Cryptology ePrint Archive: Report 2003/013
Security Constraints on the Oswald-Aigner Exponentiation Algorithm
Colin D. Walter
Abstract: In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key.
This scotches hopes that the expense of such blinding might be avoided
by using the algorithm unless the differences between point additions and doublings can be obscured successfully.
Category / Keywords: public-key cryptography / power analysis attacks, elliptic curve cryptosystem
Date: received 22 Jan 2003
Contact author: colin walter at comodogroup com
Available formats: Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20030122:221729 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]