International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Security Constraints on the Oswald-Aigner Exponentiation Algorithm

Authors:
Colin D. Walter
Download:
URL: http://eprint.iacr.org/2003/013
Search ePrint
Search Google
Abstract: In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key. This scotches hopes that the expense of such blinding might be avoided by using the algorithm unless the differences between point additions and doublings can be obscured successfully.
BibTeX
@misc{eprint-2003-11731,
  title={Security Constraints on the Oswald-Aigner Exponentiation Algorithm},
  booktitle={IACR Eprint archive},
  keywords={public-key cryptography / power analysis attacks, elliptic curve cryptosystem},
  url={http://eprint.iacr.org/2003/013},
  note={ colin.walter@comodogroup.com 12074 received 22 Jan 2003},
  author={Colin D. Walter},
  year=2003
}