Abstract
In the 1980s, Peter Montgomery developed a powerful, fast algorithm for calculating multiples of field elements. Over subsequent years, the algorithm was adapted to work in arbitrary abelian groups. By the year 2000, it had been developed further to resist standard power and timing attacks and became known as the ‘Montgomery ladder’. In the literature, the focus of this algorithm has been to compute from most to least significant bit, known as the ‘left-to-right’ version. In this paper, we first resurrect the corresponding ‘right-to-left’ version of the Montgomery powering ladder and then demonstrate a new attack on both versions in the context of elliptic curves.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519–521 (1985)
Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)
Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: Walter, C.D., Koc, C.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2779, pp. 291–302. Springer, Heidelberg (2002)
Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007)
Fan, J., Verbauwhede, I.: An updated survey on secure ECC implementations: attacks, countermeasures and cost. In: Cramer, R. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol. 7194, pp. 265–282. Springer, Heidelberg (2012)
Feix, B., Roussellet, M., Venelli, A.: Side-channel analysis on blinded regular scalar multiplications. In: Meier, W., Mukhopadhyay, D. (eds.) Progress in Cryptology–INDOCRYPT 2014. LNCS, vol. 8885, pp. 3–20. Springer, Heidelberg (2014)
Li, L., Li, S.: High-performance pipelined architecture of elliptic curve scalar multiplication over GF (2 m). IEEE Trans. Very Large Scale Integr. Syst. 24, 1223–1232 (2016)
Maplesoft 2015, ‘User Manual’. http://www.maplesoft.com/documentation_center/
Galbraith, S., Gaudry, P.: Recent progress on the elliptic curve discrete logarithm problem. Number 1022 in the IACR eprint Archive (2015). (https://eprint.iacr.org/2015/1022.pdf)
Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B., Verbauwhede, I.: State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 76–87. IEEE Press, New York (2010)
Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49, 967–970 (2000)
Yen, S.-M., Ko, L.-C., Moon, S.-J., Ha, J.C.: Relative doubling attack against montgomery ladder. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 117–128. Springer, Heidelberg (2006)
Blake, I.F., Seroussi, G., Smart, N.: Elliptic curves in cryptography. London Mathematical Society Lecture Notes, vol. 265. Cambridge University Press, Cambridge (1999)
Hamburg, M.: Decaf: Eliminating cofactors through point compression. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 705–723. Springer, Heidelberg (2015)
Karaklaji, D.K., Fan, J., Schmidt, J.R.M., Verbauwhede, I.: Low-cost fault detection method for ECC using Montgomery powering ladder. In: Proceedings of Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–6. IEEE Computer Society (2011)
Naccache, D., Smart, N.P., Stern, J.: Projective coordinates leak. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 257–267. Springer, Heidelberg (2004)
Izu, T., Takagi, T.: A fast parallel elliptic curve multiplication resistant against side channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 280–296. Springer, Heidelberg (2002)
Izu, T., Möller, B., Takagi, T.: Improved elliptic curve multiplication methods resistant against side channel attacks. In: Menezes, A., Sarkar, P. (eds.) INDOCRYPT 2002. LNCS, vol. 2551, pp. 296–313. Springer, Heidelberg (2002)
Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Paillier, P., Naccache, D. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Berlin, Heidelberg (2002)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Blömer, J., Otto, M., Seifert, J.-P.: Sign change fault attacks on elliptic curve cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 36–52. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Batten, L.M., Amain, M.K. (2016). A New Sign-Change Attack on the Montgomery Ladders. In: Batten, L., Li, G. (eds) Applications and Techniques in Information Security. ATIS 2016. Communications in Computer and Information Science, vol 651. Springer, Singapore. https://doi.org/10.1007/978-981-10-2741-3_1
Download citation
DOI: https://doi.org/10.1007/978-981-10-2741-3_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-2740-6
Online ISBN: 978-981-10-2741-3
eBook Packages: Computer ScienceComputer Science (R0)