Dynamic Compensation Based Low-cost Power-analysis Countermeasure for Elliptic Curve Cryptography and Its Hardware Structure

The power-analysis countermeasure for Elliptic Curve Cryptographic (ECC) chips endures large area, power consumption and performance degradation. In this paper, the difference in the probability distribution of the intermediate data Hamming distance is analyzed when the key guess is correct and incorrect in the point multiplication of ECC. A power compensation method based on dynamic Hamming distance control is proposed, which uses the simulated annealing algorithm offline to find the optimal mapping matrix. Finally, a mapping compensation model of equal probability on the elliptic curve cryptographic hardware is formed, which greatly reduces the correlation between intermediate data and power consumption. At the same time, a low-cost synchronous power compensation circuit is designed in the guidance of this model. Under the CMOS 40 nm process, the area of protected ECC128 is only increased by 22.8%. Experiments and tests are carried out on the Sakura-G board. The power overhead is 18.8%, and the number of minimum leakage traces is greater than 10(4), which is increased by 312 times. This countermeasure is the same as randomization with low cost and no impact on the throughput rate, which is suitable for high-speed or resource-constrained ECC circuits.