Cryptology ePrint Archive: Report 2014/191

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Benoit Feix and Mylène Roussellet and Alexandre Venelli

Abstract: We present a new side-channel attack path threatening state-of-the-art protected implementations of elliptic curves embedded scalar multiplications. Regular algorithms such as the double-and-add-always and the Montgomery ladder are commonly used to protect the scalar multiplication from simple side-channel analysis. Combining such algorithms with scalar and/or point blinding countermeasures lead to scalar multiplications protected from all known attacks. Scalar randomization, which consists in adding a random multiple of the group order to the scalar value, is a popular countermeasure due to its efficiency. Amongst the several curves defined for usage in elliptic curves products, the most used are those standardized by the NIST. As observed in several previous publications, the modulus, hence the orders, of these curves are sparse, primarily for efficiency reasons. In this paper, we take advantage of this specificity to present new attack paths which combine vertical and horizontal side-channel attacks to recover the entire secret scalar in state-of-the-art protected elliptic curve implementations

Category / Keywords: Elliptic curves, Scalar multiplication, Side-channel analysis, Correlation analysis

Original Publication (with major differences): This is the extended version of a paper accepted at INDOCRYPT 2014

Date: received 12 Mar 2014, last revised 22 Sep 2014

Contact author: alexandre venelli at gmail com

Available format(s): PDF | BibTeX Citation

Note: Extended version of proceedings Added reference to future publication/proceedings at Indocrypt 2014

Version: 20140922:214421 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]