GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias

Abstract : The fastest implementations of elliptic curve cryptography in recent years have been achieved on curves endowed with nontriv-ial efficient endomorphisms, using techniques due to Gallant–Lambert– Vanstone (GLV) and Galbraith–Lin–Scott (GLS). In such implementa-tions, a scalar multiplication [k]P is computed as a double multiplication [k1]P + [k2]ψ(P), for ψ an efficient endomorphism and k1, k2 appropri-ate half-size scalars. To compute a random scalar multiplication, one can either select the scalars k1, k2 at random, hoping that the resulting k = k1 + k2λ is close to uniform, or pick a uniform k instead and decom-pose it as k1 + k2λ afterwards. The main goal of this paper is to discuss security issues that may arise using either approach. When k1 and k2 are chosen uniformly at random in [0, √ n), n = ord(P), we provide a security proofs under mild assumptions. However, if they are chosen as random integers of 1 2
Type de document :
Communication dans un congrès
Palash Sarkar, Tetsu Iwata. Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Dec 2014, Kaoshiung, Taiwan. Springer, Advances in Cryptologie - ASIACRYPT 2014, 8873, pp.262-281, 2014, Lecture Notes in Computer Science. 〈http://des.cse.nsysu.edu.tw/asiacrypt2014/〉. 〈10.1007/978-3-662-45611-8_14〉
Liste complète des métadonnées

Littérature citée [29 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01094002
Contributeur : Pierre-Alain Fouque <>
Soumis le : jeudi 11 décembre 2014 - 14:48:04
Dernière modification le : vendredi 16 novembre 2018 - 01:32:11
Document(s) archivé(s) le : samedi 15 avril 2017 - 07:59:09

Fichier

main.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Diego Aranha, Pierre-Alain Fouque, Benoit Gérard, Jean-Gabriel Kammerer, Mehdi Tibouchi, et al.. GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias. Palash Sarkar, Tetsu Iwata. Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Dec 2014, Kaoshiung, Taiwan. Springer, Advances in Cryptologie - ASIACRYPT 2014, 8873, pp.262-281, 2014, Lecture Notes in Computer Science. 〈http://des.cse.nsysu.edu.tw/asiacrypt2014/〉. 〈10.1007/978-3-662-45611-8_14〉. 〈hal-01094002〉

Partager

Métriques

Consultations de la notice

607

Téléchargements de fichiers

777