Randomizing scalar multiplication using exact covering systems of congruences
Abstract
A covering system of congruences can be defined as a set of congruence
relations of the form: $\{r_1\;(\mathrm{mod}\;m_1), r_2\;(\mathrm{mod}\;m_2), \dots,
r_t\;(\mathrm{mod}\;m_t)\}$ for $m_1, \dots, m_t \in \mathbb{N}$ satisfying the property that for
every integer $k$ in $\mathbb{Z}$, there exists at least an index $i \in \{1, \dots,
t\}$ such that $k \equiv r_i \pmod{m_i}$. First, we show that most existing
scalar multiplication algorithms can be formulated in terms of covering
systems of congruences. Then, using a special form of covering systems
called exact $n$-covers, we present a novel uniformly randomized scalar
multiplication algorithm that may be used to counter differential side-channel
attacks, and more generally physical attacks that require multiple executions
of the algorithm. This algorithm can be an alternative to Coron's scalar
blinding technique for elliptic curves, in particular when the choice of a
particular finite field tailored for speed compels to use a large
random factor.
Origin | Files produced by the author(s) |
---|
Loading...