Fault attacks on projective-to-affine coordinates conversion

Authors:
Diana Maimuţ;Cédric Murdica;David Naccache;Mehdi Tibouchi
Affiliations:
Département d'informatique, École normale supérieure, Paris Cedex 05, France;Secure-IC S.A.S., Rennes, France,Département COMELEC, Institut TELECOM, TELECOM ParisTech, CNRS LTCI, Paris, France;Département d'informatique, École normale supérieure, Paris Cedex 05, France;Okamoto Research Laboratory, NTT Secure Platform Laboratories, Musashino-shi, Tokyo, Japan
Venue:
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Year:
2013

Citing 19
Cited 0

Gauss' algorithm revisited

Journal of Algorithms
Elliptic curves in cryptography

Elliptic curves in cryptography
Lattice Attacks on Digital Signature Schemes

Designs, Codes and Cryptography
Acceleration of Euclidean Algorithm and Rational Number Reconstruction

SIAM Journal on Computing
Computational Alternatives to Random Number Generators

SAC '98 Proceedings of the Selected Areas in Cryptography
Differential Fault Attacks on Elliptic Curve Cryptosystems

CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
The Decision Diffie-Hellman Problem

ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Protections against Differential Analysis for Elliptic Curve Cryptography

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On Rational Number Reconstruction and Approximation

SIAM Journal on Computing
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

Designs, Codes and Cryptography
New Point Addition Formulae for ECC Applications

WAIFI '07 Proceedings of the 1st international workshop on Arithmetic of Finite Fields
Fault Attack on Elliptic Curve Montgomery Ladder Implementation

FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
An Introduction to Mathematical Cryptography

An Introduction to Mathematical Cryptography
Cryptocomputing with rationals

FC'02 Proceedings of the 6th international conference on Financial cryptography
Co-Z addition formulæ and binary ladders on elliptic curves

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
To infinity and beyond: combined attack on ECC using points of low order

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Improved fault analysis of signature schemes

CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper presents a new type of fault attacks on elliptic curves cryptosystems. At EUROCRYPT 2004, Naccache et alii showed that when the result of an elliptic curve scalar multiplication [k] P (computed using a fixed scalar multiplication algorithm, such as double-and-add) is given in projective coordinates, an attacker can recover information on k. The attack is somewhat theoretical, because elliptic curve cryptosystems implementations usually convert scalar multiplication's result back to affine coordinates before outputting [k]P. This paper explains how injecting faults in the final projective-to-affine coordinate conversion enables an attacker to retrieve the projective coordinates of [k]P, making Naccache et alii's attack also applicable to implementations that output points in affine coordinates. As a result, such faults allow the recovery of information about k.