Denoting by the elliptic-curve double-and-add
multiplication of a public base point by a secret ,
we show that allowing an adversary access to the projective
representation of results in information being revealed about .
Such access might be granted to an adversary by a poor
software implementation that does not erase the
coordinate of from the computer's memory or by a computationally-constrained secure token that
sub-contracts the affine conversion of to the external world.
From a wider perspective, our result proves that the choice of
representation of elliptic curve points {\sl can reveal}
information about their underlying discrete logarithms, hence
casting potential doubt on the appropriateness of blindly
modelling elliptic-curves as generic groups.
As a conclusion, our result underlines the necessity to sanitize
after the affine conversion or, alternatively,
randomize before releasing it out.
@misc{cryptoeprint:2003/191,
author = {David Naccache and Nigel Smart and Jacques Stern},
title = {Projective Coordinates Leak},
howpublished = {Cryptology {ePrint} Archive, Paper 2003/191},
year = {2003},
url = {https://eprint.iacr.org/2003/191}
}
Note: In order to protect the privacy of readers, eprint.iacr.org
does not use cookies or embedded third party content.