Exceptional Procedure Attack on Elliptic Curve Cryptosystems

نویسندگان

  • Tetsuya Izu
  • Tsuyoshi Takagi
چکیده

The scalar multiplication of elliptic curve based cryptosystems (ECC) is computed by repeatedly calling the addition formula that calculates the elliptic curve addition of two points. The addition formula involves several exceptional procedures so that implementers have to carefully consider their treatments. In this paper we study the exceptional procedure attack, which reveals the secret scalar using the error arisen from the exceptional procedures. Recently new forms of elliptic curves and addition formulas for ECC have been proposed, namely the Montgomery form, the Jacobi form, the Hessian form, and the Brier-Joye addition formula. They aim at improving security or efficiency of the underlying scalar multiplications. We analyze the effectiveness of the exceptional procedure attack to some addition formulas. We conclude that the exceptional procedure attack is infeasible against the curves whose order are prime, i.e., the recommended curves by several standards. However, the exceptional procedure attack on the Brier-Joye addition formula is feasible, because it yields non-standard exceptional points. We propose an attack that reveals a few bits of the secret scalar, provided that this multiplier is constant and fixed. By the experiment over the standard elliptic curves, we have found many non-standard exceptional points even though the standard addition formula over the curves has no exceptional point. When a new addition formula is developed, we should be cautious about the proposed attack.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Efficient elliptic curve cryptosystems

Elliptic curve cryptosystems (ECC) are new generations of public key cryptosystems that have a smaller key size for the same level of security. The exponentiation on elliptic curve is the most important operation in ECC, so when the ECC is put into practice, the major problem is how to enhance the speed of the exponentiation. It is thus of great interest to develop algorithms for exponentiation...

متن کامل

An efficient blind signature scheme based on the elliptic curve discrete logarithm problem

Elliptic Curve Cryptosystems (ECC) have recently received significant attention by researchers due to their high performance such as low computational cost and small key size. In this paper a novel untraceable blind signature scheme is presented. Since the security of proposed method is based on difficulty of solving discrete logarithm over an elliptic curve, performance of the proposed scheme ...

متن کامل

A Weil Descent Attack against Elliptic Curve Cryptosystems over Quartic Extension Fields

This paper shows that many of elliptic curve cryptosystems over quartic extension fields of odd characteristics are reduced to genus two hyperelliptic curve cryptosystems over quadratic extension fields. Moreover, it shows that almost all of the genus two hyperelliptic curve cryptosystems over quadratic extension fields of odd characteristics come under Weil descent attack. This means that many...

متن کامل

On Implementation of GHS Attack against Elliptic Curve Cryptosystems over Cubic Extension Fields of Odd Characteristics

In this paper, we present algorithms for implementation of the GHS attack to Elliptic curve cryptosystems (ECC). In particular, we consider two large classes of elliptic curves over cubic extension fields of odd characteristics which have weak covering curves against GHS attack, whose existence have been shown recently [16][17][18]. We show an algorithm to find definition equation of the coveri...

متن کامل

A New Scan Attack on Elliptic Curve Cryptosystems in presence of Industrial Design for Testability Structures

This paper presents a new scan-based attack on hardware implementations of Elliptic Curve Cryptosystems (ECC). Several up-to-date Design-for-Testability (DfT) features are considered, including response compaction, XMasking and partial scan. Practical aspects of the proposed scan-based attack are presented, namely timing and leakage analysis that allows finding out data related to the secret ke...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003