Fault Attack on Elliptic Curve with Montgomery Ladder Implementation
نویسندگان
چکیده
In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the y-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, with few faults (around one or two faults), we can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks. It turns out that this attack has not been anticipated as the security of the elliptic curve parameters in most standards can be strongly reduced. Especially, the attack is meaningful on some NIST or SECG parameters.
منابع مشابه
Algorithm-level Error Detection for ECSM
For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attac...
متن کاملAnalyzing Side-Channel Leakage of RFID-Suitable Lightweight ECC Hardware
Using RFID tags for security critical applications requires the integration of cryptographic primitives, e.g., Elliptic Curve Cryptography (ECC). It is specially important to consider that RFID tags are easily accessible to perform practical side-channel attacks due to their fields of applications. In this paper, we investigate a practical attack scenario on a randomized ECC hardware implementa...
متن کاملImplementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks
Many software implementations of public key cryptosystems have been concerned with efficiency. The advent of side channel attacks, such as timing and power analysis attacks, force us to reconsider the strategy of implementation of group arithmetic. This paper presents a study of software counter measures against side channel attacks for elliptic curve cryptosystems. We introduce two new counter...
متن کاملRecovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack
We illustrate a vulnerability introduced to elliptic curve cryptographic protocols when implemented using a function of the OpenSSL cryptographic library. For the given implementation using an elliptic curve E over a binary field with a point G ∈ E, our attack recovers the majority of the bits of a scalar k when kG is computed using the OpenSSL implementation of the Montgomery ladder. For the E...
متن کاملFault Attacks on the Montgomery Powering Ladder
Security-aware embedded devices which are likely to operate in hostile environments need protection against physical attacks. For the RSA public-key algorithm, protected versions of the Montgomery powering ladder have gained popularity as countermeasures for such attacks. In this paper, we present a general fault attack against RSA implementations which use the Montgomery powering ladder. In a ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008