Introduction
This chapter is aimed at studying the resistance of elliptic curve cryptosystems against side-channel analysis. The main operation for elliptic curve cryptosystems is the point multiplication: Q = [k]P, where the multiplier k is generally a secret (or private) parameter. In particular, this chapter surveys various software strategies to prevent side-channel attacks in the computation of Q = [k]P.
Given the rich mathematical structure of elliptic curves, an endless number of new countermeasures can be imagined. More importantly, as we will see, efficient countermeasures (i.e., with almost no impact on the running time and/or the memory requirements) are known. The advantage is clearly on the end-user side (not on the attacker side). We must also keep in mind that present-day cryptographic devices come equipped with a variety of hardware countermeasures, already making harder (or impossible) side-channel attacks.
As given in textbooks, the formulæ for doubling a point or for adding two (distinct) points on a Weierstraß elliptic curve are different. So, for example, from the distinction between the two operations, a simple power analysis (i.e., a simple side-channel analysis using power consumption as a side-channel; cf. Section IV.4) might produce different power traces, revealing the value of k in the point multiplication algorithm.