Cryptology ePrint Archive: Report 2003/013

Security Constraints on the Oswald-Aigner Exponentiation Algorithm

Colin D. Walter

Abstract: In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key. This scotches hopes that the expense of such blinding might be avoided by using the algorithm unless the differences between point additions and doublings can be obscured successfully.

Category / Keywords: public-key cryptography / power analysis attacks, elliptic curve cryptosystem

Date: received 22 Jan 2003

Contact author: colin walter at comodogroup com

Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20030122:221729 (All versions of this report)

Discussion forum: Show discussion | Start new discussion