Welcome to the resource topic for 2003/191
Title:
Projective Coordinates Leak
Authors: David Naccache, Nigel Smart, Jacques Stern
Abstract:Denoting by P=[k]G the elliptic-curve double-and-add
multiplication of a public base point G by a secret k,
we show that allowing an adversary access to the projective
representation of P results in information being revealed about k.
Such access might be granted to an adversary by a poor
software implementation that does not erase the Z
coordinate of P from the computer’s memory or by a computationally-constrained secure token that
sub-contracts the affine conversion of P to the external world.
From a wider perspective, our result proves that the choice of
representation of elliptic curve points {\sl can reveal}
information about their underlying discrete logarithms, hence
casting potential doubt on the appropriateness of blindly
modelling elliptic-curves as generic groups.
As a conclusion, our result underlines the necessity to sanitize
Z after the affine conversion or, alternatively,
randomize P before releasing it out.
ePrint: https://eprint.iacr.org/2003/191
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .