A scalable and high performance elliptic curve processor with resistance to timing attacks

Abstract

This paper presents a high performance and scalable elliptic curve processor which is designed to be resistant against timing attacks. The point multiplication algorithm (double-add-subtract) is modified so that the processor performs the same operations for every 3 bits of the scalar k independent of the bit pattern of the 3 bits. Therefore, it is not possible to extract the key pattern using a timing attack. The data flow graph of the modified algorithm is derived and the underlying Galois field operators are scheduled so that the point multiplication delay is minimized. The architecture of this processor is based on the Galois field of GF(2n) and the bit-serial field multiplier and squarer are designed. The processor is configurable for any value of n and the delay of point multiplication is [18(n+3) + (n+3)/2 + 1]/spl times/(n/3) clock cycles. For the case of GF(2/sup 163/) the point multiplication delay is 165888 clock cycles.