Paper 2021/1595

A formula for disaster: a unified approach to elliptic curve special-point-based attacks

Vladimir Sedlacek, Jesús-Javier Chi-Domínguez, Jan Jancar, and Billy Bob Brumley


The Refined Power Analysis, Zero-Value Point, and Exceptional Procedure attacks introduced side-channel techniques against specific cases of elliptic curve cryptography. The three attacks recover bits of a static ECDH key adaptively, collecting information on whether a certain multiple of the input point was computed. We unify and generalize these attacks in a common framework, and solve the corresponding problem for a broader class of inputs. We also introduce a version of the attack against windowed scalar multiplication methods, recovering the full scalar instead of just a part of it. Finally, we systematically analyze elliptic curve point addition formulas from the Explicit-Formulas Database, classify all non-trivial exceptional points, and find them in new formulas. These results indicate the usefulness of our tooling, which we released publicly, for unrolling formulas and finding special points, and potentially for independent future work.

Available format(s)
Public-key cryptography
Publication info
Published by the IACR in ASIACRYPT 2021
elliptic curve cryptographyECCelliptic curve Diffie-HellmanECDHside-channel analysisRefined Power AnalysisRPAZero-Value Point attackZVPExceptional Procedure AttackEPAexceptional points
Contact author(s)
445358 @ mail muni cz
vlada sedlacek @ mail muni cz
jesus dominguez @ tii ae
billy brumley @ tuni fi
2021-12-06: received
Short URL
Creative Commons Attribution


      author = {Vladimir Sedlacek and Jesús-Javier Chi-Domínguez and Jan Jancar and Billy Bob Brumley},
      title = {A formula for disaster: a unified approach to elliptic curve special-point-based attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1595},
      year = {2021},
      doi = {10.1007/978-3-030-92062-3_5},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.