On the Optimal Parameter Choice for Elliptic Curve Crystosystem Using Isogeny(Tamper-Resistance)(<Special Section>Cryptography and Information Security)

概要

論文の詳細を見る
Isogeny for elliptic curve cryptosystems was initially used for efficient improvement of order counting methods. Recently, Smart proposed a countermeasure using isogeny for resisting a refined differential power analysis by Goubin (Goubin's attack). In this paper, we examine a countermeasure using isogeny against zero-value point (ZVP) attack that is generalization of Goubin's attack. We show that some curves require higher order of isogeny to prevent ZVP attack. Moreover, we prove that the class of curves that satisfies (-3/p)=1 and whose order is odd cannot be mapped by isogeny to curves with a=-3 and secure against ZVP attack. We point out that three SECG curves are in this class. In the addition, we compare some efficient algorithms that are secure against both Goubin's attack and ZVP attack, and present the most efficient method of computing a scalar multiplication for each curve from SECG. Finally, we discuss another improvement for an efficient scalar multiplication, namely the usage of a point (0, y) for a base point of curve parameters. We are able to improve about 11% for double-and-add-always method, when the point (0, y) exists in an underlying curve or its isogeny.
社団法人電子情報通信学会の論文
2005-01-01