| Links |
|
|
| [FLRV08] |
P.-A. Fouque, R. Lercier, D. Réal, and
F. Valette. Fault Attack on Elliptic Curve with Montgomery
Ladder Implementation.
In FDTC '08. 5th Workshop on Fault Diagnosis and Tolerance in
Cryptography, pages 92-98. IEEE-CS Press, August 2008.
In this paper, we present a new fault attack on elliptic
curve scalar product algorithms. This attack is tailored to
work on the classical Montgomery ladder method when the
y-coordinate is not used. No weakness has been reported so
far on such implementations, which are very efficient and
were promoted by several authors. But taking into account
the twist of the elliptic curves, we show how, with few
faults (around one or two faults), we can retrieve the full
secret exponent even if classical countermeasures are
employed to prevent fault attacks. It turns out that this
attack has not been anticipated as the security of the
elliptic curve parameters in most standards can be strongly
reduced. Especially, the attack is meaningful on some NIST
or SECG parameters.
[ bib |
preprint |
publication ]
Back |
|
|
![[fr]](../inc/img/skin/medicis/fr.gif)
![[en]](../inc/img/skin/medicis/en.gif)
