Abstract: Elliptic curve cryptosystem (ECC) is well suited for the implementation on memory constraint environments due to its small key size. However, side channel attack (SCA) can break the secret key of ECC on such devices, if the implementation method is not carefully considered. The scalar multiplication of ECC is particularly vulnerable to SCA. This paper proposes a refined width-w NAF method with pre-computed table, which is essentially intended to resist SPA, DPA, RPA and ZPA. The proposed scheme utilizes Masking technology to thwart those attacks; Meanwhile, pre-computed table by the characteristic of the even and odd scalar is optimized. The cost of computation and the size of pre-computed table in the algorithm are less than Mamiya’s WBRIP method.

Key words: power attack, elliptic curve cryptosystem, Smartcard

摘要： 能量攻击是一种新的密码攻击方法，其密钥搜索空间要远小于传统的数学分析方法。该文介绍了目前对椭圆曲线密码系统能量攻击的几种攻击方法，提出了一种基于Width-w NAF的改进算法RWNAF(Refined Width-w NAF)，该算法通过Masking技术隐藏密码算法的真实能量消耗信息，能有效地防御SPA、DPA、RPA与ZPA攻击；通过对密钥d的奇偶性分析，对预计算表进行优化，减少了存储需求和计算开销。RWNAF与Mamiya提出的WBRIP算法相比，具有相同的抗能量攻击能力，但在计算开销与存储开销上均优于WBRIP方法。

关键词: 能量攻击, 椭圆曲线密码系统, Smartcard

CLC Number: 

• TP301.6