Projective Coordinates Leak

D Naccache, NP Smart, J Stern

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

35 Citations (Scopus)


Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups.
Translated title of the contributionProjective Coordinates Leak
Original languageEnglish
Title of host publicationAdvances in Cryptology - EUROCRYPT 2004
PublisherSpringer Berlin Heidelberg
Pages257 - 267
Number of pages11
Publication statusPublished - May 2004

Bibliographical note

ISBN: 3540219358
Publisher: Springer
Name and Venue of Conference: Advances in Cryptology - EuroCrypt 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2-6 May


Dive into the research topics of 'Projective Coordinates Leak'. Together they form a unique fingerprint.

Cite this