Securing Document by Digital Signature through
RSA and Elliptic Curve Cryptosystems
1st Nelson Josias Gbètoho Saho
École Doctorale des Sciences de l’Ingénieur
Université d’Abomey-Calavi
Abomey-Calavi, Benin
[email protected]
[email protected]
Abstract—Electronic document authentication is becoming a
major concern due to the huge data passing through computer
networks, especially Internet. The asymmetric cryptography, the
cryptography based on elliptic curves and more recently digital
signature appear as credible alternatives to guarantee the authen-
ticity, non forgery, non reuse, inalterability and irrevocability of
electronic documents. In this paper, we evaluated the perfor-
mance of document security systems by the digital signature. We
perform tests that showed elliptic curve cryptography is more
advantageous in terms of memory consumption and computing
speed over RSA cryptosystem. The simulation result showed
that elliptic curve cryptography is a preferred choice over RSA
cryptosystem and allows its use in embedded systems equiped
with very limited memory and computing power.
Index Terms—document security, digital signature, elliptic
curve cryptography, RSA algorithm
I. I NTRODUCTION
Nowadays, with the meteoric evolution of computing, the
computers become tools present in all daily activities such as
telecommunication, education, online banking, e-market, etc.
The use of computers generates data that can be available to
companies for data analysis. To guarantee data integrity and
authenticity, it is important to sign them before the delivering
process. This is called digital signature. The digital signature
is based upon asymmetric encryption or symmetric encryption
algorithms. It is well known that asymmetric algorithms is
more suitable than symmetric algorithm. The RSA algorithm
as an asymmetric one, proposed by Rivest, Shamir and Adle-
man [1], presents nowadays some drawbacks, among them:
• large key lengths are required to increase such a cryp-
tosystem security. Accordingly the computational time is
high;
• it is not proven that cryptanalysis has the same difficulty
as the underlying mathematical problems (e.g., for RSA
it is just proven that finding d or (p − 1) (q − 1) has the
same difficulty as factoring).
Elliptic curve algorithms seem to fit well with public key
cryptography by replacing the calculation on numbers by the
calculation on groups associated to the elliptic curve. The
middleman must solved the problem of the discrete logarithm
on the elliptic curve group in order to break the digital
978-1-7281-4275-3/19/$31.00 © 2019 IEEE
Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
2nd Eugène C. Ezin, Member, IEEE,
Institut de Formation et de Recherche en Informatique
Université d’Abomey-Calavi
Abomey-Calavi, Benin
signature. This appears to be more difficult than factoring big
number into prime numbers.
Thanks to the advantages of asymmetric cryptography and
elliptic curves, we propose some strategies to secure doc-
uments using digital signatures. The paper is organized as
follows. In section II we will present the fundamental concepts
including digital signature, cryptography based on elliptic
curves, the materials and methods used. In Section III we will
describe the different results we have achieved. A discussion
and the analysis of these findings will be presented in Section
IV. We ended this paper with concluding remarks presented
in Section V.
II. F UNDAMENTAL CONCEPTS
In this section we will present the concepts of digital
signatures and those of cryptography based on elliptic curves
so-called elliptic curve cryptography (ECC).
A. Overview on digital signature
The digital signature or electronic signature is a file which
allows to prove to a third party that a particular document
has been approved by an entity (e.g., physical person or
corporation) just like the paper signature [2]. It is therefore
a reliable engagement mechanism. A digital signature has the
following characteristics:
• authenticity: the identity of the signer must be able to
be found with certainty;
• non forgery: the signature can not be falsified. Someone
can not pretend to be another;
• non reusable: the signature is not reusable. It is part of
the signed document and can not be moved to another
document;
• inalterability: a signed document is unalterable. Once it
is signed, it can not be changed;
• irrevocability: the person who signed the document can
not deny it.
In practice, most existing electronic signature procedures
rely on asymmetric cryptography [3]. Assume Alice wants to
send a message to Bob. The latter must be able to verify the
authenticity of such a message. The message m is assumed to
be the binary file with contents such as text, image, executable
file, etc. We propose to describe the classical method of digital
signature into four steps: setting up signature architecture,
preparing signed message, receiving signed message and the
use of hash function.
1) Architecture of digital signature establishment: Alice
and Bob have agreed on the following choices:
• an asymmetric encryption consisting of an encryption
function C and a decryption function D;
• a hash function we denote H;
• an encryption method in which Alice generates a private
key Kpr and a public key Kpb . She transmits the public
key Kpb to Bob by a not necessary secured channel and
keeps the private key Kpr secret. Fig. 1. Process of signing a message with hash function.
2) Preparing signed message: Alice prepares the signed
message in the following manner:
length (in this case, a message which may contain thousands or
• she produces a condensate of the message m by using
millions bits), to produce an output of fixed length, generally
the chosen hash function H(m); 160 bits in many cases. If the data are modified (even through
• she encrypts this condensate with the encryption function
a single bit), the hash function will guarantee the production
C using her private key Kpr . The result obtained is the of a message digest completely different.
signature of the message that we denote Sm which is The most widely used hash algorithms are:
defined by:
• Message Digest (MD5). It creates a 128 bits stream from
Sm = C(Kpr , H(m));
a file of arbitrary size by processing it into blocks of 512
• she prepares the signed message by placing the clear bits. The MD5 is being enumerated as one of the most
message m and the signature Sm in any container. The popular ones.
signed message is defined by: • Secure Hash Algorithm (SHA). It produced a 160 bits
stream from a message of up to 264 bits in length by
msigned = (Sm , m). processing it into blocks of 512 bits.
Alice then sends msigned to Bob whatever the communication Fig. 1 illustrates the process of signing a message applying a
channel used (secured or not). hash function.
3) Receiving signed message: Once Bob received the B. Overview on elliptic curve cryptography
signed message, to verify its authenticity he proceeds as
ECC is independently proposed by Neal Koblitz and Victor
follows:
Saul Miller in 1985 [4], [5]. It includes a set of techniques
• he produces a condensate of the plaintext by using the
that allow to secure data by consuming less resources. The
agreed hash function H(m); most important advantage of ECC over other asymmetric
• he decrypts the signature using the decryption function
cryptographic algorithms (e.g., RSA) is that one can have the
D with Alice public key Kpb . The decrypted message is same security level by using a much shorter key.
DSm = D(Kpb , Sm ); To explain the functioning of ECC, we first present the
• he compares DSm with H(m). mathematical concepts of the elliptic curves, as well as the
If the signature is authentic, DSm and H(m) will be equals most important operation on curves i.e. the scalar multiplica-
due to the property of the asymmetric encryption: tion. We then present the set of cryptographic protocols that
DSm = D(Kpb , Sm ) are based on elliptic curves.
1) Short overview on elliptic curves: An elliptic curve E is
= D(Kpb , C(Kpr , H(m))) (1) an algebraic curve that can be represented by the Weierstrass
= H(m). equation:
If (1) is satisfied then the message will be authenticated. E : y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 . (2)
4) Hash function: A hash function is an one-way function
with the message as input and a digest message as output. The We assume that the parameters a1 , a2 , a3 , a4 , a6 belong to
output message is called the condensate or hash message. In a field K on which a curve is defined.
The shape of the curve varies according to the chosen
practice it is often impossible to retrieve the original message
parameters. Fig. 2 shows examples of two elliptic curves that
from the digest. If there is a way to retrieve the plaintext from
have different shapes.
the hash, the hash function will be called a secret breach.
Weierstrass’ equation of an elliptic curve can be simplified
Adding an one-way function into the process allows its im-
over a prime finite field Fp . Yanbo Shou in his thesis [6]
provement since its abscence would duplicate not only the size
showed that (2) becomes:
of the signature but also increase the number of calculations
to be performed. This function processes an input of variable E : y 2 = x3 + ax + b, (3)

Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
 TABLE I
T HE KEY LENGTHS OF DIFFERENT ALGORITHM .

Algorithms Key lengths (bits)

Key lengths label 1 2 3 4 5
Symmetric 80 112 128 192 256
ECC 163 233 283 409 571
RSA 1 024 2 240 3072 7 680 15 360

With the addition of points on the elliptic curves, we

Fig. 2. Elliptic curve examples.
can already deduce that scalar multuplication is not an easy
operation. Some methods are used to speed up this operation
such as the doubling-and-adding algorithm [6].
2) Problem of discrete logarithm: In general the discrete
logarithm problem on a given group G with respect to its
base g is formulated in following manner: given y ∈ G, find
x ∈ N such that g x = y.
In particular case of elliptic curves, the discrete logarithm
problem of E with respect to the base P is: given Q ∈ E,
find k ∈ N such that Q = k P .
Scalar multiplication is an operation frequently encountered
Fig. 3. Addition of points on elliptic curves. in cryptographic calculations. Scalar multiplication is the knot
to ensure the security of cryptosystems based on elliptic
curves. The non resolution of the discrete logarithm problem
where a et b ∈ Fp .
depends on it.
The set of elliptic curves being an additive group, it is
3) Elliptic curve cryptography protocols: Below are the
important to remember the addition of two points and the
main cryptographic protocols which are based on the theory
multiplication of a point by a scalar.
of elliptic curves.
a) Addition of points: Let us consider an elliptic curve E
• Diffie-Hellman key exchange protocol [8];
of (3) and two points P1 (x1 , y1 ) and P2 (x2 , y2 ) belonging to
• El Gamal method [9];
this curve. The addition of P1 and P2 is the point P3 (x3 , y3 )
• Elliptic Curve Digital Signature Algorithm (ECDSA)
of E (P3 = P1 + P2 ) defined by as follows:
[10];
i. If x1 6= x2 then
• Elliptic Curve Menezes-Qu-Vanstone (ECMQV) [11].
  2
y2 −y1 The resistance of ECC is related to the problem of the
 x =
3 − x1 − x2
 x2 −x1  discrete logarithm on the corresponding group for the ellip-
y −y
 y =
3
2 1
(x − x ) − y
x2 −x1 1 3 1 tic curve. ECC is an alternative to conventional public key
ii. If x1 = x2 but y1 6= y2 then P3 = ∞. cryptography. The algorithms are less greedy in terms of
iii. If P1 = P2 and y1 6= 0 then computational time and hardware.
  2 2 In section III we will make a comparative study between an
3x1 +a
 x =
3 − 2x1 algorithm based on elliptic curves and RSA algorithm. First,
 2y2 1  let us present the used materials and methods.
3x1 +a
 y =
3 (x − x ) − y
2y1 1 3 1
C. Materials and methods
iv. If P1 = P2 and y1 = 0 then P3 = ∞.
Furthermore ∀ P ∈ E, P + ∞ = P . Fig. 3 illustrates the A. Lenstra et al. achieved a work identifying equivalent key
addition of two points P and Q (R = P + Q) on the elliptic lengths, for three algorithms (symmetric, RSA and ECC algo-
curve defined by: rithms) [12], which can provide the same level of robustness.
For better understanding, key lengths in the same column are
y 2 = x3 − 2x + 1. expected to provide the same level of robustness (see Table I).

b) Scalar multiplication: Based upon point addition, we The ECDSA is a variant of Digital Signature Algorithm
can perform the multiplication, denoted by Q = kP on an (DSA) designed for elliptic curves, and text size of 100 KB is
elliptic curve E where k ∈ Z+ and (P, Q) ∈ E 2 . Scalar used to test the signature. The computer used by A. Lenstra et
multiplication is in fact a sequence of addition of points [7]: al. is characterized by a 2.0 GHz Intel processor and a RAM
of 512 MB [12]. Results are available at the URL1 .
Q = k P = P + P + · · · + P. (4)
| {z } 1 http://www.keylength.com/fr/1/ visited on June, 24th 2019.
k times

Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
 III. S IMULATION RESULTS
We have firstly presented the digital signature with the RSA
algorithm and the one with the elliptic curve algorithm i.e.
the ECDSA. Then, we have compared these two signature
processes to determine the best way to secure documents by
digital signature.
A. Digital signature with RSA algorithm
Three steps are in concern when dealing with digital signa-
ture embedded in RSA algorithm which are key generation,
signature generation and signature verification.
1) RSA key generation: The key generation process in RSA
algorithm is as follows:
• choose two distinct prime numbers p and q such as the
number of bits of the two integers is approximately equal;
• compute their product n = p × q called the encryption
module;
• compute ϕ(n) = (p − 1)(q − 1) the value of the Euler
indicator in n;
• choose an integer e which is the encryption exponent such
as e ∈ ]1, ϕ(n)[ and gcd(e, ϕ(n)) = 1;
• calculate the deciphering exponent d such as
e d ≡ 1(modulus n).
The pair (n, e) is the public key of the encryption whereas the
number d is the corresponding private key.
2) RSA signature generation: To sign a message m with
RSA, it is sufficient to encrypt the digest of the message with
the private key d. The signed message becomes:
s ≡ [hash(m)]d (modulus n), (5)
where the hash function is hash. For the purpose of this paper
we use SHA − 256 as recommanded by FIPS2 180-4 [14].
Once the message m is signed, the sender will transmit it with
its signature to the recipient.
3) RSA signature verification: To verify the received signa-
ture, the recipient must decrypt the signature with the sender
public key according to the following relation:
h ≡ se (modulus n)
≡ [hash(m)d ]e (6)
≡ hash(m) (modulus n).
To authenticate the author of the message, the recipient applies
the same hash function to the message m and checks whether
the result is equal to the previously calculated value which is
h.
B. Digital signature with elliptic curves
As we previously presented, there are several algorithms
that implement the digital signature with elliptic curves. Nev-
ertheless, the ECDSA algorithm was demonstrated to be cryp-
tographically secured and was published as an international
standard in ANSI X9.623 . We will use this algorithm for the
performance study.
2 Federal
Information Processing Standards
3 Public
Key Cryptography For The Financial Services Industry: The Elliptic
Curve Digital Signature Algorithm (ECDSA)
Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
1) ECDSA key generation: We consider the elliptic curve
retained in (3). To generate the keys using the elliptic curves,
one proceeds as follows:
i. Select a number x, strictly smaller than the order n of
the curve.
ii. Compute P such as P = x G, G being the generator of
the curve.
Thus, our key pair is (P, x) where P is the public key and
x the private key.
Let us recall that P as well as the parameters n, a, b and
G must be published.
2) Generating an ECDSA signature: To create the signature
S of a message m, one proceeds as follows:
i. Choose a random number k belonging to the interval
[1, n − 1].
ii. Calculate R(x1 , y1 ) such as R = k G.
iii. Compute r = x1 (modulus n). If r = 0 then return to
the step i.
iv. Calculate k −1 (modulus n).
v. Calculate SHA − 1(m), and convert it into an integer e
(instead of the SHA-1 one may use SHA-256 or SHA-
512).
vi. Calculate s = k −1 (e + xr) (modulus n) where x is the
private key. If s = 0 then return to the step i.
The signature S of the message m is the pair (r, s).
3) ECDSA signature verification: To verify the signature
S = (r, s) of the message m using the public parameters, we
proceed as follows:
i. Check if r and s are integers within the interval [1, n−1].
ii. Calculate SHA − 1(m), and convert it into an integer e.
iii. Calculate w = s−1 (modulus n).
iv. Calculate u1 = e w (modulus n) and
u2 = r w (modulus n).
v. Calculate X(x1 , y1 ) such as X = u1 G + u2 P .
vi. If X = 0 then S is not valid. Otherwise, calculate v =
x1 (modulus n).
The signature S of the message m is valid if v = r.
C. Performance comparison
In this subsection we make the comparison between the two
algorithms - the RSA and the ECDSA. Firstly the comparison
is done in terms of guaranteed security and secondly in terms
of execution time of each algorithm. The machine on which
the various tests are performed is characterized by a dual core
processor of 2.4 GHz and equipped with 2 GB RAM.
1) Comparison in terms of security: In order to evaluate
and to compare the performance of the RSA and ECC algo-
rithms, Nicholas Jansma and Brandon Arrendondo proposed
two (02) implementations using respectively two cryptosys-
tems [15]. They concluded that ECC can have the same level
of security as RSA with a much shorter key.
By analyzing the suggested key length in [12] (see Table
I), it emerges that:
• Firstly, symmetric algorithms use a small key size to
ensure the same level of security. For instance, key of 256
 TABLE II TABLE III
RUNNING TIME FOR KEY GENERATION . S IGNATURE GENERATION EXECUTION TIME .

Key lengths (bits) Computational time (sec) The length of the keys (bits) Computational time (sec)
ECC RSA ECC RSA ECC RSA ECC RSA
163 1 024 0.0052 0.102 163 1 024 0.097 0.0065
233 2 240 0.1134 4.7808 233 2 240 0.2176 0.0975
283 3 072 0.1728 6.272 283 3 072 0.3835 0.1386
409 7 680 0.416 87.045 409 7 680 0.767 0.9792
571 15 360 0.9072 441.389 571 15 360 1.9955 6.164

Fig. 4. ECC and RSA curves respect to running time during key generation Fig. 5. ECC and RSA curves respect to running time during signature
curve. generation.

TABLE IV
bits length is enough for symmetric algorithm, to reach E XECUTION TIME OF SIGNATURE VERIFICATION .
the same level of security for RSA algorithm with the key
length of 15 360 bits. It means that the key length of RSA The length of the keys (bits) Computational time (sec)
is 60 times the key length of symmetric algorithm. But ECC RSA ECC RSA
163 1 024 0.1518 0.0064
the difficulty in these algorithms lies in the preservation 233 2 240 0.3315 0.0064
of the secret key. 283 3 072 0.5504 0.0064
• Secondly, the ECC algorithm requires fewer bits in terms 409 7 680 1.17 0.0064
571 15 360 2.9445 0.0195
of key length than the RSA algorithm to provide the same
level of security. However, it requires about twice the
key length of the symmetric algorithm to offer the same
robustness.
Due to the major disadvantage of the symmetric algorithms,
we therefore concluded the algorithms implementing the el-
liptic curves are less costly in terms of key length.
2) Comparison in terms of execution time: As previously
elucidated in the description of algorithms, we have three main
steps in their implemention namely the key generation, the
signature generation and the signature verification.
The comparison in terms of execution time is also done
Fig. 6. ECC and RSA curves respect to running time during signature
according to the same steps. We then wrote three programs in verification.
Java [13] that implement these algorithms.
a) Key generation: The results, in terms of computa-
tional time, at the level of key generation are reported in Table When the length of the ECC key is greater than 350 bits,
II. From these results we got the curve in Figure 4. the signature generation time of this algorithm is better than
We found that the key generation by the ECC algorithm its equivalent in terms of security with RSA. Elsewhere, the
is much faster than the key generation in RSA algorithm. RSA algorithm is a little faster than the ECC algorithm. In
While this generation time increases linearly with an almost any case, the performance of the two algorithms is not too
zero slope in case of ECC, it exponentially increases in case different up to a given key length (409 bits) and beyond, ECC
of RSA. Therefore, from a key generation point of view, the becomes more efficient.
ECC-based algorithm is much more optimal. c) Signature verification: The results in terms of com-
b) Signature generation: The results at the level of the putational time at the level of the signature verification are
signature generation are reported in Table III. From these presented in the Table IV. From these results we got the curve
results we got the curve in Figure 5. in Figure 6.

Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
 IV. D ISCUSSIONS AND ANALYSIS
We noted that the execution time of signature verification
with RSA algorithm is very insignificant even negligible
whatever the key size (see Table IV). For signature verification,
the RSA algorithm becomes much more efficient than ECC
since it performs a modular exponentiation.
We observed two phenomena. Firstly memory consumption
is much less with ECC algorithm (see Table I), since shorter
keys are allowed. Secondly, the key generation and message
signature computation are faster with ECC algorithm than
RSA algorithm. In addition, key generation and message
signature computational time are faster with ECC (see Tables
II and III).
The similar test was carried out in [16] which proved that
ECC was more advantageous in terms of memory consumption
and design speed. This is the main reason why ECC algorithm
is increasingly becoming the preferred choice for embedded
systems with very limited memory and computing power.
Currently RSA algorithm remains the most widely used
asymmetric cryptosystem because it came out much earlier
compared to ECC algorithm. Another reason limiting the use
of ECC is that mathematically RSA is relatively simpler.
We may advise in a context where the system to be secured
has a limited power in computation and in memory, the
alternative of the elliptic curves is the most judicious.
V. C ONCLUDING REMARKS
Systems based upon elliptic curves are an effective alterna-
tive to the RSA cryptosystems since they involved different
mathematical approches. Elliptic curve cryptosystems are re-
puted for robustness equivalent to RSA cryptosystems with
shorter key length. Accordingly, elliptic curve cryptosystems
are perfectly suitable for embedded systems, e.g., smart cards,
documents in which memory and power of the processors
are not sufficient to achieve computation as required by RSA
cryptosystems.
We are not able to predict how long the elliptic curve
cryptosystems will remain effective at security level.
Authorized licensed use limited to: Auckland University of Technology. Downloaded on June 05,2020 at 16:35:30 UTC from IEEE Xplore. Restrictions apply.
In our future work, we will investigate on other elliptic curve
cryptosystems for performance studies.
Moreover, ECC and RSA cryptosystems involved the use
of keys for security. We will also in future investigate on this
drawback by developing a hybrid blockchain.
R EFERENCES
[1] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining
digital signatures and public-key cryptosystems,” in Communications of
the ACM, vol. 21(2), pp. 120–126, 1978.
[2] (2019, Jul.) Universign website. [Online]. Available:
https://www.universign.com/fr/2017/signature-electronique-expliquee-
patron/
[3] W. M. Daley and R. G. Kammer, “Digital signature standard (dss),”
Technical report, DTIC Document, 2000.
[4] D. R. Hankerson, S. A. Vanstone, and A. J. Menezes, “Guide to elliptic
curve cryptography,” Springer-Verlag New York Inc, 2004.
[5] N. Koblitz, “Elliptic curve cryptosystems,” Mathematics of computation,
pp. 203–209, 1987.
[6] Y. Shou, “Cryptographie sur les courbes elliptiques et tolérance aux
pannes dans les réseaux de capteurs”, UFC, pp. 27–29, 2014.
[7] M. Joye, “Introduction élémentaire à la théorie des courbes elliptiques,”
UCL Crypto Group Technical Report Series, 1995. [Online]. Available:
http://sciences.ows.ch/mathematiques/CourbesElliptiques.pdf
[8] W. Diffie and M. Hellman, “New directions in cryptography,” IEEE
Transactions on Information Theory, vol. 22, n0 6, pp. 644-654, 1976.
[9] T. ElGamal, “A Public Key Cryptosystem and a Signature Scheme Based
on Discrete Logarithms,” Crypto, Springer, 1984.
[10] L. Bassham, D. Johnson and T. Polk, “Representation of Elliptic Curve
Digital Signature Algorithm (ECDSA) Keys and Signatures in Internet
X.509 Public Key Infrastructure Certificates,” Internet Draft, June 1999,
[online]. Available: http://www.ietf.org
[11] (2019, Apr.) Crypto++ [Online]. Available:
https://www.cryptopp.com/wiki/Elliptic Curve Menezes-Qu-Vanstone
[12] A. Lenstra and E. Verheul, “Selecting cryptographic key sizes,” in the
Journal of cryptology, vol. 14, pp. 255-293, 2001. [Online]. Available:
http://infoscience.epfl.ch/record/164526/files/NPDF-22.pdf
[13] (2019, Jul.) J-M. DOUDOUX, “Développons en Java,
JCE (Java Cryptography Extension).” [Online]. Available:
https://www.jmdoudoux.fr/java/dej/chap-jce.htm
[14] (2018, Dec.) FIPS 180-4, “The Secure Hash Standard.” [Online]. Avail-
able: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf
[15] N. Jansma and B. Arrendondo, “Performance comparison of elliptic
curve and rsa digital signatures,” April 2004.
[16] N. Gura, A. Patel, A. Wander, H. Eberle, and S. Shantz, “Comparing
elliptic curve cryptography and RSA on 8-bit CPUs,” in Marc Joye
and Jean-Jacques Quisquater, Cryptographic Hardware and Embedded
Systems - CHES 2004, vol 3156 of Lecture Notes in Computer Science,
Springer Berlin Heidelberg, pp. 119–132, 2004.