1 Introduction

Elliptic Curve Cryptography (ECC) has become an interesting technology since its introduction by Miller [1] and Koblitz [2] in 1985 and 1987, respectively. Cryptographic systems based on ECC are very performant in key management thanks to the small size of keys used [3,4,5,6,7,8,9,10]. Additionally, elliptic curve-based algorithms are much faster and have significantly better key generation and exchange rate when compared to other asymmetric algorithms. As a result, ECC has widely used in embedded IoT devices to provide security services such as confidentiality, data authentication, and key exchange [11,12,13,14,15,16]. The security of ECC is ensured by the calculation of the scalar multiplication operation that presents the essential ECC operation wish allows to calculate the public point \(Q=dP\) for a given secret integer d and a base point P. Several algorithms have been proposed to improve the time required to calculate scalar multiplication with different security levels against different types of attacks [17]. One of the main objectives of this paper is to select the best scalar multiplication algorithm suitable for low-cost application and that respects security requirements. The hardware implementation of the scalar multiplication algorithms can cause information leakages through time, energy consumption and electromagnetic field. These leakages are subject to Side Channel Analysis (SCA) attacks, which are considered the most powerful threat to ECC implementations [18]. SCA attacks can be divided into two main categories: the simple power analysis (SPA) attacks and differential power analysis (DPA) attacks.

The Simple Power Analysis (SPA) attack is the simplest type of SCA attack. This attack requires the analysis of a simple trace of the power consumed during a single scalar multiplication process. This helps attackers to determine the secret key by observing the behavior of the circuit during scalar multiplication calculations. The SPA attack is essentially based on the difference in power consumption between the addition and doubling operations. To resist this attack, it is necessary either to use indistinct addition and doubling operations [19] or to unify the number of addition and doubling operations used at each execution in the scalar multiplication process [20]. The first way consists of using the same formula for addition and doubling operations to avoid leakage due to the difference in consumption [21]. The second way consists in proposing new scalar multiplication algorithms that use the same number of operations at each iteration [22].

DPA attack requires several executions of the scalar multiplication algorithm using a large number of inputs to collect power consumption measurements with the same secret key [23]. The power measurements obtained will then be statistically analyzed. To resist the DPA attack, there are several countermeasures methods such as the point blinding method [24], scalar splitting [25, 26], projective coordinate randomization [20], and the randomized field isomorphism method [27]. However, all these countermeasures present certain weaknesses in terms of security. The aim of our paper is to propose a new DPA countermeasure method derived from existing methods and which meets the security requirements of ECC cryptosystems.

The contribution of our paper is based on four important parts. These parts can be summarized as follows:

  • Citing the different techniques used to optimize the hardware implementation of ECC in binary fields.

  • Implementation of the most secure scalar multiplication algorithm against SPA and safe-error attacks existing in the literature.

  • Classification of the most powerful SCA attacks targeting scalar multiplication algorithms and the security analysis of each corresponding counter-measure method.

  • Proposal of a new countermeasure method adapted to the selected scalar multiplication algorithm resistant to the DPA attack and its variations.

Our paper is organized as follows: We provide a related work, in section II, resuming the different studies related to our research. Section III is reserved for the introduction of the preliminary elliptic curves and the description of the different optimization parameters applied. In Section VI, we will present the different side-channel attacks that can affect a scalar multiplication algorithm. Then we will analyze the different countermeasure methods proposed for each attack. The hardware implementation of the most secure scalar multiplication algorithm against SPA and safe error attacks is made in Section V. Section VI is committed to the proposition of our DPA countermeasure method, its security analysis against ZPA RPA and dubbing attacks, and its performance results in comparison with existing work. Finally, we will conclude our paper in Section VII.

2 Related work

Although the security of cryptographic systems has been studied for many years, this context still attracts the attention of many researchers thanks to the development of various types of SCA attacks [28]. Differential analysis attacks involve statistical analysis of multiple power traces, although they can be avoided by various countermeasures including point randomization and scalar randomization.

In [20], Coron et al. have proposed three countermeasure methods to prevent differential power analysis attacks. These three countermeasures rely on inserting random numbers into the calculation of Q = kP. Despite its simplicity of implementation.

and cost-effectiveness, Abar et al. [29] showed later that these methods risks to be broken by new power attacks such as: C-safe fault attacks [30], doubling attacks [31], twist curve fault attacks [32], Refined Power Analysis (RPA) [33] and Zero-value Point Attacks (ZPA) [34]. In fact, the first Coron's countermeasure, based on the scalar k randomization, requires the insertion of an additional random number in the secret key. Fouque et al. found in [31] that the random value inserted must be larger than 20 bits to resist the doubling attack, which increases the computational requirement. Coron's second countermeasure, based on point blinding by adding a secret random point R to the base point P. Fouque et al. have shown the vulnerability and weakness of this method to the doubling attack, since the point R is also doubled at each execution. Furthermore, according to Fan et al. [35], the projective coordinate randomization countermeasure is sensitive to ZPA and RPA attacks, as the zero values targeted by these attacks remain non-randomized as they are multiplied by random values.

To protect algorithmically our cryptosystems against SCA attacks, it is essential to ensure the principles of regularity and atomicity of instructions. The double and add always binary methods [36], as well as the Montgomery ladder method [37], are examples of algorithms based on the principle of uniformity, i.e., they perform the same number of operations regardless the bit value of the k scalar. Numerous studies show that these algorithms are not always effective. Certain works such as [37, 38] have shown the vulnerability of these methods to attacks using key-dependent register addressing, known as address bit attacks. Several horizontal address bit attacks that have proven effective against hardware acceleration of ECC cryptosystems are well described in [39, 40]. Later, Itoh et al. proposed in [41] a countermeasure method for address-bit DPA attacks, a random address Montgomery ladder algorithm.

In this paper, we investigate the effectiveness and limitations of the different countermeasure methods proposed to prevent side-channel attacks such as SPA, DPA, ZPA and RPA. The main objective of our paper is to propose a new effective countermeasure method that meets the security limitations of all other methods and respects the uniformity of our ECC processor calculation.

3 Elliptic curve for low-cost devices

In this section, we will first present the basic operations of elliptic curves. In order to have a lightweight implementation of ECC, it is necessary to deal with some implementation parameters. For this purpose, we will show the effect of the choice of the field and the coordinate system on the implementation cost of our ECC crypto processor.

3.1 Preliminary

An elliptic curve, defined over the finite field \({F}_{p}\), is a set of solutions \(({\text{x}},{\text{y}})\) of a so-called Weierstrass equation:

$$E:{y}^{2}+{a}_{1}xy+{a}_{3}y={x}^{3}+{a}_{2}{x}^{2}+{a}_{4}x+{a}_{6}$$
(1)

where \({{\text{a}}}_{1},{{\text{a}}}_{2},{{\text{a}}}_{3}, {{\text{a}}}_{4}, {{\text{a}}}_{6} \in {{\text{F}}}_{{\text{q}}}\). This equation can be simplified according to the characteristic of the field \(\left({F}_{q}\right)\):

  • If char \(\left({F}_{q}\right)\ge 5\), then \({F}_{q}={F}_{p}\), p is a large prime number, and the equation of the curve is given by:

    $$E:{y}^{2}={x}^{3}+ax+b, \mathrm{with\;}4{a}^{3}+27{b}^{2}\ne 0$$
    (2)

  • If char \({F}_{q}=3\), then \({F}_{q}={F}_{p}\), p is a prime number, and the equation of the curve is given by:

    $$E:{y}^{2}={x}^{3}+ax+b, \mathrm{with\;}4+27{b}^{2}\ne 0$$
    (3)

  • If char \(({{\text{F}}}_{{\text{q}}}) = 2\), then \({{\text{F}}}_{{\text{q}}} = {{\text{F}}}_{2}^{{\text{m}}}\) and the curve equation becomes:

    $$E:y^2+xy=x^3+{ax}^2+b,\mathrm{with}\;b\neq0$$
    (4)

In this paper, we will focus on elliptic curves defined over binary field since their arithmetic operations are easier to implement. However, operators defined in binary field are less costly in terms of area and computational cost than prime field operations. This allows us to reduce the surface area and computational cost, which is required for the implementation of elliptic curves with low-cost devices.

3.2 Group low

Let \({\text{P}}({{\text{x}}}_{{\text{P}}},{{\text{y}}}_{{\text{P}}})\) and \(\mathrm{Q }({{\text{x}}}_{{\text{Q}}},{{\text{y}}}_{{\text{Q}}})\) are two points on the curve \({\text{E}}({{\text{F}}}_{2}^{{\text{m}}})\) and O the point at infinity:

  • We have \(\mathrm{P }+\mathrm{ O }=\mathrm{ O }+\mathrm{ P }=\mathrm{ P}\) for any point \(\mathrm{P }\in \mathrm{ E}({{\text{F}}}_{2}^{{\text{m}}}).\)   

  • The opposite of the point P is the point –P of coordinates \(\left({x}_{P},{x}_{P}+{y}_{P}\right)\), with \(\mathrm{P }+ (-{\text{P}}) =\mathrm{ O}\) .

  • If P and Q are not opposed, then \(\mathrm{P }+\mathrm{ Q }=\mathrm{ R}\) with:

    $${{\text{x}}}_{{\text{R}}}={\uplambda }^{2}+\uplambda +{{\text{a}}}_{2}+{{\text{x}}}_{{\text{P}}}+{{\text{x}}}_{{\text{Q}}}$$
    (5)
    $${{\text{y}}}_{{\text{R}}}= (\lambda +1).{{\text{x}}}_{{\text{R}}}+ \lambda .{{\text{x}}}_{{\text{P}}} + {{\text{y}}}_{{\text{P}}}$$
    (6)

with \(\lambda =\left({y}_{P}+{y}_{Q}\right)/\left({x}_{P}+{x}_{Q}\right){\text{if}}{x}_{P}\ne {x}_{Q}\)

\(\lambda ={x}_{P}+\left({y}_{P}/{x}_{P}\right){\text{if}}{x}_{P}={x}_{Q}\)

3.3 Scalar multiplication

In an elliptic curve, a multiplication between two points of the curve cannot be performed. Using a succession of addition and doubling operations, it is possible to define the multiplication of a point of the curve by an integer. This is called scalar multiplication. For any integer \({\text{n}}\in \mathrm{ N}\) \({\text{n}}\in {\text{N}}\), the multiplication of the point P by n is defined by: \({\text{n}}.\mathrm{P }=\mathrm{ P }+\mathrm{ P }+ \dots +\mathrm{ P}\) \({\text{n}}.{\text{P}}={\text{P}}+{\text{P}}+\dots +{\text{P}}\), n times.

Scalar multiplication is the main operation of a cryptosystem based on elliptic curves. The security of this operation relies on the fact that knowing P and n we can easily compute \(\mathrm{Q }=[{\text{n}}]{\text{P}}\) \({\text{Q}}=[{\text{n}}]{\text{P}}\), but knowing P and Q it becomes difficult to find the integer n which verifies the equation \([{\text{n}}]{\text{P}}=\mathrm{ Q}\) \([{\text{n}}]{\text{P}}={\text{Q}}\). This property is related to the Discrete Logarithm Problem (DLP). The simplest algorithm to compute scalar multiplication is the algorithm proposed by Coron et al. in 1999 [20], Double-and-Add.

3.4 Lightweight ECC implementation for constrained devices

Elliptic curve cryptosystems are very effective in ensuring data security and data integrity which make them widely used for IoT applications such as Wireless Sensor Networks (WSN) and Radio Frequency Identification (RFID). Despite their small key size and fast implementation, ECC cryptosystems still require intensive calculations. To adapt the implementation of these cryptosystems to limited-resource applications, we need to carefully optimize them in terms of resource requirements and computing power. To have a lightweight implementation of a scalar multiplication algorithm that suits the limited computing power and the limited nature of constrained devices, it is necessary to deal with some parameters that influence the implementation cost. These parameters can be the finite field, the elliptic curve form, and the coordinate system used.

3.4.1 Choice of a finite field

Most elliptic curves are defined in practice on binary fields \({{F}_{2}}^{m}\) or prime fields \({F}_{p}\). The elements of binary fields \({{F}_{2}}^{m}\) are polynomials of degree \(\left(m-1\right)\) with coefficients in \({F}_{2}:\left\{0,1\right\}\). So, each element of \({{F}_{2}}^{m}\) is represented as: \(A=\sum\limits_{i=0}^{m-1}{a}_{i}.{x}^{i}\)  

The elements of the prime field are integers modulo p where p is a prime number, and all field operations are computed modulo p. For binary fields, the addition operation corresponds to a simple bit-wise XOR of the polynomial coefficients, and similarly for the subtraction operation. Whereas in \({F}_{p}\) fields, addition is a modular operation with carry propagation. This modular addition is more expensive in area and computation time than the simple XOR [42]. Indeed, the arithmetic on \({F}_{p}\) requires the carry propagation during the addition or multiplication calculation. Binary fields avoid all constraints related to carry propagation during multiplication and addition operations. For this reason, binary fields are considered simpler and faster than prime fields in hardware implementation. Also, the square operation in binary field is much faster than that in prime field [43]. Therefore, to have a lightweight hardware implementation of an elliptic curve scalar multiplication it is suitable to choose the binary filed instead of prime field.

3.4.2 Elliptic curve model used

The choice of a well-defined curve model can speed up scalar multiplication calculation, since the group laws depend on the type of elliptic curve chosen. The first proposed model of elliptic curves is the Montgomery curve [44], which is used to speed up the computation of scalar multiplication in the prime field \({F}_{p}\). For the \({{F}_{2}}^{m}\) binary fields, most elliptic curves models are an adaptation of the models defined for the prime fields \({F}_{p}\). Such was the case for Edwards binary curves [45]. The other models of the elliptic curves in characteristic 2 fields, including Koblitz curves, are Hesienne curves, Huff binary curves, and μ4-normal forms. In this section we will focus on the required costs of the different models of elliptic curves defined over binary field.

The Table 1, presents the cost in number of operations required to perform the scalar multiplication for each model of the elliptic curves defined over \({{F}_{2}}^{m}\) [46].

Table 1 Different forms of binary elliptic curves
Full size table

Indeed, for all the group laws on elliptic curves the computation of point doubling operation is much faster than point addition. In this way, the high number of point addition operations may reduce the performance of the scalar multiplication calculation. In order to have the most efficient elliptical curve model, we will choose the less expensive one in the calculation of the point addition operation.

Table 1 shows that the Koblitz form of elliptic curves has the best features to speed up the calculation of the scalar multiplication in \({{F}_{2}}^{m}\). They require only eight multiplication operations for point addition and three multiplication operations for point doubling.

3.4.3 Choice of coordinate system

From Eqs. 5 and 6, a point addition, as well as a point doubling operation, require one inversion, two multiplications, and one square. However, the inversion operation in finite fields is very expensive compared to other operations. To solve this problem, Eq. 2 of the curve in affine coordinate, is replaced by the equation defined in projective space:

$$E:{Y}^{2}Z+{a}_{1}XYZ+{a}_{3}{YZ}^{2}={X}^{3}+{a}_{2}{X}^{2}Z+{a}_{4}{XZ}^{2}+{a}_{6}{Z}^{3}$$
(7)

Indeed the conversion from the affine plane to projective is done by the assignments:\(X=x\),\(Y=y\) and \(Z=1\) he conversion in the opposite direction is done by \(x=X/{Z}^{c}\) and \(y=Y/{Z}^{d}\) with c is an integer ∈ [1, 2] and d is an integer ∈ [1, 3] and their values depend on the type of projective coordinates used.

There are three types of projective coordinates for elliptic curves defined on \({{F}_{2}}^{m}\):Standard projective coordinates (with c = 1 and d = 1), Jacobian projective coordinates (with c = 2 and d = 3), and Lopez and Dahab projective coordinates (with c = 1 and d = 2).

Ideally, the most appropriate coordinate system is the one that ill perform the minimum number of operations to calculate an addition and a doubling. Several studies have shown that the Lopez and Dahab coordinates are the best choice for binary fields and are the least expensive in terms of the number of operations required for the scalar multiplication calculation. In addition to the choice of binary operations to perform the calculation of the scalar multiplication operation, the choice of Lopez and Dahab coordinates can further reduce the cost of the implementation in terms of power and area.

Table 2 summarizes the requirements in number of operations of different projective coordinates for \({{F}_{2}}^{m}\) field, where M indicates a multiplication operation, S a square, and I represents an inversion operation. The addition operation is neglected in the binary fields since it is performed by a simple XOR. This table justifies well our choice of the L&D coordinates to reduce the number of operations needed to calculate the doubling and addition operations.

Table 2 Coordinate systems requirement in \({{F}_{2}}^{m}\) field [47]
Full size table

3.5 Lopez and Dahab coordinate system

Lopez and Dahab are projective coordinates with c = 1 and d = 2. The presentation of a point \(P\left(x,y\right)\), in the Lopez and Dahab coordinate system, has three terms \(\left(X=x,Y=y,Z=1\right)\) such that \(\left(X/Z,Y/{Z}^{2}\right)\) defines the equation of the curve E in \({{F}_{2}}^{m}\)[48]. The Eq. (7) of the elliptic curve in projective coordinates becomes in Lopez and Dahab:

$${\text{E}}: {{\text{Y}}}^{2} +\mathrm{ X}.{\text{Y}}.\mathrm{Z }= {{\text{X}}}^{3}.\mathrm{Z }+ {{\text{a}}}_{2}.{{\text{X}}}^{2}.{{\text{Z}}}^{2}+ {{\text{a}}}_{6}.{{\text{Z}}}^{4}$$
(8)

The explicit formulas relating to the Lopez and Dahab coordinates are as follows:

  • The point \(\mathrm{O }= (\mathrm{1,0},0)\) \({\text{O}}=(\mathrm{1,0},0)\), presents the point at infinity.

  • The opposite of the point \(P\left(X,Y,Z\right)\) is given by the point \(-P=\left(X,X+Y,Z\right)\).

  • The result \(\left({X}_{3},{Y}_{3},{Z}_{3}\right)\) of the addition of two points \({P}_{1}\left({X}_{1},{Y}_{1},{Z}_{1}\right)\) and \({P}_{2}\left({X}_{2},{Y}_{2},{Z}_{2}\right)\) in Lopez Dahab coordinates is as shown below:

    $$\begin{array}{cc}A={Y}_{2}.{Z}_{1}^{2}+{Y}_{1}& E=A.C\\ \begin{array}{c}\mathrm{ B}= {{\text{X}}}_{2}. {{\text{Z}}}_{1} + {{\text{X}}}_{1} \\ \begin{array}{c}C={Z}_{1}.B\\ \begin{array}{c}D={B}^{2}\left(C+{aZ}_{1}^{2}\right)\\ {{\varvec{Z}}}_{3}={{\varvec{C}}}^{2}\end{array}\end{array}\end{array}& \begin{array}{c}{{\varvec{X}}}_{3}={{\varvec{A}}}^{2}+{\varvec{D}}+{\varvec{E}}\\ \begin{array}{c}F={X}_{3}+{X}_{2}.{Z}_{3}\\ \begin{array}{c}G=\left({X}_{2}+{Y}_{2}\right).{Z}_{3}^{2}\\ {{\varvec{Y}}}_{3}=\left({\varvec{E}}+{{\varvec{Z}}}_{3}\right).{\varvec{F}}+{\varvec{G}}\end{array}\end{array}\end{array}\end{array}$$

The result of the point doubling calculation of \({P}_{1}\left({X}_{1},{Y}_{1},{Z}_{1}\right)\) gives the point \(2P=\left({X}_{3},{Y}_{3},{Z}_{3}\right)\), where the coordinates \({X}_{3}\),\({Y}_{3}\) and \({{\text{Z}}}_{3}\) \({{\text{Z}}}_{3}\) are given by the following formulas:

$$\begin{array}{c}{X}_{3}={X}_{1}^{4}+{a}_{6}.{Z}_{1}^{4}\\ {Y}_{3}={a}_{6}.{Z}_{1}^{4}.{Z}_{3}+{X}_{3}\left({a}_{2}.{Z}_{3}+{Y}_{1}^{2}+{a}_{6}.{Z}_{1}\right)\\ {Z}_{3}={X}_{1}^{2}.{Z}_{1}^{2}\end{array}$$

We can conclude that the number of operations necessary to perform the point addition and point doubling in Lopez and Dahab coordinates are identical to the number shown in Table 2.

4 Side-channel attack on ECC

Physical attacks targeting an ECC algorithm can be classified into two main categories: passive and active attacks. Passive attacks allow observing the circuit behavior such as power consumption, electromagnetic radiation, and execution time. Active attacks are disruption attacks such as fault injection or modification of a set of bits. Side-channel attacks have revealed a significant ability to attack the hardware implementation of all modern cryptographic primitives such as AES, RSA and ECC and gain access to shared secret information [49]. For this reason, in this section, we will list and describe the operating principle of different types of side-channel attacks targeting ECC cryptosystems. In addition, we highlight the deficiencies and security limitations of the various countermeasure methods proposed to defeat these attacks.

4.1 Simple power analysis attack (SPA)

The first type of power analysis attacks targeting ECC algorithms is the SPA [9]. Several ECC algorithms are often proposed to prevent these types of attacks by standardizing the number of addition and doubling operations of the scalar multiplication.

The Algorithm1, called double-and-add algorithm, presents the first scalar multiplication algorithm proposed by Coron in 1999 [20]. It returns as output the value \(\left[d\right]P\), where d is its secret key and P is a point on the curve. This algorithm is interpreted as vulnerable to SPA attacks. Coron et al. then proposed Algorithm 2, a modification of the Double-and-add algorithm, as a countermeasure to SPA attacks.

Algorithm 1
figure a

Double-and-Add [20]

Full size image

As we can see in Algorithm 2, the lines 3 and 4 compute doubling and addition operation at each execution and whatever the bit value of the scalar d. This method is effective against such attacks, but it is not efficient in terms of computation since all calculation done needs \(\left(n-1\right)\) addition operations and \(\left(n-1\right)\) doubling operations. Moreover, if the value of scalar d is equal to 0, the instruction on line 4 becomes useless. If an attacker injects a fault attack into the \(Q\left[1\right]\) value of line 4, it will be possible to find the scalar value at this step. If the fault is propagated to the output, i.e., the scalar bit is equal to one, otherwise, it is equal to 0. This is called a safe-error attack.

Algorithm 2
figure b

MSB Double-and-add resistant SPA [20]

Full size image

4.2 Differential power analysis attack (DPA)

The DPA attack is a more sophisticated type of side-channel attack [c]. Unlike SPA attack, DPA requires a statistical analysis of a large number of power traces.

4.2.1 DPA explanation

The principle of the DPA attack is based on the fact that the power consumption of a given instruction changes according to the values of the executed bits, 0 or 1. This modification gives the attacker additional information about the data being manipulated. For encryption algorithms, this information can be private parameters. The application of this attack requires the extraction of several power traces which will then be statistically analyzed to find the secret key. This attack has been generalized on elliptic curves by Coron et al. in 1999 in their paper [20]. For an elliptic curve crypto-system, the attacker observes the circuit behavior during a large amount of scalar multiplication. He saves for each scalar multiplication operation the power trace T and the corresponding point P or message m.

The principle of the DPA attack is as follows:

  • Collect N consumption traces \({T}_{i}\) corresponding to the execution of the scalar multiplication operation with N different points \({P}_{i}\) of the curve using the same secret key.

  • Knowing the implemented algorithm, the attacker uses a hypothesis on a part of the key for each input \({P}_{i}\).

  • Recover the result obtained from each message \({P}_{i}\).

  • Choose a selection function to divide the N consumption curves into two subgroups.

  • Calculate the difference between the averages of the subgroups.

If a peak value appears within the difference between the averages, then the adversary assumption about the key portion is true; otherwise, the assumption is false. To find the full secret key, the following attack steps will be replayed for every bit of the scalar.

4.2.2 DPA implementation criteria

To successfully implement the DPA attack in scalar multiplication algorithm, the attacker must be able to obtain several power consumption traces using the same secret key. The traces must be well synchronized to properly analyze them. The efficiency of this attack depends on the number of power traces recovered. In fact, the greater the number of traces used, the more the precision of the attack increases [50].

4.3 Refined power analysis (RPA) attack

RPA attack can be implemented if the attacker can choose special points on the curve for which one of the coordinates, affine or projective, is equal to zero. In the beginning, the attacker chooses the specific point \(S=\left(0,y\right)\). It is assumed then that the \(\left(n-1-i\right)\) most significant bits of k are known by the attacker. The attacker calculates the point \(P= \left[{\left({k}_{\left(n-1\right)} , ... , {k}_{\left(i+1\right)}\right)}^{-1} mod \#E\right]S\). To determine the value of bit i of scalar d, the opponent sends the point P to the scalar multiplication calculation process to compare the obtained results with the estimated one [51]. Goubin et al. have shown in their paper [33] that choosing a special point of coordinate x or y equal to zero makes any randomization ineffective against this type of attack. This is because multiplying the zero coordinate of a specific point \({P}_{0}\) by any random number always gives a zero.

4.4 Zero-value point attack (ZPA)

The ZPA attack is an extension of the RPA attack proposed by Akishita et al. in [34]. The principle of this attack is that even if a point does not have any coordinates equal to zero, the intermediate registers can take a null value during certain calculations of the scalar multiplication with some point P. This attack target the registers of the addition operation. The ZPA attack finds the key from the most significant bit. It is supposed that the attacker knows the most significant bit and looks for the second most significant bit. This is done if the attacker can generate zero-value registers for addition and doubling formulas. If, after executing iteration \(\left(n-2\right)\), the Double \(2Q\) and Addition \(\left(2Q,Q\right)\) operations have zero-value registers, the attacker can determine that the bit value of the scalar at this iteration is equal to 0. Otherwise, if the Double \(3Q\) and Addition \(\left(3Q,Q\right)\) operations have zero-value registers, the scalar bit in this case is equal to 1.

According to Akishita, a point P is said to be a zero-value point if and only if it satisfies the following conditions:

  • \(3{x}^{2}+a=0\).

  • \(5{x}^{4}+2{ax}^{2}-4bx+{a}^{2}=0\).

  • The order of the point P is equal to 3.

  • \(x\left(P\right)=0\) or \(x\left(2P\right)=0\).

  • \(y\left(P\right)=0\) or \(y\left(2P\right)=0\).

The possibility of the auxiliary registers becoming null is great. As mentioned above, the multiplication of a null quantity by a random integer always remains null which makes the randomization of these registers inapplicable to this type of attack.

4.5 DPA counter-measure methods

Several works have shown that SPA countermeasures are inefficient for DPA attacks. For this reason, the protection of the scalar multiplication algorithm against DPA attacks has been the subject of several research studies. To achieve this objective, Coron et al. proposed in [20] three DPA countermeasure methods: randomization of the secret key, blinding of the point P, and randomization of the projective coordinates.

4.5.1 Randomization of the secret key

The first method of DPA countermeasure consists in choosing a random number d and replacing the key k by \({k}{\prime}=k+d\left(\#E\right)\) with \(\left(\#E\right)\) presents the cardinality of the curve. The calculation of \(\left[{k}{\prime}\right]P\) gives \(\left(k+d\left(\#E\right)\right)P=kP+d\left(\#E\right)P=kP\), since \(\left(\#E\right)P=\infty\).

This method is supposed to be effective against DPA, since the number d is chosen randomly, and it changes at each execution. But Okeya et al. showed in their paper [52] that, by statistically analyzing the value of k’, the attacker can obtain information about the value of the secret key k.

Fouque et al. analyzed in [31] the efficiency of this first method of countermeasure against the doubling attack. The doubling attack looks for similarities in the calculations with point P and point \(2P\). We calculate the quantities \(\left[d\right]P\) and \(\left[d\right]2P\) using the double-and-add algorithm. If the result of the doubling operation when calculating \(\left[d\right]P\) at iteration \(\left(i-1\right)\) is similar to that of doubling when calculating \(\left[d\right]2P\) at iteration i, we can conclude that the bit of the scalar d used is equal to zero.

4.5.2 Blinding the point P

The blinding of the point P consists in adding to it a secret random point R, where \(S=dR\). The principle of this method is to calculate \(Q=d\left(R+P\right)\) instead of \(dP\) and then to subtract the quantity S from the value of Q. The values of R and \(S\) must be updated at each execution by calculating \(R={\left(-1\right)}^{b}2R\) and \(S={\left(-1\right)}^{b}2S\), where b is a randomly chosen bit. This makes the DPA attack infeasible since the point changes at each new execution. Fouque et al. have shown in [31] that even the second DPA countermeasure is vulnerable to the doubling attack. In fact, when the attacker sends the point P, the algorithm proceeds with the point \(\left(P+R\right)\). Then it sends the point \(2P\) and the computation process runs with the point \(2\left(P+R\right)\) which is almost equal to \(2P+2R\). Then the attacker compares the execution of two requests sent at iteration (i) and iteration \(\left(i-1\right)\) to find the value of the secret key.

4.5.3 Randomization of projective coordinates

The method of randomizing the projective coordinates [20] consists in multiplying the coordinates \(\left(X,Y,Z\right)\) of the point P by a randomly chosen integer \(\lambda \ne 0\) to obtain \(P\left(\lambda X,\lambda Y,\lambda Z\right)\). This randomization is carried out at the beginning of each execution of the scalar multiplication operation or after each point addition and point doubling operations. Since the value of \(\lambda\) is randomly chosen, so it will be updated at each execution. Ha et al. showed in [53] that this method of countermeasure is not effective against the ZPA attack. Goubin showed that even with the coordinate randomization method, one of the coordinates of this point always remains equal to zero. This makes Coron's third method ineffective against this type of attack.

4.5.4 Random key splitting

The principle of this countermeasure method is to divide the scalar k into two parts: \(k={k}_{1}+{k}_{2}\).Then, execute the operations \({Q}_{1}=\left[{k}_{1}\right]P\) and \({Q}_{2}=\left[{k}_{2}\right]P\). According to Tunstal et al. [54] there are three methods of scalar division to prevent the DPA attack:

  • Additive splitting: by choosing a random number r, we calculate the new key \({k}^{\mathrm{^{\prime}}}=r+\left(k-r\right)\). The scalar multiplication is done in this case by calculating: \(\left[{{\text{k}}}^{\mathrm{^{\prime}}}\right]{\text{P}}= \left[{\text{r}}\right]\mathrm{P }+ \left[{\text{k}}-{\text{r}}\right]{\text{P}}= \left[{\text{r}}\right]\mathrm{P }+ \left[{\text{k}}\right]{\text{P}}-[{\text{r}}]\mathrm{P }= [{\text{k}}]{\text{P}}\) \(\left[{{\text{k}}}^{\mathrm{^{\prime}}}\right]{\text{P}}=\left[{\text{r}}\right]{\text{P}}+\left[{\text{k}}-{\text{r}}\right]{\text{P}}=\left[{\text{r}}\right]{\text{P}}+\left[{\text{k}}\right]{\text{P}}-[{\text{r}}]{\text{P}}=[{\text{k}}]{\text{P}}\)

  • Multiplicative splitting: The multiplicative splitting of the scalar k consists in calculating \(\left[{k}{\prime}\right]P=\left[k.r-1\right].\left[r\right]P\), where r is a randomly chosen number and \(\left(r-1\right)\) is its multiplicative inverse [55].

  • Euclidean splitting: This method allows to replace the scalar multiplication \(\left[k\right]P\) by \(\left[k'\right]P=\left[\left\lfloor\frac kr\right\rfloor\left[r\right]P\right]+\left[kmodr\right]P\). The number r is a chosen random integer of size \(\frac{n}{2}\), where n is the size of the key k [56].

4.5.5 Randomized curve isomorphism

The randomized curve isomorphism method consists in transforming the calculation from a curve E to an isomorphic curve E’ of E, such that for a number \(r\in K\), the coefficients of the curve E’ are \({a}^{\prime}={r}^{4}.a\) and \({b}^{\prime}={r}^{6}.b\). The scalar multiplication is performed in the curve E’. In fact, for any point \(P\in E\), the point \({P}^{\prime}=\left({r}^{2}.x,{r}^{3}.y,z\right)\) is determined to calculate the scalar multiplication \({Q}^{\prime}=\left[k\right]{P}^{\prime}=\left({x}_{Q},{y}_{Q}\right)\). To bring the result back to the initial curve E, the point \(Q=\left({x}_{Q}/{r}^{2},{y}_{Q}/{r}^{3}\right)\) is calculated. Joye et al. showed in their paper in [27] that this method is only successful with the prime fields. Since in binary fields the isomorphism of a point P does not affect its x-coordinate, the system remains vulnerable to DPA attacks. So, it can be seen that this method is not effective with field of characteristic 2. Randomized curve isomorphism can be effective with binary fields if another countermeasure method is included. But Abar et al. noted in their paper [29] that this countermeasure method is still vulnerable to RPA and ZPA attacks.

4.5.6 BRIP (Basic Random Initial Point) method

Mamya et al. have proposed in [57] a new countermeasure method, Basic Random Initial Point, based on the use of a random point. This method is secure against DPA and SPA attacks and supposedly secure against ZPA and RPA attacks. The principle of this method is to calculate the quantity \({Q}^{\prime}=\left[k\right]P+R\), choosing a random point R of the curve. Then, in order to obtain the final result \(Q=\left[k\right]P\), the R point must be subtracted from the quantity Q’. As long as the value of the point R changes at each execution, the output registers of the addition and doubling operations, therefore, change after each execution. Algorithm 3 describes in detail the principal sequence of this method applied to double-and-add-always algorithm. According to Abar et al. [29], this method of countermeasure is effective against several types of power attacks at the same time, but, on the other hand, it is applicable only for left-to-right scalar multiplication algorithm.

Algorithm 3
figure c

Binary expansion with RIP (BRIP)

Full size image

In this section, we have listed the different DPA counter-measure methods. It is well known that protecting an algorithm against one type of attack makes it vulnerable to another type. As we have seen, each of these presented DPA countermeasures have weaknesses against ZPA, RPA, and doubling attacks. As we can see from Algorithm 3, the register \({T}_{2}\) is only used when the scalar bit k is equal to 1. In this way, this register can be targeted by a safe-error attack. By injecting an error into \({T}_{2}\) it can be determined whether the bit value of k is equal to 1 or 0. In this way we can easily find out the whole scalar value d after many executions. The BRIP method is thus vulnerable to safe-error attack. Our objective is therefore to propose a new DPA counter-measure method that takes into account other potential attacks and fault attacks.

5 Choice of secure scalar multiplication algorithm

There are several proposed scalar multiplication algorithms, which differ in their cost calculation and security against different types of attacks. For this reason, this section is dedicated for a comparative study between these different algorithms to choose the most secure and efficient one to be implemented.

The first proposed scalar multiplication algorithm is double-and-add (Algorithm 1). Coron et al. have often shown that this algorithm is vulnerable to a simple power analysis (SPA) attack. This algorithm calculates the doubling of point P at each iteration and if the bit value of k is equal to 1 it adds point P to the doubling result. These two operations of the points have different power consumption. A simple power consumption analysis of this algorithm can easily determine when the scalar bit is equal to one and when it is equal to zero. Coron proposed then the double-and-add-always algorithm (Algorithm 2) as a countermeasure for this type of attack. At each iteration, Algorithm 2 performs an addition operation and a doubling operation. Then, depending on the bit value of the d scalar, the output takes either the register value \(Q\left[0\right]\) or \(Q\left[1\right]\). The power consumption of this algorithm is the same at each iteration. The security of algorithm 2 against SPA attacks makes it vulnerable to another type of attack, C-safe-error-attack. If the bit of the scalar is equal to 0, the output of the scalar multiplication algorithm takes the value of the register\(Q\left[0\right]\), so the instruction \(Q\left[1\right]\leftarrow ECADD\left(Q\left[0\right], P\right)\) on line 4 becomes dummy operation. Based on this property, the attacker injects an error on line 4 of the algorithm to find out the bit value of scalar d. If this error propagates to the algorithm output, this means that the scalar bit is equal to 1, otherwise it is equal to 0. To determine the whole binary sequence of the key k, the attacker must repeat this calculation every iteration of the algorithm. To avoid the vulnerability to safe-error attacks, the Montgomery Ladder algorithm (Algorithm 4) is proposed as a counter-measure method for the scalar multiplication.

Algorithm 4
figure d

Montgomery Ladder scalar multiplication algorithm

Full size image

Fan et al. assumed in [35] that the Montgomery Ladder algorithm is a countermeasure to the C-safe-error attack because it avoids the use of any dummy operations. On the other hand, Joye et al. have demonstrated that the classical Montgomery ladder algorithm of scalar multiplication computation is subject to M-safe- error attacks [22]. Later, Dubeuf et al. demonstrated in [58] the deficiency of Fan et al.'s hypothesis, and showed that Montgomery's algorithm is weak in front of C-safe-error attacks. For example, when the bit-value of the scalar d of algorithm 4 is equal to 0, and if an error is injected in the instruction \(R1 \leftarrow R0 + R1\) of line 3.1, the output will take the value of \({\text{R}}0\). This way the error cannot be transmitted to the output. In this case, the operation \(R1 \leftarrow R0 + R1\) is assumed as a dummy operation. This justifies that the Montgomery ladder algorithm is always subject to the safe-error attack. For this reason, Dubeuf proposed in his paper [58] his scalar multiplication algorithm which is effective against both SPA and Safe-error attacks.

5.1 Dubeuf et al.’s scalar multiplication algorithm

Dubeuf et al. proposed in 2017 [58] a scalar multiplication algorithm secured against SPA and safe-error attacks. This algorithm, presented by Algorithm 5, uses a unified number of addition and doubling operations independently of the bit value of the scalar k and avoids the use of dummy operations. In line 4.2, depending on the value of bit \({k}_{i}\), the algorithm performs either addition or subtraction of point P. If the value of bit \({k}_{i}=0\) the algorithm will executes \(Q=Q-P\), otherwise it calculates \(Q=Q+P\). Dubeuf et al. have presented their algorithm as resistant to C-safe-error attacks. All instructions implemented in this algorithm are used to calculate the final scalar multiplication output. Subsequently, the attacker cannot find dummy operations to successfully apply the safe-error attack.

Algorithm 5
figure e

Scalar operation [58]

Full size image

As we can see from the line 4.2, the Dubeuf algorithm performs either point addition or point subtraction operation depending on the bit value ki. For an elliptic curve, subtracting the point Q from P, consists in adding (-Q) the opposite of the point Q to P. The difference in energy consumption between addition and subtraction operations is related to the calculation of the point's opposite (-Q). This distinction in power consumption between the two operations makes the algorithm vulnerable to SPA attacks. To avoid this security weakness, we have proposed Algorithm 7 to perform and implement addition and subtraction operations over binary fields, using the same number of arithmetic operations. In this case, calculating the opposite of a Q point consists in replacing its y coordinate by (x + y) via a simple XOR between x and y (line 5). This involves the same power consumption for addition and subtraction operations. The attacker is, therefore, unable to differentiate between the two operations and subsequently, he cannot have any information about the key. Thanks to this property, the scalar multiplication algorithm becomes perfectly protected against SPA attacks.

These advantages do not avoid the vulnerability of this algorithm to DPA attacks. Using the same private key during several executions of the scalar multiplication algorithm increases vulnerability to DPA attacks. Therefore, it still insufficient to protect the algorithm against SPA attacks, it is also necessary to protect it against DPA attacks. The objective of this article is to propose a new counter-measure method, dedicated to the Dubeuf’s algorithm, to prevent its susceptibility to DPA attacks.

5.2 Hardware implementation results

To optimize the hardware implementation of this chosen scalar multiplication algorithm, we used the computational blocks described in Fig. 1. These blocks are implemented by using the parameters described in section III.D.

Fig. 1
figure 1

Hierarchical structure of scalar multiplication calculation

Full size image

As illustrated in Fig. 1, our hierarchical structure is decomposed of four blocks of calculation. The first block allows to calculate the arithmetic operations defined over binary field. Then, the affine-projective conversion operation is carried out in the second block. The third block is dedicated to the calculation of Lopez & Dahab addition and doubling operations. And finally, the fourth block is devoted to reconverting the obtained results into affine coordinates by the projective-affine conversion operation.

5.2.1 Arithmetic operations

The calculation of the multiplication of two binary numbers is performed using Bit-Serial Multiplication (BSM) algorithm. Table 3 presents the binary multiplication performance calculation in comparison with other modular multipliers.

Table 3 Bit serial multiplication performance comparison
Full size table

The results mentioned in Table 3 show that our implementation of the multiplication operation is the least expensive in number of LUTs. Consequently, we can see that the Bit-Serial Multiplication algorithm, implemented using Virtex-7 board, presents the best computation performance for \({F}_{2}^{163}\) binary field and offers a significant optimization in the number of occupied slices and LUTs. In addition, we can notice from the synthesis results obtained in Table 3, that our implementation is the fastest in execution time compared to other variants of multiplication operations.

The binary modular inversion is performed based on Modified Almost Inversion Algorithm (MAIA). This algorithm is considered as a variant of the Extended Euclidean Algorithm (EEA), dedicated to the calculation with integers [64]. The hardware implementation costs of the MAIA algorithm in comparison with the other inversion computation algorithms in \({F}_{2}^{163}\) is described in Table 4. As shown from this table, MAIA has been selected as the less complex than other variants of modular inversion algorithms in number of slices and LUTs.

Table 4 Modified almost inversion performance comparison
Full size table

5.2.2 Doubling addition operations

Before performing the scalar multiplication operation, the doubling and addition algorithms must first be implemented in \({{F}_{2}}^{m}\) field. There are several algorithms for calculating point doubling and point addition in projective coordinates, which differ in the number of the required operations: multiplication and square. As indicated in section III.D.4, the Lopez and Dahab (L&D) projective coordinate system gives us the least expensive addition and doubling algorithms in terms of number of arithmetic operations. For this reason, we have chosen the LD-doubling algorithm presented by Algorithm 6 [65], for point doubling calculation, which requires only 3M and 5S.

Algorithm 6
figure f

LD doubling

Full size image

For point addition calculations, L&D coordinate systems offer the best choice in terms of arithmetic operations required [66]. Therefore, we have implemented our proposition: LD-affine addition/subtraction algorithm, which presents a modified version of the algorithm proposed in [66]. Our proposed algorithm mixes affine and projective coordinates to reduce as much as possible the number of multiplication and square operations required. As presented in Table 2, it needs a total of 8M and 5S operations instead of 12M and 6S for the L&D addition algorithm. Furthermore, as mentioned in section V-A, this algorithm differs from the initial algorithm [66] by line 5. Indeed, if the selection bit s is equal to 1, the coordinate \({Y}_{0}\) takes the value \(\left(x+y\right)\), in this way the algorithm executes the point subtraction \({P}_{1}-{P}_{0}\). Otherwise, \({Y}_{0}\) gets the value of y and in this case the addition operation \({P}_{1}+{P}_{0}\) is performed. Consequently, this algorithm performs point addition and subtraction operations at the same time, using the same number of multiplication and square operations, ensuring perfect protection against SPA attacks.

5.2.3 Scalar multiplication operation

In this section, we present the synthesis implementation results of the scalar multiplication algorithm described in V-A. We have performed the scalar multiplication calculation, in \({F}_{2}^{163}\) field, based on the calculation blocks defined in Fig. 1.

We have chosen the BSM algorithm, and the MAIA algorithm to compute respectively the multiplication and inversion operations. Thanks to their low complexity compared to other algorithm variants, these two algorithms enabled us to optimize our implementation by decreasing the number of resources needed. On the other hand, we have seen in section (III.D.3) that the projective L&D coordinates offer an important reduction in the number of arithmetic operations required to perform the addition and doubling operations. All these factors have a great impact on the reduction of the consumption of our implementation in number of resources and arithmetic operations. Consequently, the calculation of the scalar multiplication using Algorithm 5 requires a number of n doubling operations and \(\left(n+1\right)\) adding operations.

Algorithm 7
figure g

LD-Affine addition/subtraction over F2m

Full size image

Our binary processor was implemented on \({F}_{2}^{162}\) field using a Virtex-7 FPGA device, without using any on-board blocks or DSP. Table 5 provides a performance comparison between the implementation of scalar multiplication computation designed in this paper and others proposed in existing studies, in terms of number of occupied slices, number of LUTs, execution time, maximum frequency and efficiency. According to [67], the calculation of the efficiency of our work is done according to the following formula:

Table 5 Hardware implementation results comparison over \({{F}_{2}}^{m}\)
Full size table
$$Eff=m/\left(a.t\right)$$

where m is the number of bits or the order of finite filed used, a refers to the number of occupied slices and t is the execution time of our implementation. The measurement unit of the efficiency factor is Kbps/slice. The calculation of this term permits to compare implementations carried out using the same finite field order but that differ in hardware architecture.

However, increasing the efficiency factor of a scalar multiplication implementation depends on increasing the area and the processing time. A compromise between these two parameters (area and number of slices) must be found to obtain the best efficiency value. Based on this metric, we calculated the efficiency of each analyzed work to compare them with our implementation. As it is indicated in Table 5, our implementation uses only 4045 slices and an execution time of 2.6 μs. By analyzing this hardware implementation, we can conclude that the combination of our results provides a good efficiency compared to other works that use the same FPGA device. The required implementation time of our combination is respectively 18.23% and 42.82% less than the fastest previous work [68] and [69]. In addition, the efficiency is, respectively, 19.43% and 24.52% higher. Based on the results obtained in Table 5, we note that our implementation has the best efficiency results.

6 Our proposed counter-measure method

In this section, we will describe our DPA counter-measure method applied for the Dubeuf algorithm previously described. This countermeasure is based on the point randomization method. We have previously cited several methods of DPA countermeasure based on scalar, point, and isomorphism randomizations. But as explained in Sect. 3.5, each method has its failures against certain other types of attacks. For this reason, we have decided to propose a new counter-measure method that is secure against most power attack variants.

6.1 Security analysis against DPA

Our proposal presented by algorithm 6, is inspired by the BRIP method, thanks to its effectiveness against many power attacks, except that it is only applicable to the double-and-add algorithm. The BRIP method consists in calculating \(k\left[P\right]+R\) instead of \(\left[k\right]P\) and subtracting the point R afterward to retrieve the appropriate result of \(\left[k\right]P\). This method is assumed to be resistant against DPA. Likewise, our algorithm is based on the use of random point R to randomize all the registers used in the doubling and addition operations. The random point R will be inserted at the initialization step of point P, in line 3 of Algorithm 6. This means that the randomization will not affect the uniformity of the addition and doubling operations used in our algorithm. As shown in Algorithm 6, we have kept the same structure of the main algorithm, Algorithm 5. In this way, our algorithm remains effective against SPA attacks.

First, during the “for” loop, a point R was added when the doubling operation was performed. This causes the randomization of the output \({Q}_{0}\) in line 5.1, which will take as a result the quantity \(2P+2R\) instead of \(2P\).

In the remainder of the calculation, to recover the correct result of the scalar multiplication \(\left[2k\right]P\), we will subtract the value \(2R\). For this purpose, the first point R will be subtracted from \({Q}_{0}\) in line 5.2 by adding the point \({Q}_{1}\), which is equal to \(-R\). In the same way, and after executing the entire "For" loop, the second point R is again subtracted from \({Q}_{0}\) in line 7. With this proposed method, the results of the addition and doubling operations will be modified in each new execution of the algorithm since the R value will be modified each time.

Algorithm 6
figure h

Scalar operation resistant to DPA

Full size image

The application of our countermeasure method on the Dubeuf algorithm meets the two required criteria for resistance to DPA attacks [75]. The first criteria consists in randomizing treated data during scalar multiplication, and the second one is to ensure constant power consumption at each execution of the algorithm. The Dubeuf’s original algorithm performs the same number of operations at each iteration, resulting in the same amount of power consumption. In addition, the proposed counter-measure method involves the randomization of the data processed during the scalar multiplication. We can thus confirm that our countermeasure method is secure against DPA attack. This method avoids any leakage of secret information by randomizing the processing data during scalar multiplication calculations.

6.2 Security analysis against ZPA/RPA

In this section we will demonstrate that our proposition is resistant to ZPA and RPA attacks. Unlike the Coron’s countermeasure method described in section IV-E-3, the insertion of a random point in the calculation process avoids the possibility of having a specific point \(\left(0,y\right)\) or a zero- value register. Precisely, if the attacker enters a specific point P with coordinates (0,y) and wants to apply a ZPA or RPA attack on our algorithm, no propagation of this zero-coordinate will occur in the calculation.

Our countermeasure method consists in adding a random point R with coordinates (x, y) to the initial point P, which changes completely the value of point P, and the zero value of its x coordinate. Even if we have zero-value registers in our computation algorithm, our countermeasure method is still effective. It ensures propagation of the randomization to the addition and doubling operations, which then leads to the randomization of all registers used in the computation process. All these properties prove the effectiveness of our countermeasure method against different attacks: DPA, ZPA, RPA, and doubling.

6.3 Calculation results

In this section, we present a comparative study between our proposed method and the existing countermeasure methods in terms of required number of arithmetic operations. Consequently, the calculation of scalar multiplication, using our method, requires in total n doubling operations and \(2\left(n+1\right)\) addition operations, with n presents the bit length of our scalar k used. Table 6 presents the number of operations required for our proposed algorithm to perform a scalar multiplication operation in comparison with some existing works. For each cited algorithm, we give the cost per bit of the arithmetic operations used and the additional cost, which results the number of operations performed outside the for loop.

Table 6 Performance calculation of our proposition
Full size table

The results obtained in Table 6 show that our proposed algorithm has an acceptable computational performance compared to other scalar multiplication algorithms considering the high security ensured. As it is written in Algorithm 6, our proposal requires two addition operations outside the main loop: one operation during the initialization step (line 3) and another after the end of the for loop (line 7). Moreover, an Affine-to-Projective conversion function is performed at the end of our algorithm requiring only one inversion operation. As a result, the number of additional operations calculated in our proposal is 1I + 16M + 10S instead of 1I + 32M + 12S for the BRIP algorithm.

7 Conclusion

In this paper, we carried out a comparative study between various scalar multiplication algorithms to select the Dubeuf algorithm as the most secure one against SPA and safe-error attacks. Then, we applied the different hardware optimization methods to ensure a lightweight implementation of this algorithm over binary field. This algorithm is very effective against SPA attacks but it still remains vulnerable to differential power analysis attacks such as DPA, ZPA, and RPA. To ensure the security of this algorithm against these types of attack, we have carried out a comparative analysis between the different countermeasure methods proposed to combat these threats.

The weaknesses of these various countermeasure techniques led us to develop a new countermeasure suitable for the Dubeuf et al. algorithm. Our countermeasure method is based on the integration of a random point during the initialization step in order to randomize all the scalar multiplication operation execution. The security analysis of our proposal has demonstrated its effectiveness against DPA, ZPA and RPA attacks, as well as keeping the security of the algorithm against SPA attacks. In terms of computational performance, our algorithm presents an acceptable calculation cost compared with other literature methods. In this paper, our aim is to ensure perfect security against differential power analysis attacks. However, to improve our proposal in terms of computational cost, it will be important to apply additional hardware optimization methods. To achieve this goal, we can propose future contributions that will focus on optimizing the binary field multiplication operation, as it represents the most consuming arithmetic operation.