Abstract. Schönhage-Strassen’s algorithm is one of the best known algorithms for multiplying large integers. Implementing it efficiently is of utmost importance, since many other algorithms rely on it as a subroutine. We present here an improved implementation, based on the one distributed within the GMP library. The following ideas and techniques were used or tried: faster arithmetic modulo 2 n + 1, improved cache locality, Mersenne transforms, Chinese Remainder Reconstruction, the √ 2 trick, Harley’s and Granlund’s tricks, improved tuning. We also discuss some ideas we plan to try in the future.

In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the y-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, with few faults (around one or two faults), we can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks. It turns out that this attack has not been anticipated as the security of the elliptic curve parameters in most standards can be strongly reduced. Especially, the attack is meaningful on some NIST or SECG parameters.

Hiermit versichere ich, dass ich meine Diplomarbeit selbst verfasst und keine anderen