| 摘要 |
PROBLEM TO BE SOLVED: To defend an elliptic scalar multiplied index (k) from a simple power analysis attack. SOLUTION: In order to calculate a point (k)×P where a point P on an elliptic curve is multiplied by an elliptic scalar (k), order of the point P is defined as (n), an integer (r) is defined as a predetermined integer of 1<r<n, the point P is defined as a point S=r×P, multiplied by the elliptic scalar (r),αis defined as a random number of an integer of 1<α<n, andβis defined as a random number of an integer of 1<n. A divisor generating unit 13 generates a divisor r'=αr mod n. An extension scalar multiplied index generating unit 14 generates an extension scalar multiplied index k'=k+βn. A first scalar multiplication arithmetic unit 151 obtains an elliptic scalar (K' mod r') multiplied point (k' mod r')×P of the point P. A second scalar multiplication arithmetic unit 152 obtains an elliptic scalar [k'/r']αmultiplied point [k'/r']α×S of a point S with [_] as a floor function outputting an integral portion of "_". An addition unit 153 adds the point (k' mod r')×P and the point [k'/r']α×S. COPYRIGHT: (C)2009,JPO&INPIT
|
