Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Co-Z addition formulæ and binary ladders on elliptic curves
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Memory-constrained implementations of elliptic curve cryptography in co-Z coordinate representation
AFRICACRYPT'11 Proceedings of the 4th international conference on Progress in cryptology in Africa
Fault attack to the elliptic curve digital signature algorithm with multiple bit faults
Proceedings of the 4th international conference on Security of information and networks
An updated survey on secure ECC implementations: attacks, countermeasures and cost
Cryptography and Security
Elligator: elliptic-curve points indistinguishable from uniform random strings
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Fault attacks on projective-to-affine coordinates conversion
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
| Hi-index | 0.00 |
In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the $y$-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, with few faults (around one or two faults), we can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks. It turns out that this attack has not been anticipated as the security of the elliptic curve parameters in most standards can be strongly reduced. Especially, the attack is meaningful on some NIST or SECG parameters.