计算机工程与应用 ›› 2017, Vol. 53 ›› Issue (1): 103-106.DOI: 10.3778/j.issn.1002-8331.1504-0013

• 网络、通信与安全 • 上一篇    下一篇

Edwards曲线上抗SPA快速标量乘算法

刘双根1,姚华童1,李发根2   

  1. 1.西安邮电大学 通信与信息工程学院,西安 710121
    2.电子科技大学 计算机科学与工程学院,成都 611731
  • 出版日期:2017-01-01 发布日期:2017-01-10

SPA resistant scalar multiplication on Edwards curve

LIU Shuanggen1, YAO Huatong1, LI Fagen2   

  1. 1.School of Telecommunication and Information Engineering, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
    2.School of Computer Science and Engineering, University of Electronic Science and Technology, Chengdu 611731, China
  • Online:2017-01-01 Published:2017-01-10

摘要: 针对Edwards曲线上标量乘法的效率及安全性,提出了马尔科夫点加-倍点链(Markov Addition-Double Chain,MADC)。基于MADC的椭圆曲线标量乘算法每次循环都固定执行“点加-倍点”运算,从而能够天然抵抗简单能量攻击。此外,倍点运算占总运算量的一半,由于Edwards曲线的倍点公式相对点加公式所需的运算量极少,新算法的运算量将大大减少。实验结果表明,MADC的最佳链长为160,MADC-160相对于EAC-320、SAC-260和 GRAC-258,效率分别提高了27%、10.4%和9.7%。

关键词: Edwards曲线, 标量乘法, 马尔科夫点加-倍点链(MADC), 简单能量攻击

Abstract: In view of the efficiency and safety of Edwards curve scalar multiplication, this paper proposes Markov Addition-Double Chain(MADC). The each loop of scalar multiplication algorithm based on MADC executes fixed “point addition-double” operation, which can resist the simple power analysis naturally. In addition, the timing cost of new algorithm will be reduced greatly because that the calculation of double operation accounts for half of the total and the computation of double operation needs very little calculation compared with point addition for Edwards curve. The experimental results show that, the length of MADC is 160 in the best case and the efficiency is increased by 27%, 10.4%and 9.7% respectively relative to EAC-320, SAC-260 and GRAC-258.

Key words:  Edwards curve, scalar multiplication, Markov Addition-Double Chain(MADC);simple power analysis