[Resource Topic] 2003/013: Security Constraints on the Oswald-Aigner Exponentiation Algorithm

Welcome to the resource topic for 2003/013

Title:
Security Constraints on the Oswald-Aigner Exponentiation Algorithm

Authors: Colin D. Walter

Abstract:

In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Recently, Oswald and Aigner described such an algorithm suitable for point multiplication in elliptic curve cryptography (ECC). With the assumption that an attacker can identify additions and doublings and distinguish them from each other during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key.
This scotches hopes that the expense of such blinding might be avoided
by using the algorithm unless the differences between point additions and doublings can be obscured successfully.

ePrint: https://eprint.iacr.org/2003/013

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .