GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias - Archive ouverte HAL Access content directly
Conference Papers Year : 2014

GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias

(1) , (2, 3) , (3) , (4) , (5) , (6, 2, 3)
1
2
3
4
5
6

Abstract

The fastest implementations of elliptic curve cryptography in recent years have been achieved on curves endowed with nontriv-ial efficient endomorphisms, using techniques due to Gallant–Lambert– Vanstone (GLV) and Galbraith–Lin–Scott (GLS). In such implementa-tions, a scalar multiplication [k]P is computed as a double multiplication [k1]P + [k2]ψ(P), for ψ an efficient endomorphism and k1, k2 appropri-ate half-size scalars. To compute a random scalar multiplication, one can either select the scalars k1, k2 at random, hoping that the resulting k = k1 + k2λ is close to uniform, or pick a uniform k instead and decom-pose it as k1 + k2λ afterwards. The main goal of this paper is to discuss security issues that may arise using either approach. When k1 and k2 are chosen uniformly at random in [0, √ n), n = ord(P), we provide a security proofs under mild assumptions. However, if they are chosen as random integers of 1 2
Fichier principal
Vignette du fichier
main.pdf (413.04 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01094002 , version 1 (11-12-2014)

Identifiers

Cite

Diego Aranha, Pierre-Alain Fouque, Benoit Gérard, Jean-Gabriel Kammerer, Mehdi Tibouchi, et al.. GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias. Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Dec 2014, Kaoshiung, Taiwan. pp.262-281, ⟨10.1007/978-3-662-45611-8_14⟩. ⟨hal-01094002⟩
596 View
1229 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More