Abstract
Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a
secret $k$, we show that allowing an adversary access to the projective
representation of $P$, obtained using a particular double and add method, may re
sult in
information being revealed about $k$.
\smallskip
Such access might be granted to an adversary by a poor
software implementation that does not erase the $Z$
coordinate of $P$ from the computer's memory or by a computationally-constrained
secure token that
sub-contracts the affine conversion
of $P$ to the external world.
\smallskip
From a wider perspective, our result proves that the choice of
representation of elliptic curve points {\sl can reveal} information about their
underlying
discrete logarithms, hence casting potential doubt on the appropriateness of bli
ndly modelling
elliptic-curves as generic groups.
Translated title of the contribution | Projective Coordinates Leak |
---|---|
Original language | English |
Title of host publication | Advances in Cryptology - EUROCRYPT 2004 |
Publisher | Springer Berlin Heidelberg |
Pages | 257 - 267 |
Number of pages | 11 |
Volume | 3027 |
DOIs | |
Publication status | Published - May 2004 |
Bibliographical note
ISBN: 3540219358Publisher: Springer
Name and Venue of Conference: Advances in Cryptology - EuroCrypt 2004. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2-6 May
Other: http://www.cs.bris.ac.uk/Publications/pub_info.jsp?id=2000083