Paper 2021/1580

High Order Side-Channel Security for Elliptic-Curve Implementations

Sonia Belaïd, CryptoExperts (France)
Matthieu Rivain, CryptoExperts (France)

Elliptic-curve implementations protected with state-of-the-art countermeasures against side-channel attacks might still be vulnerable to advanced attacks that recover secret information from a single leakage trace. The effectiveness of these attacks is boosted by the emergence of deep learning techniques for side-channel analysis which relax the control or knowledge an adversary must have on the target implementation. In this paper, we provide generic countermeasures to withstand these attacks for a wide range of regular elliptic-curve implementations. We first introduce a framework to formally model a regular algebraic program which consists of a sequence of algebraic operations indexed by key-dependent values. We then introduce a generic countermeasure to protect these types of programs against advanced single-trace side-channel attacks. Our scheme achieves provable security in the noisy leakage model under a formal assumption on the leakage of randomized variables. To demonstrate the applicability of our solution, we provide concrete examples on several widely deployed scalar multiplication algorithms and report some benchmarks for a protected implementation on a smart card.

Available format(s)
Publication info
Published by the IACR in TCHES 2023
Side-channel countermeasures elliptic-curve cryptography masking noisy leakage model collision attacks
Contact author(s)
sonia belaid @ cryptoexperts com
matthieu rivain @ cryptoexperts com
2022-10-14: revised
2021-12-03: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sonia Belaïd and Matthieu Rivain},
      title = {High Order Side-Channel Security for Elliptic-Curve Implementations},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1580},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.