Cryptology ePrint Archive: Report 2019/1220

Side-channel Attacks on Blinded Scalar Multiplications Revisited

Thomas Roche and Laurent Imbert and Victor Lomné

Abstract: In a series of recent articles (from 2011 to 2017), Schindler et al. show that exponent/scalar blinding is not as effective a countermeasure as expected against side-channel attacks targeting RSA modular exponentiation and ECC scalar multiplication. Precisely, these works demonstrate that if an attacker is able to retrieve many randomizations of the same secret, this secret can be fully recovered even when a significative proportion of the blinded secret bits are erroneous. With a focus on ECC, this paper improves the best results of Schindler et al. in both the generic case of random-order elliptic curves and the specific case of structured-order elliptic curves. Our results show that larger blinding material and higher error rates can be successfully handled by an attacker in practice. This study also opens new directions in this line of work by the proposal of a three-steps attack process that isolates the attack critical path (in terms of complexity and success rate) and hence eases the development of future solutions.

Category / Keywords: public-key cryptography / side-channel analysis, scalar blinding, horizontal attacks

Original Publication (in the same form): CARDIS 2019

Date: received 17 Oct 2019

Contact author: th roche at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20191021:081858 (All versions of this report)

Short URL: ia.cr/2019/1220


[ Cryptology ePrint archive ]