Improved countermeasure against Address-bit DPA for ECC scalar multiplication

Messerges, Dabbish and Sloan proposed a DPA attack which analyzes the address values of registers. This attack is called the Address-bit DPA (ADPA) attack. As countermeasures against ADPA, Itoh, Izu and Takenaka proposed algorithms that randomizes address bits. In this paper, we point out that one of their countermeasures has vulnerability even if the address bits are uniformly randomized. When a register is overwritten by the same data as one stored in the register during a data move process, the power consumption is lower than the case of being overwritten by the different data. This fact enables us to separate the power traces. As a result, in the case of the algorithm proposed in, we could invalidate the randomness of the random bits and perform ADPA to retrieve a secret key. Moreover, for the purpose of overcoming the vulnerability, we propose a new countermeasure algorithm.