Processor with side-channel attack resistance

Public-key cryptosystems (Fig. 3.3.1) have been widely developed for ensuring the security of information exchange in network communications, financial markets, private data storage, and personal identification devices. In contrast to the well-known RSA algorithm, elliptic curve cryptography (ECC) provides the same security level with a shorter key size. As specified in IEEE P1363 (Standard Specifications for Public Key Cryptography), ECC arithmetic is required to provide not only dual-field operations over GF(p) and GF(2^m) but also arbitrary elliptic curves (EC) for different requirements, such as encryption, signature, and key exchange. In this paper, a solution supporting a 521b key size is proposed to accelerate the most time-critical elliptic curve scalar multiplication (ECSM). It computes multiple points KP = P + P + ... + P, where K is the private key and P is an EC point. In addition, side-channel attack resistance is implemented to prevent information leakage from simple power-analysis (SPA), differential power-analysis (DPA) [1], zero-value point (ZVP) [2], and doubling attacks [3].