A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
As Elliptic Curve Cryptosystems are becoming more and more popular and are included in many standards, an increasing demand has appeared for secure implementations that are not vulnerable to side-channel attacks. To achieve this goal, several generic countermeasures against Power Analysis have been proposed in recent years.In particular, to protect the basic scalar multiplication - on an elliptic curve - against Differential Power Analysis (DPA), it has often been recommended using "random projective coordinates", "random elliptic curve isomorphisms" or "random field isomorphisms". So far, these countermeasures have been considered by many authors as a cheap and secure way of avoiding the DPA attacks on the "scalar multiplication" primitive. However we show in the present paper that, for many elliptic curves, such a DPA-protection of the "scalar" multiplication is not sufficient. In a chosen message scenario, a Power Analysis attack is still possible even if one of the three aforementioned countermeasures is used. We expose a new Power Analysis strategy that can be successful for a large class of elliptic curves, including most of the sample curves recommended by standard bodies such as ANSI, IEEE, ISO, NIST, SECG or WTLS.This result means that the problem of randomizing the basepoint may be more difficult than expected and that "standard" techniques have still to be improved, which may also have an impact on the performances of the implementations.
sensor network wireless sensor network wireless sensor monte carlo cloud computing decision making web service base station mimo system elliptic curve finite field public key mimo channel human activity service oriented architecture service oriented method for determining reference model authentication scheme carbon dioxide oriented architecture user authentication elliptic curve cryptography multiuser detection power analysi curve cryptography fossil fuel multiuser mimo ghg emission software implementation discrete logarithm public key cryptography public key cryptosystem friction stir elliptic curve cryptosystem discrete logarithm problem friction stir welding key cryptosystem fertilizer application multiuser mimo system scientific publication crop production curve cryptosystem multiuser detector food production nitrogen fertilizer choice behavior balance equation differential power analysi logarithm problem aluminium alloy population balance differential power image resolution rsa cryptosystem agricultural system soil organic cdma channel population balance equation public-key cryptography organic chemical north china plain elliptic curve point plant development nitrous oxide water footprint metric ton edwards curve nitric acid tate pairing multilayered media supersingular elliptic curve elliptic curve cryptographic blue water physical vapor deposition grey water supersingular elliptic discrete log elliptic curve group fertilizer nitrogen nitrogen fixation pairing-friendly elliptic curve embedding degree elliptic curve arithmetic spread cdma friction stir processing arithmetic of elliptic stir processing tool pin nitrogen cycle food and agricultural organization, united nation nbl1 gene high-grade prostatic intraepithelial neoplasia auxin efflux emission - male genitalia finding sampling - surgical action sampling (signal processing) ephrin type-b receptor 1, human blood urea nitrogen measurement avian crop contain (action) command & conquer:yuri's revenge adverse reaction to drug greater than sensorineural hearing loss (disorder) glutamate-ammonia ligase desert climate lysp100-associated nuclear domain infertility study zea may ammonia measurement aerosol dose form