In this paper we introduce two new generic sidechannel attacks on scalar blinding of elliptic curves where the order of the base point is close to a power of 2. These attacks are in particu lar relevant for elliptic curves over special prime fields where the prime is ’almost’ a power of 2. As in the papers [9, 10] we assume that some side-channel attack has allowed the determina tion of the bits of the blinded scalars with some uncertainty, which is quantified by the error rate Eb. Our new attacks are tailored to the special structure of these elliptic curves. They are far more efficient than the attacks for general ellip tic curves [9, 10]. As a consequence such special elliptic curves need significantly longer blinding factors than general elliptic curves. Both attacks apply to ECC applications, which use a longterm key for the scalar multiplication.
[1]
J. H. van Lint,et al.
Introduction to Coding Theory
,
1982
.
[2]
Werner Schindler,et al.
Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security
,
2011,
ACNS.
[3]
Thomas Pornin.
Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)
,
2013,
RFC.
[4]
Steven D. Galbraith,et al.
Computing discrete logarithms in an interval
,
2013,
Math. Comput..
[5]
Werner Schindler,et al.
Power attacks in the presence of exponent blinding
,
2014,
Journal of Cryptographic Engineering.