能抵御边信道攻击的椭圆曲线标量乘算法研究
|
摘要
目前,椭圆曲线标量乘法是椭圆曲线密码研究的热点问题之一。椭圆曲线标量乘法运算是基于椭圆曲线的数据加密、数字签名和密钥协商的主要的操作,因而,其计算算法直接影响各种椭圆曲线密码系统的实现效率,尤其是在智能卡、手机等计算能力、存储空间、网络带快受限的应用,标量乘法的实现效率问题显得更为重要。
边信道攻击是利用密码设备的边信道泄露,攻击密钥的一种新的攻击手段,对很多原来的标量乘算法是一个巨大威胁。今天,所有的椭圆曲线密码实现都开始重视采取对边信道攻击的防范措施。
提高提高椭圆曲线标量乘法的计算效率的技术很多,如:有符号二进制表示,非邻接表示型,混合坐标系策略,预计算,加法链等,一些特殊的椭圆曲线具有的特性也有助于提高标量乘的运算效率。对抗边信道攻击的方法主要是三类。统一加法公式,归一化点乘算法和随机化技术,但这些对抗措施都会带来标量乘法运算速度的损失,一个合理的标量乘法应当均衡考虑密码系统的计算速度和安全性上。综合利用各种提高标量乘法计算效率和安全性的多种技术,才能得到理想的椭圆曲线密码系统实现方案。本文深入分析了各种标量乘法的实现算法和对抗边信道攻击的措施,提出了一些能抵御边信道攻击的椭圆曲线标量乘算法。
本文的主要贡献和研究成果如下:
1.提出了一种基于二叉树加法链的椭圆曲线标量乘法。
提出了二叉树加法链的概念,丰富了加法链方法的内涵,并基于该加法链提出了标量乘算法。算法利用了一种新的点加速度快的混合坐标系策略,提高了计算效率,二叉树加法链具有的特殊结构又使它天然地具有抵御边信道攻击的能力。
2.提出了一种改进的安全的椭圆曲线标量乘法。
针对一般的二进制方法安全性不高的特点,提出了一种简单的有符号二进制编码方案,并将其应用于二进制窗口方法的标量乘法中,该方法能够抵御简单边信道攻击。该方法弥补了一些安全性缺陷,并提出了在点加运算中使用某些随机变量来对抗差分边信道攻击的方法。
3.提出了一种改进的Montgomery阶梯算法。
算法继承了基本Montgomery阶梯算法能对抗简单边信道攻击的安全性,同时,对安全性作了进一步提高,算法是一个并行的算法,特别适合于多处理器的密码设备,算法还采用了y坐标恢复的技术,进一步提高了计算效率。
4.提出了一种新的抵抗边信道攻击的Montgomery曲线标量乘法。
提出了斐波那契型数列的概念,斐波那契型数列结构上的特点使得它能够充分发挥Montgomery型曲线运算速度快的优势,算法采用了加法链方法来抵御简单边信道攻击,采用了黄金比率加法链方法减少加法链的长度,进一步提高了运算效率。
5.提出了一种新的基于随机投影表示的标量乘算法
随机投影表示是抵御边信道攻击的重要手段之一,本算法提出了利用随机投影表示对基点P进行随机化的方法,当该方法用于Montgomery曲线,且采用不使用y坐标的点加公式,标量乘法的运算效率同不使用随机化技术的算法相同,不需要额外的域操作。该方法还可以应用于其他类型的曲线,如Weierstrass曲线,Jacobian曲线。该方法应用于Montgomery曲线时,能高效地抵御简单边信道攻击,比其他能抵御简单边信道攻击的方法运算效率要高。.
6.提出了一种新的基于随机乘数的安全标量乘算法。
算法对标量k的非邻接表示型(NAF)进行了随机化再编码,隐藏了作为密钥的标量k的信息,能够抵御差分边信道攻击。另外,算法采用了能抵御简单边信道攻击的加减链标量乘算法。并且由于每次循环执行时的时间与具体的随机数有关,因而算法能够抵御时间攻击。
At present, elliptic curve scalar multiplication is one of the important practical problems. Elliptic curve scalar multiplication is the main operation of elliptic curve cryptography (ECC) based protocols, such as ECIES, ECDSA, and ECDH. Computation speed of elliptic curve scalar multiplication will directly case affect implementation efficiency of ECC based cyptosystem, which is more considerable for smart card or cell phone, where the computing power, storage spaces, width of network is limited.
Side-channel analysis (SCA) or information leakage analysis (ILA) refers to a new and emerging type of cryptanalysis that uses leaked side-channel information frome a cryptographic device to determine the secret key. It is a great threat to original elliptic curve scalar multiplication. Today, more and more attention has been driven to take countermeasure to defend SCA attack.
Many mothds can be applied to enhance computing efficiency of elliptic curve scalar multiplication, such as signed binary presentation, non-adjacant form (NAF), mixed coordinates strategy, precomputation, addition chain and so on. Some special kind of elliptic curv, such as Koblitz curve, hyperelliptic curve, Montgomery-form elliptic curve, who possesses some special features, have more efficient scalar multiplication. There are three kinds of countermeasures to defend side channel analysis, unified addition formulae, regular point multiplication algorithm, and randomization techniques. Each such method will reduce the computation efficiency of elliptic curve scalar multiplication. A reasonable scalar multiplication should balance the computing speed and computing efficiency of cryptosystem. An ideal elliptic curve cryptosystem can be obtained only by integrateing and optimizing different methods to inhance computing efficiency and computing speed. This paper deeply analizes different kinds of implementation algorithm of elliptic curve scalar multiplication and countermeasurs to defend side channel analysis, and proposed some side channel analysis resistant elliptic curve scalar multiplication algorithms.
The main contributions and accomplishments of this dissertation are as follows:
1. Proposing an bintree addition chain based elliptic curve scalar multiplication.
The concept of bintree was proposed, which enrich addition chain theory. A new scalar multiplication algorithm was proposed basing bintree addition chain. The algorithm adoppted a new mixed coordinate strategy and got the most fast point addition formulae , which enhances computing efficiency. Special structure of bintree addition chain maks it can defend side channel analysis naturally.
2. Proposing a improved algorithms for securing elliptic scalar multiplication against side channel attacks.
Considering the general binary method is not secure, the paper proposd a simple signed binary encoding scheme, wich is applied to binary window based scalar multiplication. The algorithm can resist side channel analysis and make up some secure flaw. In the end, An efficient randomization technique, using some random variables within the point addition operation, has also been proposed as a possible countermeasure against a DPA-style attack on the window-family algorithm.
3. Proposing a improved Montgomery ladder based algorithm.
The algorithm inherits secure feature of resisting side channel analysis from basis of Montgomery ladder algorithm. Meanwhile the secure level is further improved. The algorithm, which is to get high computing speed, is particularly applicable to multi-processor cyptophic devices. A y -coordinate recovery method is also apllied to improve computation speed further.
4. Proposing a new SCA resistant scalar multiplication of Montgomery-form curve.
The concep of Fabonacci-form series was proposed. Special structure of Fabonacci-form series takes full advantages of high computing speed of Montgomery-form curve. Addition chain method is also applied to resist simple side channle analysis. The length of addition chain was optimized by golden ratio addition chain, which improved computing efficiency deeply.
5. Proposing a new scalar multiplication algorithm based on randomized projective coordinate expression.
Randomized projective coordinate expression is one of the main measures to SCA attack. In the algorithm, base point P is randomized, and the its computational cost is the same as the computational cost of an operation of points without randomized expression. In the case of a Montgomeryform elliptic curve, we compute addition of two points in randomized projective coordinates using these difference points in unrandomized projective coordinates, namely, the Z-coordinate of the point to be 1, the resultant point is in randomized projective coordinates, and no extra field operations are required. The scalar multiplication method with randomized projective coordinates on a Montgomery-form elliptic curve is applicable to other types of elliptic curve, such as the Weierstrass form, and other coordinate systems, such as Jacobian coordinate. The scalar multiplication method on a Montgomery-form elliptic curve is effective against the simple power analysis (SPA) attack and is much faster than other scalar multiplication methods which prevent SPA.
6. Proposing a new scalar multiplication algorithm based on randomized projective coordinate expression.
The algorithm provides a differently randomized signed-scalar representation at every multiplication execution so that it makes DPA infeasible. In addition it uses an addition-subtraction multiplication algorithm to resist SPA. It also seems to be able to defeat timing attacks because every execution time of a scalar multiplication changes according to every differently randomized signed-scalar representation. The result shows that it needs no additional computation load compared to the ordinary binary scalar multiplication.
边信道攻击是利用密码设备的边信道泄露,攻击密钥的一种新的攻击手段,对很多原来的标量乘算法是一个巨大威胁。今天,所有的椭圆曲线密码实现都开始重视采取对边信道攻击的防范措施。
提高提高椭圆曲线标量乘法的计算效率的技术很多,如:有符号二进制表示,非邻接表示型,混合坐标系策略,预计算,加法链等,一些特殊的椭圆曲线具有的特性也有助于提高标量乘的运算效率。对抗边信道攻击的方法主要是三类。统一加法公式,归一化点乘算法和随机化技术,但这些对抗措施都会带来标量乘法运算速度的损失,一个合理的标量乘法应当均衡考虑密码系统的计算速度和安全性上。综合利用各种提高标量乘法计算效率和安全性的多种技术,才能得到理想的椭圆曲线密码系统实现方案。本文深入分析了各种标量乘法的实现算法和对抗边信道攻击的措施,提出了一些能抵御边信道攻击的椭圆曲线标量乘算法。
本文的主要贡献和研究成果如下:
1.提出了一种基于二叉树加法链的椭圆曲线标量乘法。
提出了二叉树加法链的概念,丰富了加法链方法的内涵,并基于该加法链提出了标量乘算法。算法利用了一种新的点加速度快的混合坐标系策略,提高了计算效率,二叉树加法链具有的特殊结构又使它天然地具有抵御边信道攻击的能力。
2.提出了一种改进的安全的椭圆曲线标量乘法。
针对一般的二进制方法安全性不高的特点,提出了一种简单的有符号二进制编码方案,并将其应用于二进制窗口方法的标量乘法中,该方法能够抵御简单边信道攻击。该方法弥补了一些安全性缺陷,并提出了在点加运算中使用某些随机变量来对抗差分边信道攻击的方法。
3.提出了一种改进的Montgomery阶梯算法。
算法继承了基本Montgomery阶梯算法能对抗简单边信道攻击的安全性,同时,对安全性作了进一步提高,算法是一个并行的算法,特别适合于多处理器的密码设备,算法还采用了y坐标恢复的技术,进一步提高了计算效率。
4.提出了一种新的抵抗边信道攻击的Montgomery曲线标量乘法。
提出了斐波那契型数列的概念,斐波那契型数列结构上的特点使得它能够充分发挥Montgomery型曲线运算速度快的优势,算法采用了加法链方法来抵御简单边信道攻击,采用了黄金比率加法链方法减少加法链的长度,进一步提高了运算效率。
5.提出了一种新的基于随机投影表示的标量乘算法
随机投影表示是抵御边信道攻击的重要手段之一,本算法提出了利用随机投影表示对基点P进行随机化的方法,当该方法用于Montgomery曲线,且采用不使用y坐标的点加公式,标量乘法的运算效率同不使用随机化技术的算法相同,不需要额外的域操作。该方法还可以应用于其他类型的曲线,如Weierstrass曲线,Jacobian曲线。该方法应用于Montgomery曲线时,能高效地抵御简单边信道攻击,比其他能抵御简单边信道攻击的方法运算效率要高。.
6.提出了一种新的基于随机乘数的安全标量乘算法。
算法对标量k的非邻接表示型(NAF)进行了随机化再编码,隐藏了作为密钥的标量k的信息,能够抵御差分边信道攻击。另外,算法采用了能抵御简单边信道攻击的加减链标量乘算法。并且由于每次循环执行时的时间与具体的随机数有关,因而算法能够抵御时间攻击。
At present, elliptic curve scalar multiplication is one of the important practical problems. Elliptic curve scalar multiplication is the main operation of elliptic curve cryptography (ECC) based protocols, such as ECIES, ECDSA, and ECDH. Computation speed of elliptic curve scalar multiplication will directly case affect implementation efficiency of ECC based cyptosystem, which is more considerable for smart card or cell phone, where the computing power, storage spaces, width of network is limited.
Side-channel analysis (SCA) or information leakage analysis (ILA) refers to a new and emerging type of cryptanalysis that uses leaked side-channel information frome a cryptographic device to determine the secret key. It is a great threat to original elliptic curve scalar multiplication. Today, more and more attention has been driven to take countermeasure to defend SCA attack.
Many mothds can be applied to enhance computing efficiency of elliptic curve scalar multiplication, such as signed binary presentation, non-adjacant form (NAF), mixed coordinates strategy, precomputation, addition chain and so on. Some special kind of elliptic curv, such as Koblitz curve, hyperelliptic curve, Montgomery-form elliptic curve, who possesses some special features, have more efficient scalar multiplication. There are three kinds of countermeasures to defend side channel analysis, unified addition formulae, regular point multiplication algorithm, and randomization techniques. Each such method will reduce the computation efficiency of elliptic curve scalar multiplication. A reasonable scalar multiplication should balance the computing speed and computing efficiency of cryptosystem. An ideal elliptic curve cryptosystem can be obtained only by integrateing and optimizing different methods to inhance computing efficiency and computing speed. This paper deeply analizes different kinds of implementation algorithm of elliptic curve scalar multiplication and countermeasurs to defend side channel analysis, and proposed some side channel analysis resistant elliptic curve scalar multiplication algorithms.
The main contributions and accomplishments of this dissertation are as follows:
1. Proposing an bintree addition chain based elliptic curve scalar multiplication.
The concept of bintree was proposed, which enrich addition chain theory. A new scalar multiplication algorithm was proposed basing bintree addition chain. The algorithm adoppted a new mixed coordinate strategy and got the most fast point addition formulae , which enhances computing efficiency. Special structure of bintree addition chain maks it can defend side channel analysis naturally.
2. Proposing a improved algorithms for securing elliptic scalar multiplication against side channel attacks.
Considering the general binary method is not secure, the paper proposd a simple signed binary encoding scheme, wich is applied to binary window based scalar multiplication. The algorithm can resist side channel analysis and make up some secure flaw. In the end, An efficient randomization technique, using some random variables within the point addition operation, has also been proposed as a possible countermeasure against a DPA-style attack on the window-family algorithm.
3. Proposing a improved Montgomery ladder based algorithm.
The algorithm inherits secure feature of resisting side channel analysis from basis of Montgomery ladder algorithm. Meanwhile the secure level is further improved. The algorithm, which is to get high computing speed, is particularly applicable to multi-processor cyptophic devices. A y -coordinate recovery method is also apllied to improve computation speed further.
4. Proposing a new SCA resistant scalar multiplication of Montgomery-form curve.
The concep of Fabonacci-form series was proposed. Special structure of Fabonacci-form series takes full advantages of high computing speed of Montgomery-form curve. Addition chain method is also applied to resist simple side channle analysis. The length of addition chain was optimized by golden ratio addition chain, which improved computing efficiency deeply.
5. Proposing a new scalar multiplication algorithm based on randomized projective coordinate expression.
Randomized projective coordinate expression is one of the main measures to SCA attack. In the algorithm, base point P is randomized, and the its computational cost is the same as the computational cost of an operation of points without randomized expression. In the case of a Montgomeryform elliptic curve, we compute addition of two points in randomized projective coordinates using these difference points in unrandomized projective coordinates, namely, the Z-coordinate of the point to be 1, the resultant point is in randomized projective coordinates, and no extra field operations are required. The scalar multiplication method with randomized projective coordinates on a Montgomery-form elliptic curve is applicable to other types of elliptic curve, such as the Weierstrass form, and other coordinate systems, such as Jacobian coordinate. The scalar multiplication method on a Montgomery-form elliptic curve is effective against the simple power analysis (SPA) attack and is much faster than other scalar multiplication methods which prevent SPA.
6. Proposing a new scalar multiplication algorithm based on randomized projective coordinate expression.
The algorithm provides a differently randomized signed-scalar representation at every multiplication execution so that it makes DPA infeasible. In addition it uses an addition-subtraction multiplication algorithm to resist SPA. It also seems to be able to defeat timing attacks because every execution time of a scalar multiplication changes according to every differently randomized signed-scalar representation. The result shows that it needs no additional computation load compared to the ordinary binary scalar multiplication.
引文
[1] Neal Koblitz. Elliptic Curve Cryptosystems [J]. Mathematics of Computation, 1987, 48(117):203-209.
[2] V. Miller. Use of elliptic curves in cryptography[C],Proceedings of CRYPTO 85. Berlin:Springer,1985.
[3] Diffie W, Hellman M E. New Directions in Cryptography[J]. IEEE Trans. on Information Theory, 1976, 22(6): 644-654.
[4] Riverst R L, Shamir A, Adleman. A method for obtaining digital signatures and public key cryptosystem[J]. Communications of the ACM,1978 (21): 120-126.
[5] T.ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985(31):469-472.
[6] J. Pollard. Theorems on factorization and primality testing[J]. Proc. Cambridge Phil.Soc, 1974,76(03):521-528.
[7] H.W.Lentra. Factoring integers with elliptic curves[J]. Annals of Mathematics. 1987(126):649-673.
[8] A.K.Lenstra, H.W.Lenstra. The development of number field sieve[M]. Berlin: Springer-Verlag,1993.
[9] F.Morain, J.Olivos. Speeding up the computations on an elliptic curve using addition-subtraction chains[J]. Theoretical Informatics and Applications, 1990(24):531-543.
[10] A.J.Menezes,T.Okamoto, S.A.Vanstone.Reducing elliptic curve logarithms to logarithms in a finite field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[11] R.Schoof. Elliptic curves over finite field and the computation of square roots mod p[J].Mathematics of Computation,1985(44):483-494.
[12] A.Atkin,F.Morain. Elliptic curves and primality proving[J]. Mathematics of Computation,1993(61):29-69.
[13] R Schoof.Counting Points on Elliptic Curves over Finite Fields[J].Journal of Theorie des Nombres de Bordeaux,1995(7):219-254.
[14] IEEE P1363.Standard Specifications for Public Key Cryptography.IEEE,2000.
[15] I.F.Blake,G.Seroussi,N.P.Smart.Advances in Elliptic Curve Cryptography[M]. Landon:Cam-bridge University Press,2005.
[16] D.Hankerson,A.Menezes,S.Vanstone.Guide to Elliptic CurveCryptography[M].北京:电子工业出版社,2005.
[17] M.O.Rabin. Digitalized signatures and public-key functions as intractable as factorization[R]. MIT Laboratory for Computer Science, Technical Report MIT/LCS/TR-212,1979.
[18] S. Goldwasser, S.Micali. Probabilistic encryption[J].J.Comp.Syst.SCi, 1984,28:270-299.
[19] C. Rackoff, D.Simmon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack[C], Proceedings of CRYPTO'91, Berlin: Springer-Verlag,1991:434-444.
[20] M. Bellare, P. Rogaway. Random oracle are practical: A paradigm for designing efficient protocols[C]. Proceeding of the first ACM Conference on Computer and Communicaions Security, ACM,1993:232-249..
[21] P.C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSA and other systems[J]. Advances in Cryptology-CRYPTO'96, Berlin:Springer-Verlag, 1996:104-113.
[22] P.C. Kocher, J.Jaffe, B.jun. Differential power analysis[J]. Advances in Cryptology-CRYPTO'99. Berlin:Springer-Verlag,1999:388-397.
[23] K. Grandolfi, C. Mourtel, F. Olivier. Electromagnetic analysis:Concrete results. Cryptographic Hardware and Embedded Systems[C]. Proc.CHES 2001. Berlin:Springer-Verlag,2001:251-261.
[24] J. Quisquater, D. Samyde. Electromagnetic analysis(EMA):Measures and counter-measures for smart cards[J]. Computer security-esorics 94,1994,875:319-334.
[25] M. Dacier,Y. Deswarte. Privilege graph: an extension to the typed access matrix model [J], in ESORICS, 1994, 1469:319-334.
[26] Nicolas Meloni1.New Point Addition Formulae for ECC Applications[C]. Proceedings of WAIF 2007, Berlin: Springer-Verlag .189-201
[27] L.Batina,N.Mentens,K.Sakiyama,B.Preneel,I.Verbauwhede.Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks[C].ESAS 2006.2006, 4357: 6-17.
[28] A.Liu,P.Kampanakis,P.Ning. ECC:Elliptic Curve Cryptography for Sensor Net-works(Version0.3)(February 2007)[EB/OL],http://discovery.csc.ncsu.edu/software/TinyECC/
[29]祝跃飞,张亚娟.椭圆曲线公钥密码导引[M].北京:科学出版社,2006.
[30] Harald Niederreiter,Chaoping Xing.Rational points on curves over finite fields:theory and applications[M]: Cambridge:Cambridge University Press, 2001.
[31] ANSI X9.62.Public Key Cryptography for the Financial Services Industry:The Elliptic Curve Digital Signature Algorithm(ECDSA).American National Standards Institute,1999.
[32] ANSI X9.63.Public Key Cryptography for the Financial Services Industry:Elliptic Curve Key Agreement and Transport Protocols.American National Standards Institute,2001.Draft.
[33] FIPS PUB 186-2.Digital Signature Standard(DSS).National Institute for Standards and Technology,2000.
[34] ISO X9.62.International Standard 15946-2:Information Technology-Security Techniques-Cryptographic techniques based on elliptic curves-Part 2:Digital Signatures.International Standards Organization,2000.
[35] SEC 1.Elliptic Curve Cryptography.Standards for E?cient Cryptography Group,1999.A. Blumstein, Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates [R], Washington,DC: National Academy of Sciences, 1978.
[36] R.Lidl, H.Niederreiter.Introduction to Finite Fields and Their Applications [M].UK:Cambridge University Press,1986.
[37] Certicom, ECC Tutorial,http://www.certicom.com/index.php/10-introduction, 2010.
[38] P.A.Fouque, F.Valette.The doubling attack-why upwards is better than downwards[C].CHES 2003,2003,2779:269-280.
[39] J.Solinas. Efficient arithmetic on Koblitz curves. Designs,Codes and Crytography, 2000,19:195-249.
[40] R. Agnew. Testing the leading crime theories: an alternative strategy focusing on motivational process [J], Research in Crime and Delinquency, 1995, 32(4): 363-398.
[41] Koblitz N. Hyperelliptic Cryp tolgraphy[ J ]. J of Crypto, 1989, 1 (3) 139- 150.
[42] Cantor D G.Computing in the Jacobian of A hyperelliptic curve[J].Math Comp,1987,48:95-101.
[43] Harley R. Addition Text, Doubling C[DB /OL ]. http: / / cristal. inria. fr/~harley/hyper, 2000211212.
[44] Lange T. EfficientArithmetic on Genus 2 Hyperelliptic Curves Over Finite Fields Via Explicit Formulae [DB /OL ]. Cryptology ePrintArchive, Report 2002 /121, http: / / ep rint. iacr. org, 2002209210.
[45] Katsuyuki Okeya, Kouichi Sakurai. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[C]. Proc.CHES2001, 2001,Berlin:Springer-Verlag: 126–14.
[46] P.L.Montgomery. Speeding the Pollard and elliptic curve methods of factorization[J]. Math. Com. 1987,48(177):143-264.
[47] Katsuyuki Okeya, Kouichi Miyazaki, Kouichi Sakurai. A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve[J].Information security and Cryptology, 2002,2288:3-9.
[48] H.Cohen, A.Miyaji, T.Ono. Efficient elliptic curve exponentiation using mixed coordinates[C]. Proc. Asiacrypt’98, 1999,1541: 51-65.
[49] L.Goubin. A refined power-analysis attack on elliptic curve cryptosystem [C].Proc. CHES'99. Berlin:Springer-Verlag,1999: 199-210.
[50] O. Billet, M. Joye. The Jacobi model of an elliptic curve and side-channel analysis. Applied Algebra[J], Algebraic Algorithms and Error-Correcting Codes, 2003, 2643:34–42.
[51] P.Y.Liardet, N.P. Smart. Preventing SPA/DPA in ECC systems using the Jacobi form[J]. Cryptographic Hardware and Embedded Systems, 2000, 1965:391-401.
[52] M.Joye, J.Quisquater. Hessian elliptic curves and side-channel attacks[J]. Cryptographic Hardware and Embedded Systems , 2001,2162:402-410.
[53] B. Chevallier-Mames, M. Ciet, M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity[J]. IEEE Trans Computers,2004:760–768.
[54] J.S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems[J]. Cryptographic Hardware and Embedded Systems,1999, 1717:292–302.
[55]é. Brier, I. Déchène, M. Joye. Unified addition formulae for elliptic curve cryptosystems[M]. Embedded Cryptographic Hardware: Methodologies and Architectures. Nova:Science Publishers, 2004:397-402.
[56]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[J]. PublicKey Cryptography, 2002, 2274:335–345.
[57] Ning Zhang, Zhixiong Chen, Guozhen Xiao. Efficient elliptic curve scalar multiplication algorithms resistant to power analysis[J]. Information Sciences,2007, 177:2119-2129.
[58] J. López, R. Dahab. Fast multiplication on elliptic curves over GF(2m) without precomputation[J]. Cryptographic Hardware and Embedded Systems, 1999, 1717:316-327.
[59] B. M?ller. Securing elliptic curve point multiplication against side-channel attacks[J]. Information Security, 2001, 2200:324-334.
[60] K. Okeya, K. Sakurai. Power analysis breaks elliptic curve cryptosystems even secure against the timing attack[C]. Progress in Cryptology– INDOCRYPT 2000, Berlin: Springer-Verlag, 2000:178-190.
[61] J.Coron.Resistance against differential power analysis for elliptic curve cryptosystem[C],Proc.CHES 1999, 1999:292-302.
[62]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[C]. Public Key Cryptography– PKC 2002.Berlin:Springer-Verlag, 2002 :335–345.
[63] Katsuyuki Okeya, Kouichi Sakurai. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[C]. CHES2001, Berlin:Springer-Verlag, 2001: 126-134.
[64] H.Cohen, A.Miyaji and T.Ono, Efficient elliptic curve exponentiation using mixed coordinates[C], Asiacrypt’98. Berlin:Springer Verlag, 1999:51-65.
[65] K. Srinathan, C. Pandu Rangan, M. Yung.Efficient Window-Based Scalar Multiplication on Elliptic Curves Using Double-Base Number System[P], Indocrypt 2007, 2007:351–360,.
[66] K.W. Wong, Edward C.W. Lee, L.M. Cheng, Xiaofeng Liao, Fast elliptic scalar multiplication using new double-base chain and point halving[J], Applied Mathematics and Computation ,2006, 183 :1000–1007.
[67] P. Balasubramanibm, E.Karthikeyan.Elliptic curve scalar multiplication algorithm using complementary brecoding[J], Applied Mathematics and Computation,2007, 190:51-56.
[68] J.-S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems[J]. Cryptographic Hardware and Embedded Systems–CHES’99. 1999,1717:292–302.
[69] P.C. Kocher. Timing attacks on implementations of Diffie–Hellman, RSA, DSS, andother systems[M]. Advances in Cryptology– CRYPTO’96. Berlin:Springer- Verlag, 1996:104–113.
[70] D.V. Chudnovsky, G.V. Chudnovsky. Sequences of numbers generated by addition in formal groups and new primality and factorization tests[J]. Adv. Applied Math, 1987, 7:385–434.
[71] H. Cohen, A. Miyaji , T. Ono. Efficient elliptic curve exponentiation using mixed coordinates[J]. Cryptographic Hardware and Embedded Systems–CHES 2001.2001,124: 51–65.
[72] M. Joye, C. Tymen. Protections against differential analysis for elliptic curve cryptography: An algebraic approach[C]. Cryptographic Hardware and Embedded Systems–CHES 2001. Berlin:Springer-Verlag, 2001:377–390.
[73] S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi. Towards sound approaches to counteract power-analysis attacks[M]. Advances in Cryptology– CRYPTO’99. Berlin:Springer-Verlag, 1999: 398–412.
[74] E. Trichina , A. Bellezza. Implementation of elliptic curve cryptography with built-in countermeasures against side channel attacks[J]. Cryptographic Hardware and EmbeddedSystems– CHES 2002, 2003, 2523: 98–113.
[75] Okeya, K., Sakurai, K. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[J], Cryptographic Hardware and Embedded System (CHES’01), 2001:126-141.
[76] Coron, J.S.. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems[J], Cryptographic Hardware and Embedded Systems (CHES’99),1999: 292-302.
[77] Okeya, K., Sakurai, K..Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack[J], Progress in Cryptology - INDOCRYPT 2000, 2000: 178-190.
[78] E. Oswald, M. Aigner.Randomized addition-subtraction chains as a countermeasure against power attacks[J]. Cryptographic Hardware and Embedded Systems– CHES’01, 2001: 39–50.
[79] O. Egecioglu, C . K. Koc.Exponentiation using canonical recoding[J] . Theoretical Computer Science, 1994, 129(2): 407–417.
[80] Shichun Pang, Fuzong Cong, Shouyu Tong, Haiyan Qiu. An Efficient Elliptic Curve Scalar Multiplication Algorithm against Side Channel Attacks[C]. Proceedings of the 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering(CMCE2010). Berlin:Springer -Verlag,2010: 231-285.
[81]庞世春,刘淑芬,从福仲,姚志林.一种Montgomery型椭圆曲线的高效标量乘算法[J].电子学报.2010.8.接收
[82] Kaliski B S Jr.The Montgomery Inverse and its Applications[J]. IEEE Trans on Computers.1995, 48(8):1064-1065.
[83]刘双根,快速安全的椭圆曲线标量乘算法[D],西安:西安电子科技大学,2008.
[84]孙跃刚,椭圆曲线密码体制中若干问题研究[D],长春:吉林大学,2009.
[85]张宁,能量分析攻击下安全的椭圆曲线标量乘法[D],西安:西安电子科技大学,2007.
[86]丁勇,椭圆曲线密码体系中标量乘的快速算法研究[D],西安:西安电子科技大学,2005.
[87]于飞,对于有限域上椭圆曲线的一些算术问题的研究[D],合肥:中国科学技术大学,2008.
[88]郝艳华,超椭圆曲线密码体制中标量乘法的快速算法研究[D],西安:西安电子科技大学,2007.
[89]王庆生,有限域运算和椭圆曲线数乘运算研究[D],成都:电子科技大学,2005.
[90] Necolas Meloni, et al. Fast and secure elliptic curve scalar multiplicition over prime fields using special addition chains[OL]. Cryptology ePrint Archive,2006, http://eprint.iacr.org/.
[91] K.Fong, D.Hankerson, et al. Field Inversion and Point Halving Revisited[J]. IEEE Transactions on Computers, 2004,.53(8):1047-1059.
[92] Yasuyuki Sakai, Kouichi Sakai, et al. Efficient Scalar Multiplications on Elliptic Curves with Direct Computations of Several Doublings[J]. IEICE Trans.Fundmentals,2001,84(1):120-128.
[93]李银,陈恭亮,李建华. P元扩域上的快速乘法[J].通信学报, 2009,30(11): 101-105.
[94] Raveen R. Goundar, Kenichi Shiota, Masahiko Toyonaga. SPA Resistent Scalar Multiplication using Golden Ratio Addition Chain Method[J]. International Journal of Applied Mathematics,2008,38(2):110-119.
[95] Katsuyuki Okeya, Tsuyoshi Takagi, Camille Vuillaume. Short Memory Scalar Multiplication on Koblitz Curve[A]. In Proceedings of CHES2005,Berlin, Springer-Verlag,2005.91-105.
[96]鲍皖苏,陈辉.基于双基表示的并列点乘算法[J].电子学报,2009,37 (4):.873- 876.
[97]刘铎,戴一齐.计算椭圆曲线上多标量乘的快速算法[J].计算机学报,2008,31 (7):1131-1137.
[98]游林.一类超椭圆曲线上的快速除子标量乘[J].电子学报,2008,36 (10):2049-2054.
[99]侯整风,李岚.椭圆曲线密码系统整体算法设计及优化研究[J].电子学报,2004,32(11):1904-1906.
[100] Andrew Bryne, Nicolas Meloni, Emanuel, et al. SPA resistant elliptic curve cyptosystem using addition chains[J]. International Journal of High Performance Systems Architecture,2007,1(2):133-142.
[101] Goundar, R.R., Shiota,K.,Toyonaga,M.. New Strategy for Doubling-free Short Additon-Subtraction Chain[J]. International Journal of Applied Mathematics, 2007,2(3):438-445.
[102]é. Brier, I. Déchène and M. Joye. Unified addition formulae for elliptic curve cryptosystems[M]. Embedded Cryptographic Hardware: Methodologies and Architectures,Paris:Nova Science Publishers, 2004:397-402.
[103]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[M]. Public Key Cryptography, Berlin:Springer-Verlag, 2002:335–345.
[104] O. Billet, M. Joye. The Jacobi model of an elliptic curve and side-channel analysis. Applied Algebra, Algebraic Algorithms and Error-Correcting Codes[M], LNCS 2643, Berlin,Springer-Verlag, 2003: 34–42.
[105]P.Y.Liardet, N.P. Smart. Preventing SPA/DPA in ECC systems using the Jacobi form[M]. Cryptographic Hardware and Embedded Systems, Berlin:Springer -Verlag,2000:391-401.
[106] B. Chevallier-Mames, M. Ciet, M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity[J]. IEEE Trans Computers, 2004,54(6):760–768.
[107] Ning Zhang, Zhixiong Chen, Guozhen Xiao. Efficient elliptic curve scalar multiplication algorithms resistant to power analysis[J]. Information Sciences, 2007,17(7):2119-2129.
[108] B. M?ller. Securing elliptic curve point multiplication against side-channel attacks[J].Information Security, 2001,54(2):324-334.
[109] T. Izu, T. Takagi. A fast parallel elliptic curve multiplication resistant against side channel attacks[C]. Proceedings of Public Key Cryptography 2002, 2002:280–296.
[110] Meloni, et al. Fast and secure elliptic curve scalar multiplicition over prime fields using special addition chains[OL]. Cryptology ePrint Archive,2006,http://eprint.iacr.org/.
[111] Nicolas Meloni. New Point Addition Formulae for ECC Application[C]. Proceedings of WAIF2007,LNCS 4547,2007.189-201.
[112] Andrew Bryne, Nicolas Meloni, Emanuel, et al. SPA resistant elliptic curve cyptosystem using addition chains[J]. International Journal of High Performance Systems Architecture, 2007,1(2):133-142.
[113] Katsuyuki Okeya, Kouichi Miyazaki, Kouichi Sakurai. A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve Secure against Side Channel Attacks[C]. Proceedings of ICICS2001,LNCS 2288,2002.428-439.
[2] V. Miller. Use of elliptic curves in cryptography[C],Proceedings of CRYPTO 85. Berlin:Springer,1985.
[3] Diffie W, Hellman M E. New Directions in Cryptography[J]. IEEE Trans. on Information Theory, 1976, 22(6): 644-654.
[4] Riverst R L, Shamir A, Adleman. A method for obtaining digital signatures and public key cryptosystem[J]. Communications of the ACM,1978 (21): 120-126.
[5] T.ElGamal. A public key cryptosystem and signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985(31):469-472.
[6] J. Pollard. Theorems on factorization and primality testing[J]. Proc. Cambridge Phil.Soc, 1974,76(03):521-528.
[7] H.W.Lentra. Factoring integers with elliptic curves[J]. Annals of Mathematics. 1987(126):649-673.
[8] A.K.Lenstra, H.W.Lenstra. The development of number field sieve[M]. Berlin: Springer-Verlag,1993.
[9] F.Morain, J.Olivos. Speeding up the computations on an elliptic curve using addition-subtraction chains[J]. Theoretical Informatics and Applications, 1990(24):531-543.
[10] A.J.Menezes,T.Okamoto, S.A.Vanstone.Reducing elliptic curve logarithms to logarithms in a finite field[J].IEEE Transactions on Information Theory,1993,39(5):1639-1646.
[11] R.Schoof. Elliptic curves over finite field and the computation of square roots mod p[J].Mathematics of Computation,1985(44):483-494.
[12] A.Atkin,F.Morain. Elliptic curves and primality proving[J]. Mathematics of Computation,1993(61):29-69.
[13] R Schoof.Counting Points on Elliptic Curves over Finite Fields[J].Journal of Theorie des Nombres de Bordeaux,1995(7):219-254.
[14] IEEE P1363.Standard Specifications for Public Key Cryptography.IEEE,2000.
[15] I.F.Blake,G.Seroussi,N.P.Smart.Advances in Elliptic Curve Cryptography[M]. Landon:Cam-bridge University Press,2005.
[16] D.Hankerson,A.Menezes,S.Vanstone.Guide to Elliptic CurveCryptography[M].北京:电子工业出版社,2005.
[17] M.O.Rabin. Digitalized signatures and public-key functions as intractable as factorization[R]. MIT Laboratory for Computer Science, Technical Report MIT/LCS/TR-212,1979.
[18] S. Goldwasser, S.Micali. Probabilistic encryption[J].J.Comp.Syst.SCi, 1984,28:270-299.
[19] C. Rackoff, D.Simmon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack[C], Proceedings of CRYPTO'91, Berlin: Springer-Verlag,1991:434-444.
[20] M. Bellare, P. Rogaway. Random oracle are practical: A paradigm for designing efficient protocols[C]. Proceeding of the first ACM Conference on Computer and Communicaions Security, ACM,1993:232-249..
[21] P.C. Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSA and other systems[J]. Advances in Cryptology-CRYPTO'96, Berlin:Springer-Verlag, 1996:104-113.
[22] P.C. Kocher, J.Jaffe, B.jun. Differential power analysis[J]. Advances in Cryptology-CRYPTO'99. Berlin:Springer-Verlag,1999:388-397.
[23] K. Grandolfi, C. Mourtel, F. Olivier. Electromagnetic analysis:Concrete results. Cryptographic Hardware and Embedded Systems[C]. Proc.CHES 2001. Berlin:Springer-Verlag,2001:251-261.
[24] J. Quisquater, D. Samyde. Electromagnetic analysis(EMA):Measures and counter-measures for smart cards[J]. Computer security-esorics 94,1994,875:319-334.
[25] M. Dacier,Y. Deswarte. Privilege graph: an extension to the typed access matrix model [J], in ESORICS, 1994, 1469:319-334.
[26] Nicolas Meloni1.New Point Addition Formulae for ECC Applications[C]. Proceedings of WAIF 2007, Berlin: Springer-Verlag .189-201
[27] L.Batina,N.Mentens,K.Sakiyama,B.Preneel,I.Verbauwhede.Low-Cost Elliptic Curve Cryptography for Wireless Sensor Networks[C].ESAS 2006.2006, 4357: 6-17.
[28] A.Liu,P.Kampanakis,P.Ning. ECC:Elliptic Curve Cryptography for Sensor Net-works(Version0.3)(February 2007)[EB/OL],http://discovery.csc.ncsu.edu/software/TinyECC/
[29]祝跃飞,张亚娟.椭圆曲线公钥密码导引[M].北京:科学出版社,2006.
[30] Harald Niederreiter,Chaoping Xing.Rational points on curves over finite fields:theory and applications[M]: Cambridge:Cambridge University Press, 2001.
[31] ANSI X9.62.Public Key Cryptography for the Financial Services Industry:The Elliptic Curve Digital Signature Algorithm(ECDSA).American National Standards Institute,1999.
[32] ANSI X9.63.Public Key Cryptography for the Financial Services Industry:Elliptic Curve Key Agreement and Transport Protocols.American National Standards Institute,2001.Draft.
[33] FIPS PUB 186-2.Digital Signature Standard(DSS).National Institute for Standards and Technology,2000.
[34] ISO X9.62.International Standard 15946-2:Information Technology-Security Techniques-Cryptographic techniques based on elliptic curves-Part 2:Digital Signatures.International Standards Organization,2000.
[35] SEC 1.Elliptic Curve Cryptography.Standards for E?cient Cryptography Group,1999.A. Blumstein, Deterrence and incapacitation: estimating the effects of criminal sanctions on crime rates [R], Washington,DC: National Academy of Sciences, 1978.
[36] R.Lidl, H.Niederreiter.Introduction to Finite Fields and Their Applications [M].UK:Cambridge University Press,1986.
[37] Certicom, ECC Tutorial,http://www.certicom.com/index.php/10-introduction, 2010.
[38] P.A.Fouque, F.Valette.The doubling attack-why upwards is better than downwards[C].CHES 2003,2003,2779:269-280.
[39] J.Solinas. Efficient arithmetic on Koblitz curves. Designs,Codes and Crytography, 2000,19:195-249.
[40] R. Agnew. Testing the leading crime theories: an alternative strategy focusing on motivational process [J], Research in Crime and Delinquency, 1995, 32(4): 363-398.
[41] Koblitz N. Hyperelliptic Cryp tolgraphy[ J ]. J of Crypto, 1989, 1 (3) 139- 150.
[42] Cantor D G.Computing in the Jacobian of A hyperelliptic curve[J].Math Comp,1987,48:95-101.
[43] Harley R. Addition Text, Doubling C[DB /OL ]. http: / / cristal. inria. fr/~harley/hyper, 2000211212.
[44] Lange T. EfficientArithmetic on Genus 2 Hyperelliptic Curves Over Finite Fields Via Explicit Formulae [DB /OL ]. Cryptology ePrintArchive, Report 2002 /121, http: / / ep rint. iacr. org, 2002209210.
[45] Katsuyuki Okeya, Kouichi Sakurai. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[C]. Proc.CHES2001, 2001,Berlin:Springer-Verlag: 126–14.
[46] P.L.Montgomery. Speeding the Pollard and elliptic curve methods of factorization[J]. Math. Com. 1987,48(177):143-264.
[47] Katsuyuki Okeya, Kouichi Miyazaki, Kouichi Sakurai. A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve[J].Information security and Cryptology, 2002,2288:3-9.
[48] H.Cohen, A.Miyaji, T.Ono. Efficient elliptic curve exponentiation using mixed coordinates[C]. Proc. Asiacrypt’98, 1999,1541: 51-65.
[49] L.Goubin. A refined power-analysis attack on elliptic curve cryptosystem [C].Proc. CHES'99. Berlin:Springer-Verlag,1999: 199-210.
[50] O. Billet, M. Joye. The Jacobi model of an elliptic curve and side-channel analysis. Applied Algebra[J], Algebraic Algorithms and Error-Correcting Codes, 2003, 2643:34–42.
[51] P.Y.Liardet, N.P. Smart. Preventing SPA/DPA in ECC systems using the Jacobi form[J]. Cryptographic Hardware and Embedded Systems, 2000, 1965:391-401.
[52] M.Joye, J.Quisquater. Hessian elliptic curves and side-channel attacks[J]. Cryptographic Hardware and Embedded Systems , 2001,2162:402-410.
[53] B. Chevallier-Mames, M. Ciet, M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity[J]. IEEE Trans Computers,2004:760–768.
[54] J.S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems[J]. Cryptographic Hardware and Embedded Systems,1999, 1717:292–302.
[55]é. Brier, I. Déchène, M. Joye. Unified addition formulae for elliptic curve cryptosystems[M]. Embedded Cryptographic Hardware: Methodologies and Architectures. Nova:Science Publishers, 2004:397-402.
[56]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[J]. PublicKey Cryptography, 2002, 2274:335–345.
[57] Ning Zhang, Zhixiong Chen, Guozhen Xiao. Efficient elliptic curve scalar multiplication algorithms resistant to power analysis[J]. Information Sciences,2007, 177:2119-2129.
[58] J. López, R. Dahab. Fast multiplication on elliptic curves over GF(2m) without precomputation[J]. Cryptographic Hardware and Embedded Systems, 1999, 1717:316-327.
[59] B. M?ller. Securing elliptic curve point multiplication against side-channel attacks[J]. Information Security, 2001, 2200:324-334.
[60] K. Okeya, K. Sakurai. Power analysis breaks elliptic curve cryptosystems even secure against the timing attack[C]. Progress in Cryptology– INDOCRYPT 2000, Berlin: Springer-Verlag, 2000:178-190.
[61] J.Coron.Resistance against differential power analysis for elliptic curve cryptosystem[C],Proc.CHES 1999, 1999:292-302.
[62]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[C]. Public Key Cryptography– PKC 2002.Berlin:Springer-Verlag, 2002 :335–345.
[63] Katsuyuki Okeya, Kouichi Sakurai. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[C]. CHES2001, Berlin:Springer-Verlag, 2001: 126-134.
[64] H.Cohen, A.Miyaji and T.Ono, Efficient elliptic curve exponentiation using mixed coordinates[C], Asiacrypt’98. Berlin:Springer Verlag, 1999:51-65.
[65] K. Srinathan, C. Pandu Rangan, M. Yung.Efficient Window-Based Scalar Multiplication on Elliptic Curves Using Double-Base Number System[P], Indocrypt 2007, 2007:351–360,.
[66] K.W. Wong, Edward C.W. Lee, L.M. Cheng, Xiaofeng Liao, Fast elliptic scalar multiplication using new double-base chain and point halving[J], Applied Mathematics and Computation ,2006, 183 :1000–1007.
[67] P. Balasubramanibm, E.Karthikeyan.Elliptic curve scalar multiplication algorithm using complementary brecoding[J], Applied Mathematics and Computation,2007, 190:51-56.
[68] J.-S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems[J]. Cryptographic Hardware and Embedded Systems–CHES’99. 1999,1717:292–302.
[69] P.C. Kocher. Timing attacks on implementations of Diffie–Hellman, RSA, DSS, andother systems[M]. Advances in Cryptology– CRYPTO’96. Berlin:Springer- Verlag, 1996:104–113.
[70] D.V. Chudnovsky, G.V. Chudnovsky. Sequences of numbers generated by addition in formal groups and new primality and factorization tests[J]. Adv. Applied Math, 1987, 7:385–434.
[71] H. Cohen, A. Miyaji , T. Ono. Efficient elliptic curve exponentiation using mixed coordinates[J]. Cryptographic Hardware and Embedded Systems–CHES 2001.2001,124: 51–65.
[72] M. Joye, C. Tymen. Protections against differential analysis for elliptic curve cryptography: An algebraic approach[C]. Cryptographic Hardware and Embedded Systems–CHES 2001. Berlin:Springer-Verlag, 2001:377–390.
[73] S. Chari, C.S. Jutla, J.R. Rao, P. Rohatgi. Towards sound approaches to counteract power-analysis attacks[M]. Advances in Cryptology– CRYPTO’99. Berlin:Springer-Verlag, 1999: 398–412.
[74] E. Trichina , A. Bellezza. Implementation of elliptic curve cryptography with built-in countermeasures against side channel attacks[J]. Cryptographic Hardware and EmbeddedSystems– CHES 2002, 2003, 2523: 98–113.
[75] Okeya, K., Sakurai, K. Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve[J], Cryptographic Hardware and Embedded System (CHES’01), 2001:126-141.
[76] Coron, J.S.. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems[J], Cryptographic Hardware and Embedded Systems (CHES’99),1999: 292-302.
[77] Okeya, K., Sakurai, K..Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack[J], Progress in Cryptology - INDOCRYPT 2000, 2000: 178-190.
[78] E. Oswald, M. Aigner.Randomized addition-subtraction chains as a countermeasure against power attacks[J]. Cryptographic Hardware and Embedded Systems– CHES’01, 2001: 39–50.
[79] O. Egecioglu, C . K. Koc.Exponentiation using canonical recoding[J] . Theoretical Computer Science, 1994, 129(2): 407–417.
[80] Shichun Pang, Fuzong Cong, Shouyu Tong, Haiyan Qiu. An Efficient Elliptic Curve Scalar Multiplication Algorithm against Side Channel Attacks[C]. Proceedings of the 2010 International Conference on Computer, Mechatronics, Control and Electronic Engineering(CMCE2010). Berlin:Springer -Verlag,2010: 231-285.
[81]庞世春,刘淑芬,从福仲,姚志林.一种Montgomery型椭圆曲线的高效标量乘算法[J].电子学报.2010.8.接收
[82] Kaliski B S Jr.The Montgomery Inverse and its Applications[J]. IEEE Trans on Computers.1995, 48(8):1064-1065.
[83]刘双根,快速安全的椭圆曲线标量乘算法[D],西安:西安电子科技大学,2008.
[84]孙跃刚,椭圆曲线密码体制中若干问题研究[D],长春:吉林大学,2009.
[85]张宁,能量分析攻击下安全的椭圆曲线标量乘法[D],西安:西安电子科技大学,2007.
[86]丁勇,椭圆曲线密码体系中标量乘的快速算法研究[D],西安:西安电子科技大学,2005.
[87]于飞,对于有限域上椭圆曲线的一些算术问题的研究[D],合肥:中国科学技术大学,2008.
[88]郝艳华,超椭圆曲线密码体制中标量乘法的快速算法研究[D],西安:西安电子科技大学,2007.
[89]王庆生,有限域运算和椭圆曲线数乘运算研究[D],成都:电子科技大学,2005.
[90] Necolas Meloni, et al. Fast and secure elliptic curve scalar multiplicition over prime fields using special addition chains[OL]. Cryptology ePrint Archive,2006, http://eprint.iacr.org/.
[91] K.Fong, D.Hankerson, et al. Field Inversion and Point Halving Revisited[J]. IEEE Transactions on Computers, 2004,.53(8):1047-1059.
[92] Yasuyuki Sakai, Kouichi Sakai, et al. Efficient Scalar Multiplications on Elliptic Curves with Direct Computations of Several Doublings[J]. IEICE Trans.Fundmentals,2001,84(1):120-128.
[93]李银,陈恭亮,李建华. P元扩域上的快速乘法[J].通信学报, 2009,30(11): 101-105.
[94] Raveen R. Goundar, Kenichi Shiota, Masahiko Toyonaga. SPA Resistent Scalar Multiplication using Golden Ratio Addition Chain Method[J]. International Journal of Applied Mathematics,2008,38(2):110-119.
[95] Katsuyuki Okeya, Tsuyoshi Takagi, Camille Vuillaume. Short Memory Scalar Multiplication on Koblitz Curve[A]. In Proceedings of CHES2005,Berlin, Springer-Verlag,2005.91-105.
[96]鲍皖苏,陈辉.基于双基表示的并列点乘算法[J].电子学报,2009,37 (4):.873- 876.
[97]刘铎,戴一齐.计算椭圆曲线上多标量乘的快速算法[J].计算机学报,2008,31 (7):1131-1137.
[98]游林.一类超椭圆曲线上的快速除子标量乘[J].电子学报,2008,36 (10):2049-2054.
[99]侯整风,李岚.椭圆曲线密码系统整体算法设计及优化研究[J].电子学报,2004,32(11):1904-1906.
[100] Andrew Bryne, Nicolas Meloni, Emanuel, et al. SPA resistant elliptic curve cyptosystem using addition chains[J]. International Journal of High Performance Systems Architecture,2007,1(2):133-142.
[101] Goundar, R.R., Shiota,K.,Toyonaga,M.. New Strategy for Doubling-free Short Additon-Subtraction Chain[J]. International Journal of Applied Mathematics, 2007,2(3):438-445.
[102]é. Brier, I. Déchène and M. Joye. Unified addition formulae for elliptic curve cryptosystems[M]. Embedded Cryptographic Hardware: Methodologies and Architectures,Paris:Nova Science Publishers, 2004:397-402.
[103]é. Brier, M. Joye. Weierstra elliptic curves and side-channel attacks[M]. Public Key Cryptography, Berlin:Springer-Verlag, 2002:335–345.
[104] O. Billet, M. Joye. The Jacobi model of an elliptic curve and side-channel analysis. Applied Algebra, Algebraic Algorithms and Error-Correcting Codes[M], LNCS 2643, Berlin,Springer-Verlag, 2003: 34–42.
[105]P.Y.Liardet, N.P. Smart. Preventing SPA/DPA in ECC systems using the Jacobi form[M]. Cryptographic Hardware and Embedded Systems, Berlin:Springer -Verlag,2000:391-401.
[106] B. Chevallier-Mames, M. Ciet, M. Joye. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity[J]. IEEE Trans Computers, 2004,54(6):760–768.
[107] Ning Zhang, Zhixiong Chen, Guozhen Xiao. Efficient elliptic curve scalar multiplication algorithms resistant to power analysis[J]. Information Sciences, 2007,17(7):2119-2129.
[108] B. M?ller. Securing elliptic curve point multiplication against side-channel attacks[J].Information Security, 2001,54(2):324-334.
[109] T. Izu, T. Takagi. A fast parallel elliptic curve multiplication resistant against side channel attacks[C]. Proceedings of Public Key Cryptography 2002, 2002:280–296.
[110] Meloni, et al. Fast and secure elliptic curve scalar multiplicition over prime fields using special addition chains[OL]. Cryptology ePrint Archive,2006,http://eprint.iacr.org/.
[111] Nicolas Meloni. New Point Addition Formulae for ECC Application[C]. Proceedings of WAIF2007,LNCS 4547,2007.189-201.
[112] Andrew Bryne, Nicolas Meloni, Emanuel, et al. SPA resistant elliptic curve cyptosystem using addition chains[J]. International Journal of High Performance Systems Architecture, 2007,1(2):133-142.
[113] Katsuyuki Okeya, Kouichi Miyazaki, Kouichi Sakurai. A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-Form Elliptic Curve Secure against Side Channel Attacks[C]. Proceedings of ICICS2001,LNCS 2288,2002.428-439.