Cohen H, Miyaji A, Ono T. Efficient elliptic curve exponentiation using mixed coordinates［C］∥Proc of the Advances in Cryptology(ASIACRYPT’98), 1998:5165.
［4］Kocher P, Jaffe J，Jun B．Differential power analysis［C］∥Proc of the 19th Annual International Cryptology Conference on Advances in Cryptology, 1999:1．
［5］Zhang Fangguo,Chen Xiaofeng,Wang Yumin.The status of attack on the discrete logarithm of elliptic curves［J］. Journal of Xidian University,2002,29(3):399402．(in Chinese)
［6］Liu Shuanggen, Li Ping, Hu Yupu. Improvement schemes for scalar multiplication algorithm in elliptic curve cryptography［J］. Computer Engineering,2006, 32 (17):2829．(in Chinese)
［7］Zhang Ning.Elliptic curve scalar multiplication secure against power analysis attack［D］.Xi’an:Xidian University,2007．(in Chinese)
［8］ChevallierMAMES B, Ciet M, Joye M. Lowcost solutions for preventing simple sidechannel analysis:sidechannel atomicity［J］. IEEE Transactions on Computers, 2006, 53(6):760768.
［9］Tong Lian，Qian Jiang.Scalar multiplication algorithm against SPA and DPA attacks in ECC［J］.Computer Engineering and Applications,2010，46(35):7274.(in Chinese)
［10］Mathieu C, Marc J, Kristin L, et al. Trading inversions for multiplications in elliptic curve cryptography ［J］. Designs, Codes and Cryptography, 2006, 39(2):189206.
［11］Phillips B J, Burgess N. Implementing 1024bits RSA exponentiation on a 32bits processor core ［C］∥Proc of the Application SpecificSystems, Architecture and Processor, 2000:127137.
［12］Ma Bo,Bao Sigang,Dai Xianying. Efficiency improvement of ECC resisting power attack scheme in smart card［J］. Computer Engineering,2010,36(16):113115.(in Chinese)
附中文参考文献：
［5］张方国，陈晓峰，王育民．椭圆曲线离散对数的攻击现状［J］．西安电子科技大学学报,2002,29(3)：399402．
［6］刘双根，李萍，胡予濮．椭圆曲线密码中标量乘算法的改进方案［J］．计算机工程, 2006, 32 (17)：2829．
［7］张宁．能量分析攻击下安全的椭圆曲线标量乘法［D］．西安：西安电子科技大学，2007．
［9］童莲，钱江．椭圆曲线中抗SPA和DPA攻击标量乘算法研究［J］．计算机工程与应用, 2010, 46 (35)：7274．
［12］马博，包斯刚，戴显英．智能卡中ECC抗功耗攻击方案的效率改进［J］．计算机工程, 2010, 36 (16)：113115.

[1]	邬贵明，王淼，谢向辉. 一种基于FPGA的素域椭圆曲线标量乘结构[J]. 计算机工程与科学, 2018, 40(05): 793-797.
[2]	许盛伟1，陈诚1,2，王荣荣1,2. 针对椭圆曲线点乘算法的代数故障攻击[J]. 计算机工程与科学, 2017, 39(11): 2037-2042.
[3]	魏国珩1,2，汪亚2，张焕国1. 面向RFID应用的GF(2m)域上ECC点乘运算的轻量化改进研究[J]. 计算机工程与科学, 2017, 39(01): 81-85.
[4]	李杨1,2，王劲林1，曾学文1，叶晓舟1. 抵抗SPA攻击的分段Montgomery标量乘算法[J]. 计算机工程与科学, 2017, 39(01): 92-102.
[5]	乐大珩，齐树波，张民选. 一种抗DPA攻击的双轨信号平行布线方法[J]. J4, 2011, 33(4): 50-55.
[6]	阚元平. 基于椭圆曲线的具有消息恢复特性的签名方案[J]. J4, 2010, 32(2): 58-59.
[7]	李欣妍1,芦殿军2. 基于椭圆曲线密码体制的代理多重盲签名[J]. J4, 2010, 32(11): 58-59.
[8]	宁竞钟诚. 一种具有前向安全的椭圆曲线（t,n）门限数字签名方案[J]. J4, 2007, 29(2): 29-31.
[9]	肖立国[1] 钟诚[2]. 基于ECC的定期更新的可验证秘密共享方案[J]. J4, 2006, 28(7): 25-27.
[10]	石润华[1] 钟诚[2]. 基于整数拆分的椭圆曲线密码体制上的快速点乘算法[J]. J4, 2005, 27(5): 66-67.
[11]	石润华[1] 葛丽娜[2] 钟诚[3]. 椭圆曲线密码体制上的一种快速算法[J]. J4, 2004, 26(4): 55-58.
[12]	石润华[1] 钟诚[2]. 基于椭圆曲线密码体制的大型动态多播组的分层二级密钥管理[J]. J4, 2003, 25(6): 22-24.
[13]	陆向艳[1] 钟诚[2]. 一种基于椭圆曲线密码体制的两阶段密钥恢复方案[J]. J4, 2001, 23(1): 24-26.