Paper 2015/1001

Dismantling real-world ECC with Horizontal and Vertical Template Attacks

Margaux Dugardin, Louiza Papachristodoulou, Zakaria Najm, Lejla Batina, Jean-Luc Danger, Sylvain Guilley, Jean-Christophe Courrege, and Carine Therond


Recent side-channel attacks on elliptic curve algorithms have shown that the security of these cryptosystems is a matter of serious concern. The development of techniques in the area of Template Attacks makes it feasible to extract a 256-bit secret key with only 257 traces. This paper enhances the applicability of this attack by exploiting both the horizontal leakage of the carry propagation during the finite field multiplication, and the vertical leakage of the input data. As a further contribution, our method provides detection and auto-correction of possible errors that may occur during the key recovery. These enhancements come at the cost of extra traces, while still providing a practical attack. Finally, we show that the elliptic curve technology developed in PolarSSL running on a ARM STM32F4 platform is completely vulnerable, when used without any modifications or countermeasures.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Side-channel analysishorizontal leakagevertical leakagescalar multiplicationBrainpool curvesNIST curvesPolarSSL.
Contact author(s)
louiza @ cryptologio org
2016-01-08: last of 2 revisions
2015-10-15: received
See all versions
Short URL
Creative Commons Attribution


      author = {Margaux Dugardin and Louiza Papachristodoulou and Zakaria Najm and Lejla Batina and Jean-Luc Danger and Sylvain Guilley and Jean-Christophe Courrege and Carine Therond},
      title = {Dismantling real-world ECC with Horizontal and Vertical Template Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2015/1001},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.