Fast SPA-Resistant Exponentiation Through Simultaneous Processing of Half-Exponents

Straightforward implementations of binary exponentiation algorithms make the cryptographic system vulnerable to side-channel attacks; specifically, to Simple Power Analysis (SPA) attacks. Most solutions proposed so far introduce a considerable performance penalty. A method exists that introduces SPA-resistance to certain types of binary exponentiation algorithms while introducing zero computational overhead, at the cost of a small amount of storage—O( √ ` ), where ` is the bit length of the exponent. In this work, we present several new SPA-resistant algorithms that result from combining that technique with an alternative binary exponentiation algorithm where the exponent is split in two halves for simultaneous processing, showing that by combining the two techniques, we can make use of signed-digit representations of the exponent to further improve performance while maintaining SPA-resistance. In particular, we combine this idea with the use of Joint Sparse Form (JSF) for the representation of the two exponent halves, as well as signed-digit base-4 representation derived from the Non-Adjacent Form (NAF) representation of the exponent, and base-8 derived from the JSF representation. Experimental results are presented as well, confirming our performance analysis for the various methods presented.