中文摘要：

针对有限域GF（2^163）上椭圆曲线密码（ECC）的ML算法电路，实现了一种简单有效的差分功耗分析（DPA）方法．该方法结合单密钥多数据攻击，按密钥比特对功耗轨迹分段差分运算．基于功耗仿真的实验结果表明：仅对单条功耗曲线进行差分分析就能够以极短的时间恢复出密钥比特，从而证明ECC的ML算法实现只具备抗时间攻击和抗简单功耗分析攻击效果，却不能对抗DPA攻击．

英文摘要：

Power leakages of the Montgomery Ladder （ML） algorithm circuit implementation for elliptic curve cryptosystems over GF（2163） were studied. A simple and effective differential power analysis （DPA） attack was considered. Single-exponent multiple-data （SEMD） was referred. The attack differentiates power traces to multiple subsections according to each key bit. Based on United Microelectronics Corporation （UMC） 0.25 μm, 1.8 V technology library, a simulation-based circuit implementation and experimental platform were built to evaluate the effectiveness of the new attack. Experimental results show that the secret key could be retrieved rapidly using only one power sample. It is concluded that Montgomery Ladder implementation is immune to timing analysis and simple power analysis （SPA） attacks, but still vulnerable to DPA attacks.