Side-Channel Countermeasures

⇒ Base and exponent blinding for modular exponentiation (RSA, Discrete logarithm)

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems by Kocher - paper (section 10)
Power Analysis Attacks of Modular Exponentiation in Smartcards by Messerges, Dabbish and Sloan - paper (section 6)
Bug Attacks by Biham, Carmeli and Shamir - paper (section 7)
OpenSSL's base blinding interface BN_BLINDING - api - bn_blind.c - rsa_eay.c
Tarsnap client library by Percival - tarball (see file lib/crypto/crypto_dh.c, does exponent blinding)
Does exponent blinding is covered by this patent ?

⇒ Constant time common comparison operations

The impact of side-channel attacks on the design of cryptosystems by Bernstein - slides
The Go Programming Language - pkg/crypto/subtle/

⇒ Scalar multiplication on EC group points

Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems by Coron - paper
- Randomization of the private exponent (section 5.1), point blinding (section 5.2) and randomized projective coordinates (section 5.3)
Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications by Okeya and al. - paper (section 3.3)
- Randomized projective coordinates
Advances in Elliptic Curve Cryptography edited by Blake and al. - (chapter 5 by Joye)

⇒ AES