GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias - Université de Rennes Accéder directement au contenu
Communication Dans Un Congrès Année : 2014

GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias

Résumé

The fastest implementations of elliptic curve cryptography in recent years have been achieved on curves endowed with nontriv-ial efficient endomorphisms, using techniques due to Gallant–Lambert– Vanstone (GLV) and Galbraith–Lin–Scott (GLS). In such implementa-tions, a scalar multiplication [k]P is computed as a double multiplication [k1]P + [k2]ψ(P), for ψ an efficient endomorphism and k1, k2 appropri-ate half-size scalars. To compute a random scalar multiplication, one can either select the scalars k1, k2 at random, hoping that the resulting k = k1 + k2λ is close to uniform, or pick a uniform k instead and decom-pose it as k1 + k2λ afterwards. The main goal of this paper is to discuss security issues that may arise using either approach. When k1 and k2 are chosen uniformly at random in [0, √ n), n = ord(P), we provide a security proofs under mild assumptions. However, if they are chosen as random integers of 1 2
Fichier principal
Vignette du fichier
main.pdf (413.04 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01094002 , version 1 (11-12-2014)

Identifiants

Citer

Diego Aranha, Pierre-Alain Fouque, Benoit Gérard, Jean-Gabriel Kammerer, Mehdi Tibouchi, et al.. GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias. Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Dec 2014, Kaoshiung, Taiwan. pp.262-281, ⟨10.1007/978-3-662-45611-8_14⟩. ⟨hal-01094002⟩
619 Consultations
1397 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More