Results 1 
9 of
9
Sign Change Fault Attacks on Elliptic Curve Cryptosystems
 Fault Diagnosis and Tolerance in Cryptography 2006 (FDTC ’06), volume 4236 of Lecture Notes in Computer Science
, 2004
"... We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to out ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.
Binary Edwards Curves
"... Abstract. This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a new shape for ordinary elliptic curves over fields of characteristic 2. Using the new shape, this paper presents the first complete addition formulas for binary elliptic curves, i.e., addition formulas that work for all pairs of input points, with no exceptional cases. If n ≥ 3 then the complete curves cover all isomorphism classes of ordinary elliptic curves over F2 n. This paper also presents dedicated doubling formulas for these curves using 2M + 6S + 3D, where M is the cost of a field multiplication, S is the cost of a field squaring, and D is the cost of multiplying by a curve parameter. These doubling formulas are also the first complete doubling formulas in the literature, with no exceptions for the neutral element, points of order 2, etc. Finally, this paper presents complete formulas for differential addition, i.e., addition of points with known difference. A differential addition and doubling, the basic step in a Montgomery ladder, uses 5M + 4S + 2D when the known difference is given in affine form.
Elligator: Ellipticcurve points indistinguishable from uniform random strings
"... Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unbloc ..."
Abstract

Cited by 16 (1 self)
 Add to MetaCart
(Show Context)
Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unblocked programs, so that simple traffic profiling cannot identify the tools within a reasonable number of traces; the censors respond by deploying firewalls with increasingly sophisticated deeppacket inspection. Cryptography hides patterns in user data but does not evade censorship if the censor can recognize patterns in the cryptography itself. In particular, ellipticcurve cryptography often transmits points on known elliptic curves, and those points are easily distinguishable from uniform random strings of bits. This paper introduces highsecurity highspeed ellipticcurve systems in which ellipticcurve points are encoded so as to be indistinguishable from uniform random strings. 1.
Stateoftheart of secure ECC implementations: a survey on known sidechannel attacks and countermeasures
, 2010
"... Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complet ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
Implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and uptodate table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarizes known physical attacks and countermeasures on Elliptic Curve Cryptosystems. Instead of repeating the details of different attacks, we focus on a systematic way of organizing and understanding known attacks and countermeasures. Three principles of selecting countermeasures to thwart multiple attacks are given. This paper can be used as a road map for countermeasure selection in a first design iteration.
Implementation of Binary Edwards Curves for VeryConstrained Devices
 in Proceedings of 21st International Conference on Applicationspecific Systems Architectures and Processors (ASAP
"... Abstract—Elliptic Curve Cryptography (ECC) is considered as the best candidate for PublicKey Cryptosystems (PKC) for ubiquitous security. Recently, Elliptic Curve Cryptography (ECC) based on Binary Edwards Curves (BEC) has been proposed and it shows several interesting properties, e.g., completenes ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Elliptic Curve Cryptography (ECC) is considered as the best candidate for PublicKey Cryptosystems (PKC) for ubiquitous security. Recently, Elliptic Curve Cryptography (ECC) based on Binary Edwards Curves (BEC) has been proposed and it shows several interesting properties, e.g., completeness and security against certain exceptionalpoints attacks. In this paper, we propose a hardware implementation of the BEC for extremely constrained devices. The wcoordinates and Montgomery powering ladder are used. Next, we also give techniques to reduce the register file size, which is the largest component of the embedded core. Thirdly, we apply gated clocking to reduce the overall power consumption. The implementation has a size of 13,427 Gate Equivalent (GE), and 149.5 ms are required for one point multiplication. To the best of our knowledge, this is the first hardware implementation of binary Edwards curves.
Binary Huff Curves
"... Abstract. This paper describes the addition law for a new form for elliptic curves over fields of characteristic 2. Specifically, it presents explicit formulæ for adding two different points and for doubling points. The case of differential point addition (that is, point addition with a known differ ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Abstract. This paper describes the addition law for a new form for elliptic curves over fields of characteristic 2. Specifically, it presents explicit formulæ for adding two different points and for doubling points. The case of differential point addition (that is, point addition with a known difference) is also addressed. Finally, this paper presents unified point addition formulæ; i.e., point addition formulæ that can be used for doublings. Applications to cryptographic implementations are discussed.
Cryptology ePrint Archive
"... ABSTRACT Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to ma ..."
Abstract
 Add to MetaCart
(Show Context)
ABSTRACT Censorshipcircumvention tools are in an arms race against censors. The censors study all traffic passing into and out of their controlled sphere, and try to disable censorshipcircumvention tools without completely shutting down the Internet. Tools aim to shape their traffic patterns to match unblocked programs, so that simple traffic profiling cannot identify the tools within a reasonable number of traces; the censors respond by deploying firewalls with increasingly sophisticated deeppacket inspection. Cryptography hides patterns in user data but does not evade censorship if the censor can recognize patterns in the cryptography itself. In particular, ellipticcurve cryptography often transmits points on known elliptic curves, and those points are easily distinguishable from uniform random strings of bits. This paper introduces highsecurity highspeed ellipticcurve systems in which ellipticcurve points are encoded so as to be indistinguishable from uniform random strings. At a lower level, this paper introduces a new bijection between strings and about half of all curve points; this bijection is applicable to every oddcharacteristic elliptic curve with a point of order 2, except for curves of jinvariant 1728. This paper also presents guidelines to construct, and two examples of, secure curves suitable for these encodings.
Efficient ephemeral elliptic curve cryptographic keys
"... Abstract. We show how any pair of authenticated users can onthefly agree on an elliptic curve group that is unique to their communication session, unpredictable to outside observers, and secure against known attacks. Our proposal is suitable for deployment on constrained devices such as smartphon ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. We show how any pair of authenticated users can onthefly agree on an elliptic curve group that is unique to their communication session, unpredictable to outside observers, and secure against known attacks. Our proposal is suitable for deployment on constrained devices such as smartphones, allowing them to efficiently generate ephemeral parameters that are unique to any single cryptographic application such as symmetric key agreement. For such applications it thus offers an alternative to long term usage of standardized or otherwise pregenerated elliptic curve parameters, obtaining security against cryptographic attacks aimed at other users, and eliminating the need to trust elliptic curves generated by third parties.
On the Implementation of Unified Arithmetic on Binary Huff Curves
"... Abstract. Unified formula for computing elliptic curve point addition and doubling are considered to be resistant against simple poweranalysis attack. A new elliptic curve formula known as unified binary Huff curve in this regard has appeared into the literature in 2011. This paper is devoted to an ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Unified formula for computing elliptic curve point addition and doubling are considered to be resistant against simple poweranalysis attack. A new elliptic curve formula known as unified binary Huff curve in this regard has appeared into the literature in 2011. This paper is devoted to analyzing the applicability of this elliptic curve in practice. Our paper has two contributions. We provide an efficient implementation of the unified Huff formula in projective coordinates on FPGA. Secondly, we point out its sidechannel vulnerability and show the results of an actual attack. It is claimed that the formula is unified and there will be no power consumption difference when computing point addition and point doubling operations, observable with simple power analysis (SPA). In this paper, we contradict their claim showing actual SPA results on a FPGA platform and propose a modified arithmetic and its suitable implementation technique to overcome the vulnerability.