Power analysis attacks on elliptic curve based systems work by analysing the point multiplication algorithm. Recently Goubin observed that if an attacker can choose the point $P$ to enter into the point multiplication algorithm then none of the standard three randomizations can fully defend against a DPA attack. In this paper we examine Goubin's attack in more detail and completely discount its effectiveness when the attacker chooses a point of finite order, for the remaining cases we propose a defence based on using isogenies of small degree.
|Translated title of the contribution||An Analysis of Goubin's Refined Power Analysis Attack|
|Title of host publication||Cryptographic Hardware and Embedded Systems - CHES 2003|
|Publisher||Springer Berlin Heidelberg|
|Pages||281 - 290|
|Number of pages||9|
|Publication status||Published - Sep 2003|