Elliptic curve cryptosystems in the presence of permanent and transient faults (Q2486874)

From MaRDI portal
scientific article
Language Label Description Also known as
English
Elliptic curve cryptosystems in the presence of permanent and transient faults
scientific article

    Statements

    Elliptic curve cryptosystems in the presence of permanent and transient faults (English)
    0 references
    0 references
    0 references
    17 August 2005
    0 references
    The paper studies the security of elliptic curve cryptosystems in the presence of ``faults''. The security of elliptic cryptosystems based on the computational difficulty of solving the Discrete Logarithm Problem relies in the difficulty of finding \(d\) (the secret key) starting from \(dP\) (public key) where \(P\) is a fixed public point on a given elliptic curve \(E\). Intents of recovery of \(d\) can be based on attacks to the underlying discrete logarithm problem or in physical attacks (side-channel analysis, fault analysis). In [Crypto 2000, Lect. Notes Comput. Sci. 1880, 131--146 (2000; Zbl 0989.94505)] \textit{I. Biehl} et al. show that some information about \(d\) can be obtained if the attacker change the point \(P\) for another one \(\tilde{P}\) (not on the original curve but on a new one \(\tilde{E}\) ) chosen by him. These authors also consider a second attack in which a bit of error is inserted into \(P\). The present paper enlarges the scope of those attacks. The authors consider two possible scenarios: a \`\` permanent fault'' (a fault in the system parameters stored in a non-volatile memory) and a ``transient fault'' (faults during the transfer of the parameters into working memory). The first two sections are introductory. Section 3 describes the possibility of attacks, both in the permanent case and in the transient one, when faults are introduced in the point \(P\), in the definition field or in the parameters of the curve. This would allow to recover the value of \(d\) modulo \(r\), where \(r=\text{ord}_{\tilde{P}}(\tilde{E})\). Section 4, of conclusions, also points out the security measures that can be adopted to prevent those attacks.
    0 references
    elliptic curve cryptography
    0 references
    discrete logarithm problem
    0 references
    fault analysis
    0 references
    fault attacks
    0 references
    information leakage
    0 references

    Identifiers