Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
EUROCRYPT
2004
Springer
2004
Springer
Projective Coordinates Leak
Denoting by P = [k]G the elliptic-curve double-and-add multiplication of a public base point G by a secret k, we show that allowing an adversary access to the projective representation of P, obtained using a particular double and add method, may result in information being revealed about k. Such access might be granted to an adversary by a poor software implementation that does not erase the Z coordinate of P from the computer’s memory or by a computationally-constrained secure token that sub-contracts the affine conversion of P to the external world. ¿From a wider perspective, our result proves that the choice of representation of elliptic curve points can reveal information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of blindly modelling elliptic-curves as generic groups. As a conclusion, our result underlines the necessity to sanitize Z after the affine conversion or, alternatively, randomize P before releasing it out.
Real-time TrafficAffine Conversion | Cryptography | Elliptic-curve Double-and-add Multiplication | EUROCRYPT 2004 | Public Base Point |
Related Content
| Added | 01 Jul 2010 |
| Updated | 01 Jul 2010 |
| Type | Conference |
| Year | 2004 |
| Where | EUROCRYPT |
| Authors | David Naccache, Nigel P. Smart, Jacques Stern |
Comments (0)
Researcher Info
|
