[Resource Topic] 2003/191: Projective Coordinates Leak

Welcome to the resource topic for 2003/191

Projective Coordinates Leak

Authors: David Naccache, Nigel Smart, Jacques Stern


Denoting by P=[k]G the elliptic-curve double-and-add
multiplication of a public base point G by a secret k,
we show that allowing an adversary access to the projective
representation of P results in information being revealed about k.

Such access might be granted to an adversary by a poor
software implementation that does not erase the Z
coordinate of P from the computer’s memory or by a computationally-constrained secure token that
sub-contracts the affine conversion of P to the external world.

From a wider perspective, our result proves that the choice of
representation of elliptic curve points {\sl can reveal}
information about their underlying discrete logarithms, hence
casting potential doubt on the appropriateness of blindly
modelling elliptic-curves as generic groups.

As a conclusion, our result underlines the necessity to sanitize
Z after the affine conversion or, alternatively,
randomize P before releasing it out.

ePrint: https://eprint.iacr.org/2003/191

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .