| 摘要 |
Provided is an elliptic curve exponentiation apparatus that can counter the DFA when an elliptic curve exponentiation technique is used. A computation result verification unit 127 receives, as a computation result, an exponentiation-result-point (X, Y) from an elliptic curve computation unit 124. The computation result verification unit 127 computes X<SUP>3</SUP>+axX+b, and computes Y<SUP>2</SUP>, and outputs the received exponentiation-result-point when judging that Y<SUP>2</SUP>=X<SUP>3</SUP>+axX+b, and does not output the received exponentiation-result-point when not judging that Y<SUP>2</SUP>=X<SUP>3</SUP>+axX+b.
|
