Paper 2003/013

Security Constraints on the Oswald-Aigner Exponentiation Algorithm

Colin D. Walter

Abstract

In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key. This scotches hopes that the expense of such blinding might be avoided by using the algorithm unless the differences between point additions and doublings can be obscured successfully.

Metadata
Available format(s)
PDF PS
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
power analysis attackselliptic curve cryptosystem
Contact author(s)
colin walter @ comodogroup com
History
2003-01-22: received
Short URL
https://ia.cr/2003/013
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2003/013,
      author = {Colin D.  Walter},
      title = {Security Constraints on the Oswald-Aigner Exponentiation Algorithm},
      howpublished = {Cryptology ePrint Archive, Paper 2003/013},
      year = {2003},
      note = {\url{https://eprint.iacr.org/2003/013}},
      url = {https://eprint.iacr.org/2003/013}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.