Projective Coordinates Leak

D Naccache; NP Smart; J Stern

doi:10.1007/b97182

Projective Coordinates Leak

D Naccache, NP Smart, J Stern

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

33 Citations (Scopus)

Abstract

Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups.

Translated title of the contribution	Projective Coordinates Leak
Original language	English
Title of host publication	Advances in Cryptology - EUROCRYPT 2004
Publisher	Springer Berlin Heidelberg
Pages	257 - 267
Number of pages	11
Volume	3027
DOIs	https://doi.org/10.1007/b97182
Publication status	Published - May 2004

Bibliographical note

ISBN: 3540219358
Publisher: Springer
Name and Venue of Conference: Advances in Cryptology - EuroCrypt 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2-6 May
Other: http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=2000083

Access to Document

10.1007/b97182

http://www.springerlink.com/content/wplwfxjhaawbpw51/?p=c34f090bba3d4007aaa2c0368a1ae9f5&pi=15

Handle.net

Persistent link

Cite this

@inproceedings{627e18d709cb41449330a59a41749349,

title = "Projective Coordinates Leak",

abstract = "Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups. ",

author = "D Naccache and NP Smart and J Stern",

note = "ISBN: 3540219358 Publisher: Springer Name and Venue of Conference: Advances in Cryptology - EuroCrypt 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2-6 May Other: http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=2000083",

year = "2004",

month = may,

doi = "10.1007/b97182",

language = "English",

volume = "3027",

pages = "257 -- 267",

booktitle = "Advances in Cryptology - EUROCRYPT 2004",

publisher = "Springer Berlin Heidelberg",

address = "Germany",

}

TY - GEN

T1 - Projective Coordinates Leak

AU - Naccache, D

AU - Smart, NP

AU - Stern, J

N1 - ISBN: 3540219358 Publisher: Springer Name and Venue of Conference: Advances in Cryptology - EuroCrypt 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2-6 May Other: http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=2000083

PY - 2004/5

Y1 - 2004/5

N2 - Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups.

AB - Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups.

U2 - 10.1007/b97182

DO - 10.1007/b97182

M3 - Conference Contribution (Conference Proceeding)

VL - 3027

SP - 257

EP - 267

BT - Advances in Cryptology - EUROCRYPT 2004

PB - Springer Berlin Heidelberg

ER -

Projective Coordinates Leak

Abstract

Bibliographical note

Access to Document

Handle.net

Fingerprint

Cite this