Paper 2015/882

Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks

Margaux Dugardin, Sylvain Guilley, Martin Moreau, Zakaria Najm, and Pablo Rauzy


Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future fault attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new “test-free” variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension during the elliptic curve operation to evaluate the efficient of this method on Edwards and twisted Edwards curves.

Note: This version corresponds to the definitive submission for the proceedings of the PROOFS 2016 workshop.

Available format(s)
Publication info
Preprint. MINOR revision.
fault injection attackcountermeasureasymmetric cryptographyelliptic curve cryptographyedwards curvemodular extension
Contact author(s)
pr @ ai univ-paris8 fr
2016-08-14: last of 3 revisions
2015-09-13: received
See all versions
Short URL
Creative Commons Attribution


      author = {Margaux Dugardin and Sylvain Guilley and Martin Moreau and Zakaria Najm and Pablo Rauzy},
      title = {Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2015/882},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.