Paper 2019/1220

Side-channel Attacks on Blinded Scalar Multiplications Revisited

Thomas Roche, Laurent Imbert, and Victor Lomné


In a series of recent articles (from 2011 to 2017), Schindler et al. show that exponent/scalar blinding is not as effective a countermeasure as expected against side-channel attacks targeting RSA modular exponentiation and ECC scalar multiplication. Precisely, these works demonstrate that if an attacker is able to retrieve many randomizations of the same secret, this secret can be fully recovered even when a significative proportion of the blinded secret bits are erroneous. With a focus on ECC, this paper improves the best results of Schindler et al. in the specific case of structured-order elliptic curves. Our results show that larger blinding material and higher error rates can be successfully handled by an attacker in practice. This study also opens new directions in this line of work by the proposal of a three-steps attack process that isolates the attack critical path (in terms of complexity and success rate) and hence eases the development of future solutions.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. CARDIS 2019
side-channel analysisscalar blindinghorizontal attacks
Contact author(s)
th roche @ gmail com
2019-12-13: revised
2019-10-21: received
See all versions
Short URL
Creative Commons Attribution


      author = {Thomas Roche and Laurent Imbert and Victor Lomné},
      title = {Side-channel Attacks on Blinded Scalar Multiplications Revisited},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1220},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.