Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields

In this paper we improve the safety aspects of previously published atomic blocks. We build new sets of atomic blocks designed to protect against both simple side-channel attacks and C-safe fault attacks for scalar multiplication for elliptic curves over prime fields. These atomic blocks are structured with the sequence of field operations (

S

,

N

,

A

,

A

,

M

,

A

),

Squaring, Negation, Addition, Addition, Multiplication, Addition

. We apply these atomic blocks to various operations in Jacobian coordinates: doubling, tripling, and quintupling, as well as mixed Jacobian-affine addition. We also give formulae for the general Jacobian addition for use in right-to-left scalar multiplication. Finally, we show how these techniques can be used to unify the Jacobian doubling formula with mixed Jacobian-affine addition, so they use the same number of atomic blocks.

Like previous atomic blocks formulae, our group operations provide protection against simple side channel attacks by dividing the group operations into smaller sequences of field operations. One of the main differences with our formulae resides in their security against C-safe fault attacks. Unlike previous works, our formulae are designed to completely fill the atomic blocks with field operations that affect the final output (i.e. we avoid “dummy” operations) and are all distinct (none of the operations are repeated). They also have the added bonus of being slightly more “compact” than most previous atomic blocks, having fewer additions/negations for each multiplication/squaring, potentially giving a performance gain.