Paper 2003/191

Projective Coordinates Leak

David Naccache, Nigel Smart, and Jacques Stern

Abstract

Denoting by P=[k]G the elliptic-curve double-and-add multiplication of a public base point G by a secret k, we show that allowing an adversary access to the projective representation of P results in information being revealed about k. Such access might be granted to an adversary by a poor software implementation that does not erase the coordinate of from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of to the external world. From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of blindly modelling elliptic-curves as generic groups. As a conclusion, our result underlines the necessity to sanitize after the affine conversion or, alternatively, randomize before releasing it out.

Metadata
Available format(s)
PS
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
nigel @ cs bris ac uk
History
2003-09-17: received
Short URL
https://ia.cr/2003/191
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2003/191,
      author = {David Naccache and Nigel Smart and Jacques Stern},
      title = {Projective Coordinates Leak},
      howpublished = {Cryptology {ePrint} Archive, Paper 2003/191},
      year = {2003},
      url = {https://eprint.iacr.org/2003/191}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.