International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Paper: Projective Coordinates Leak

Authors:
David Naccache
Nigel P. Smart
Jacques Stern
Download:
URL: http://eprint.iacr.org/2003/191
Search ePrint
Search Google
Abstract: Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$ results in information being revealed about $k$. Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of blindly modelling elliptic-curves as generic groups. As a conclusion, our result underlines the necessity to sanitize $Z$ after the affine conversion or, alternatively, randomize $P$ before releasing it out.
BibTeX
@misc{eprint-2003-11904,
  title={Projective Coordinates Leak},
  booktitle={IACR Eprint archive},
  keywords={},
  url={http://eprint.iacr.org/2003/191},
  note={ nigel@cs.bris.ac.uk 12310 received 15 Sep 2003},
  author={David Naccache and Nigel P. Smart and Jacques Stern},
  year=2003
}