CryptoDB
Security Constraints on the Oswald-Aigner Exponentiation Algorithm
| Authors: | |
|---|---|
| Download: | |
| Abstract: | In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key. This scotches hopes that the expense of such blinding might be avoided by using the algorithm unless the differences between point additions and doublings can be obscured successfully. |
BibTeX
@misc{eprint-2003-11731,
title={Security Constraints on the Oswald-Aigner Exponentiation Algorithm},
booktitle={IACR Eprint archive},
keywords={public-key cryptography / power analysis attacks, elliptic curve cryptosystem},
url={http://eprint.iacr.org/2003/013},
note={ colin.walter@comodogroup.com 12074 received 22 Jan 2003},
author={Colin D. Walter},
year=2003
}