Dummy operations in scalar multiplication over elliptic curves: A tradeoff between security and performance

A large number of embedded systems require a high level of security. Elliptic curve cryptography is well suited for these constrained environments, but some countermeasures must be implemented to prevent leakage of critical data through side-channel analyses. This work attempts to propose one such countermeasure, without affecting performance. A windowing approach at the scalar multiplication level saves time, which is then used to perturb the attacker by inserting dummy operations at random instants. To increase our power analysis protection, the length of the windows in the scalar partitioning is chosen randomly. Our countermeasure makes the simple power analysis attack ineffective; robustness against differential power analysis is also increased. In order to meet the target security level, performance, or area constraints, designers only need to choose the suitable parameters of the proposed protected scalar multiplication. A new attack based on pattern identification on several power traces is also explored; this attack may be used against the proposed counter-measure but it is shown that with more dummy doublings the attack becomes ineffective with a small performance penalty.