Cryptography Reference
In-Depth Information
where the parameter c can be chosen as 1 without loss of generality. The addition of
two points P
= (
x 1 ,
y 1 )
and Q
= (
x 2 ,
y 2 )
in E
(
GF
(
p
))
, resulting in a third point
P
+
Q
= (
x 3 ,
y 3 )
in E
(
GF
(
p
))
, can be computed as
x 1 y 2 +
y 1 x 2
x 3 =
dx 1 x 2 y 1 y 2 (
mod p
),
(11.10)
1
+
y 1 y 2
x 1 x 2
y 3 =
dx 1 x 2 y 1 y 2 (
mod p
).
1
This equation is valid even if P
Q , and it never results in a point at infinity. An
Edwards elliptic curve defined as in ( 11.9 ) is converted to homogeneous projective
coordinates as E
=
X 2
Y 2 = Z 4
dX 2 Y 2
(
) :
+
+
=
,
=
yZ .The
following formulas compute the unified point addition and doubling ( 11.11 ) and
optimized doubling ( 11.12 ) operations with projective coordinates [33]:
GF( p )
where X
xZ
Y
Z 1 Z 2
X 3 =
Z 1 Z 2 (
X 1 Y 2 +
Y 1 X 2 )(
dX 1 X 2 Y 1 Y 2 )(
mod p
),
(11.11)
Z 1 Z 2 +
Y 3 =
Z 1 Z 2 (
Y 1 Y 2
X 1 X 2 )(
dX 1 X 2 Y 1 Y 2 )(
mod p
),
Z 1 Z 2
Z 1 Z 2 +
Z 3 = (
dX 1 X 2 Y 1 Y 2 )(
dX 1 X 2 Y 1 Y 2 )(
mod p
) ;
X 1 +
Y 1
2 Z 1 )(
X 3 =
2 X 1 Y 1 (
mod p
),
(11.12)
X 1
Y 1 )(
X 1 +
Y 1 )(
Y 3 = (
mod p
),
X 1 +
Y 1 )(
X 1 +
Y 1
2 Z 1 )(
Z 3 = (
mod p
).
11.8.2 The Error Detection Technique
We mainly propose applying nonlinear codes to secure operations conducted over
elliptic curves, i.e. point addition and doubling operations against active fault injec-
tion attacks. In this chapter, we are focusing on ECC structures based on prime fields
GF( p ), yet a similar idea can be applied to protect elliptic curves that are defined
over binary fields as well.
The main idea is to encode the coordinates of elliptic curve points using the sys-
tematic nonlinear
(
,
)
-code of Definition 11.6. This code essentially uses redun-
dancy for error detection. We define the following error check function on a point
coordinate X
n
k
GF( p ) to obtain a nonlinear error check-sum:
X 2
w
=
h
(
X
) =
(
mod p
)
GF
(
p
).
(11.13)
Consequently, the point coordinate X is encoded as
. We now formally
define a robust code by embedding the nonlinear code definition introduced by
Gaubatz, Sunar, and Karpovsky [156] into elliptic curves as follows.
(
X
,
h
(
X
))
 
Search WWH ::




Custom Search