Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DCC
2005
IEEE
2005
IEEE
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults
Elliptic curve cryptosystems in the presence of faults were studied by Biehl, Meyer and M?uller (2000). The first fault model they consider requires that the input point P in the computation of dP is chosen by the adversary. Their second and third fault models only require the knowledge of P . But these two latter models are less `practical' in the sense that they assume that only a few bits of error are inserted (typically exactly one bit is supposed to be disturbed) either into P just prior to the point multiplication or during the course of the computation in a chosen location. This paper relaxes these assumptions and shows how random (and thus unknown) errors in either coordinates of point P , in the elliptic curve parameters or in the field representation enable the (partial) recovery of multiplier d. Then, from multiple point multiplications, we explain how this can be turned into a total key recovery. Simple precautions to prevent the leakage of secrets are also discussed. ...
Real-time TrafficComputer Graphics | DCC 2005 | Elliptic Curve | Elliptic Curve Cryptosystems | Elliptic Curve Parameters |
| Added | 25 Dec 2009 |
| Updated | 25 Dec 2009 |
| Type | Conference |
| Year | 2005 |
| Where | DCC |
| Authors | Mathieu Ciet, Marc Joye |
Comments (0)
Researcher Info
|
