Decompose and conquer: ZVP attacks on GLV curves

Vojtěch Suchánek; Vladimír Sedláček; Marek Sýs

Paper 2025/076

Decompose and conquer: ZVP attacks on GLV curves

Vojtěch Suchánek, Masaryk University

Vladimír Sedláček

Marek Sýs

Abstract

While many side-channel attacks on elliptic curve cryptography can be avoided by coordinate randomization, this is not the case for the zero-value point (ZVP) attack. This attack can recover a prefix of static ECDH key but requires solving an instance of the dependent coordinates problem (DCP), which is open in general. We design a new method for solving the DCP on GLV curves, including the Bitcoin secp256k1 curve, outperforming previous approaches. This leads to a new type of ZVP attack on multiscalar multiplication, recovering twice as many bits when compared to the classical ZVP attack. We demonstrate a recovery of the private key for the interleaving algorithm for multiscalar multiplication. Finally, we analyze the largest database of curves and addition formulas with over 14 000 combinations and provide the first classification of their resistance against the ZVP attack.

Note: This preprint has not undergone peer review or any post-submission improvements or corrections.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. Minor revision. ACNS - Applied Cryptography and Network Security
Keywords: dependent coordinates problem elliptic curve cryptography GLV curve side-channel attacks ZVP attack
Contact author(s): vojtechsu @ mail muni cz
vlada sedlacek @ mail muni cz
syso @ mail muni cz
History: 2025-01-18: approved; 2025-01-17: received; See all versions
Short URL: https://ia.cr/2025/076
License: CC BY

BibTeX

@misc{cryptoeprint:2025/076,
      author = {Vojtěch Suchánek and Vladimír Sedláček and Marek Sýs},
      title = {Decompose and conquer: {ZVP} attacks on {GLV} curves},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/076},
      year = {2025},
      url = {https://eprint.iacr.org/2025/076}
}