Welcome to the resource topic for
**2003/028**

**Title:**

Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

**Authors:**
Mathieu Ciet, Marc Joye

**Abstract:**

Elliptic curve cryptosystems in the presence of faults were studied

by Biehl, Meyer and Mueller (2000). The first fault model they

consider requires that the input point P in the

computation of dP is chosen by the adversary.

Their second and third fault models only require the knowledge of P.

But these two latter models are less `practicalâ€™ in

the sense that they assume that only a few bits of error are

inserted (typically exactly one bit is supposed to be disturbed)

either into P just prior to the point multiplication or

during the course of the computation in a chosen location.

This report relaxes these assumptions and shows how random

(and thus unknown) errors in either coordinates of point P,

in the elliptic curve parameters or in the field

representation enable the (partial) recovery of multiplier d.

Then, from multiple point multiplications, we explain how this can

be turned into a total key recovery. Simple precautions to prevent

the leakage of secrets are also discussed.

**ePrint:**
https://eprint.iacr.org/2003/028

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

**Example resources include:**
implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .