Cryptology ePrint Archive: Report 2017/170
Error-free protection of EC point multiplication by modular extension
Abstract: An implementation of a point multiplication function in an
elliptic-curve cryptosystem can be attacked by fault injections
in order to reveal the secret multiplier.
A special kind of such an attack is the sign-change fault attack.
Here the result of a point multiplication is changed in such a way
that it is still a point on the curve. A well-known countermeasure
against this kind of attack is
to perform the point multiplication on a modular extension of the
main curve by a small curve. Then the result is checked against the
result of the same point multiplication recalculated on the small curve.
The problem with this countermeasure is that the point at infinity
on the small curve may be reached as an intermediate result with a
non-negligible probability. In this case the comparison with
the result on the small curve is either faulty or meaningless.
We propose a variant of the
modular extension countermeasure where the point at infinity is
never reached as an intermediate result on the main or on
the small curve.
Category / Keywords: implementation / elliptic curve, point multiplication, modulus extension
Date: received 21 Feb 2017
Contact author: m seysen at gmx de
Available format(s): PDF | BibTeX Citation
Version: 20170227:144823 (All versions of this report)
Short URL: ia.cr/2017/170
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]