International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 12 March 2014

Benoit Feix, Mylène Roussellet, Alexandre Venelli
ePrint Report ePrint Report
We present a new side-channel attack path threatening state-of-the-art protected implementations of elliptic curves embedded scalar multiplications. Regular algorithms such as the double-and-add-always and the Montgomery ladder are commonly used to protect the scalar multiplication from simple side-channel analysis. Combining such algorithms with scalar and/or point blinding countermeasures lead to scalar multiplications protected from all known attacks. Scalar randomization, which consists in adding a random multiple of the group order to the scalar value, is a popular countermeasure due to its efficiency. Amongst the several curves defined for usage in elliptic curves products, the most used are those standardized by the NIST. The modulus, hence the orders, of these curves are sparse, primarily for efficiency reasons. In this paper, we take advantage of this specificity to present new attack paths and recover the secret scalar of state-of-the-art protected elliptic curve implementations.

Expand

Additional news items may be found on the IACR news page.