Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems

Coron, Jean-Sébastien

doi:10.1007/3-540-48059-5_25

Cited by 724 publications

(758 citation statements)

References 12 publications

(16 reference statements)

Supporting

Mentioning

746

Contrasting

Unclassified

Order By: Relevance

“…In particular, this is the case for RSA as the factorization of the modulus and the public exponent are rarely available to the device. Note that our countermeasure also fully applies to the ECC setting since the randomization of projective coordinates, introduced by Coron in [5], was later proven insufficiant by Goubin in [6]. As pointed out recently by Dupuy and Kuntz-Jacques [7], when the attacker can tamper with the base element, scalar point multiplications also require randomization of the computation flow to provide DPA resistance.…”

Section: Introductionmentioning

confidence: 90%

“…2) introduced by Coron [5] were designed to prevent simple side-channel attacks by performing dummy operations. However, such algorithms bring specific weaknesses with respect to so-called safe-error attacks [8].…”

Section: A Review Of Previous Workmentioning

confidence: 99%

“…Randomization of the group structure was not explored in this paper. Known techniques targetting the exponent and the base element are presented in more details in [5,9]. Blinding the exponent is not well suited for exponentiations in finite abelian groups.…”

Section: A Review Of Previous Workmentioning

confidence: 99%

“…Usually, blinding the base element consists in multiplying the input x ∈ G with a random element r picked at random from G; the value of x d ∈ G is then obtained as (xr) d × (r −1 ) d . This countermeasure introduced in [5] requires two balanced group exponentiations, or a subtle but unpractical pre-computation trick that may be difficult to handle by the personalization process.…”

Section: A Review Of Previous Workmentioning

confidence: 99%

See 3 more Smart Citations

Blinded Fault Resistant Exponentiation

Fumaroli¹,

Vigilant

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. As the core operation of many public key cryptosystems, group exponentiation is central to cryptography. Attacks on its implementation in embedded device setting is hence of great concern. Recently, implementations resisting both simple side-channel analysis and fault attacks were proposed. In this paper, we go further and present an algorithm that also inherently thwarts differential side-channel attacks in finite abelian groups with only limited time and storage overhead.

show abstract

Section: Introductionmentioning

confidence: 90%

Section: A Review Of Previous Workmentioning

confidence: 99%

Section: A Review Of Previous Workmentioning

confidence: 99%

Section: A Review Of Previous Workmentioning

confidence: 99%

See 2 more Smart Citations

Blinded Fault Resistant Exponentiation

Fumaroli¹,

Vigilant

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…If, in a side-channel analysis, a point addition is distinguishable from a point doubling, then the bits of the secret key can be determined; this has been demonstrated experimentally using timing [3], power analysis [4], and electromagnetic emissions [5]. Techniques for counteracting this problem include: performing dummy operations, such as forcing a point addition at each iteration [6]; using alternate point multiplication algorithms, such as Montgomery point multiplication [7]; using alternate curve parameterizations, such as the Jacobi or Hessian forms; and unifying the algorithms for point addition and point doubling so that they use the same sequence of field operations and hence are indistinguishable. It is this last technique that we address in this paper.…”

Section: Introductionmentioning

confidence: 99%

Unified Point Addition Formulæ and Side-Channel Attacks

Stebila

Thériault

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The successful application to elliptic curve cryptography of side-channel attacks, in which information about the secret key can be recovered from the observation of side channels like power consumption, timing, or electromagnetic emissions, has motivated the recent development of unified formulae for elliptic curve point operations. In this paper, we show how an attack introduced by Walter can be improved and used against the unified formulae of Brier, Déchène and Joye when it relies on a standard field arithmetic implementation, both in affine and projective coordinates. We also describe how the field arithmetic might be implemented to obtain more uniform operations that avoid this type of attack.

show abstract

Physical side-channel attacks on cryptographic systems

Smart

2000

Softw. Focus

View full text Add to dashboard Cite

We surve y a n umber of attacks on cryptographic systems which depend on measuring physical characteristics of such systems whilst a given cryptographic operation is carried out. Such measurements could include the time needed to perform certain operations, the power consumed or any electromagnetic radiation produced. As such the physical measurement is producing a side-channel for the cryptographic system which leaks information about the internal secret key. We also describe a number of the countermeasures that have been proposed in the literature.

show abstract

Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems

Cited by 724 publications

References 12 publications

Blinded Fault Resistant Exponentiation

Blinded Fault Resistant Exponentiation

Unified Point Addition Formulæ and Side-Channel Attacks

Physical side-channel attacks on cryptographic systems

Contact Info

Product

Resources

About