Fault detection and a differential fault analysis countermeasure for the Montgomery power ladder in elliptic curve cryptography

We describe a new fault detection method in elliptic curve scalar multiplication deployments using the Montgomery power ladder. An attack based on the arithmetic properties of the Montgomery power ladder algorithm could be avoided by a clearly defined differential fault analysis countermeasure that is extremely efficient against sign‐change fault analysis over prime fields. In order to give a complete analysis of the proposed countermeasure, our mathematical models are supported by some software routines implementing various schemes over prime and binary fields. According to our analysis, we report that the performance of the proposed countermeasure meets the theoretical bounds for the checking‐at‐the‐end method, and requires reasonable overhead for the others.