Skip to main content
SpringerLink
Log in

Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Elliptic curve cryptosystems in the presence of faults were studied by Biehl et al., Advances in Cryptology CRYPTO 2000, Springer Verlag (2000) pp. 131–146. The first fault model they consider requires that the input point P in the computation of dP is chosen by the adversary. Their second and third fault models only require the knowledge of P. But these two latter models are less ‘practical’ in the sense that they assume that only a few bits of error are inserted (typically exactly one bit is supposed to be disturbed) either into P just prior to the point multiplication or during the course of the computation in a chosen location.

This paper relaxes these assumptions and shows how random (and thus unknown) errors in either coordinates of point P, in the elliptic curve parameters or in the field representation enable the (partial) recovery of multiplier d. Then, from multiple point multiplications, we explain how this can be turned into a total key recovery. Simple precautions to prevent the leakage of secrets are also discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. IEEEStd 1363-2000. IEEE Standard Specifications for Public-Key Cryptography. IEEE Computer Society, August29, 2000.

  2. Federal Information Processing Standards PublicationFIPS 186-2. Digital Signature Standard (DSS), appendix 6: “Recommended elliptic curves for federal government use”. National Institute of Standards and Technology, January27, 2000. Available at URL http://csrc.nist.gov/publications/fips/fips186-2/fips186-2.pdf.

  3. F. Bao, R. H. Deng,Han Y., A.B. Jeng, A. D. Narasimbalu and T.-H. Ngair. Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In B.Christianson, B.Crispo, M.Lomas and M.Roe (eds), Security Protocols, Volume 1361 ofLecture Notes in Computer Science, Springer-Verlag (1997) pp. 115–124.

  4. I. Biehl,Meyer B., and V. Müller. Differential fault attacks on elliptic curve cryptosystems. In M.Bellare (ed.),Advances in Cryptology – CRYPTO2000, Volume 1880 of Lecture Notes in Computer Science, Springer-Verlag (2000) pp. 131–146.

  5. E. Biham and Shamir A., Differential fault analysis of secret key cryptosystems. In B. S.Kaliski Jr. (ed.), Advances in Cryptology – CRYPTO ’97, Volume 1294 of Lecture Notes in Computer Science, Springer-Verlag (1997) pp. 513–525.

  6. D. Boneh, R. A. DeMillo and R. J. Lipton, On the importance of checking cryptographic protocols for faults. In W.Fumy (ed.),Advances in Cryptology – EUROCRYPT ’97, Volume 1233 ofLecture Notes in Computer Science, Springer-Verlag (1997) pp. 37–51.

  7. D. Boneh R.A. DeMillo R.J. Lipton (2001) ArticleTitleOn the importance of eliminating errors in cryptographic computations Journal of Cryptology 14 IssueID(2 101–119

    Google Scholar 

  8. E. De Win, Mister S., Preneel B., and Wiener M., On the performance of signature schemes based on elliptic curves. In J.-P. Buhler (ed.),Algorithmic Number Theory Symposium, Volume 1423 ofLecture Notes in Computer Science, Springer-Verlag (1998) pp. 252–266.

  9. T. ElGamal (1985) ArticleTitleA public key cryptosystem and a signature scheme based on discrete logarithms IEEE Transactions on Information Theory IT-31 IssueID4 469–472

    Google Scholar 

  10. S. D. Galbraith, Hess F., and N. P. Smart, Extending the GHS Weil descent attack. In L.Knudsen (ed.),Advances in Cryptology – EUROCRYPT2002, Volume 2332 ofLecture Notes in Computer Science, Springer-Verlag (2002) pp. 29–44.

  11. P. Gaudry F. Hess N.P. Smart (2002) ArticleTitleConstructive and destructive facets of Weil descent on elliptic curves Journal of Cryptology 15 IssueID(1 19–46

    Google Scholar 

  12. F. Hess, The GHS attack revisited. In E.Biham (ed.),Advances in Cryptology – EUROCRYPT2003, Volume 2656 of Lecture Notes in Computer Science, Springer-Verlag (2003) 374–387.

  13. M. Joye, J.-J. Quisquater, Bao F., and R. H. Deng, RSA-type signatures in the presence of transient faults. In M.Darnell, (ed.),Cryptography and Coding, Volume 1355 of Lecture Notes in Computer Science, Springer-Verlag (1997) pp. 155–160.

  14. N. Koblitz (1987) ArticleTitleElliptic curve cryptosystems Mathematics of Computation 48 IssueID177 203–209

    Google Scholar 

  15. P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N.Koblitz (ed.),Advances in Cryptology – CRYPTO ’96, Volume 1109 ofLecture Notes in Computer Science, Springer-Verlag (1996) pp. 104–113.

  16. P. Kocher, Jaffe J., and Jun B.,, Differential power analysis. In M.Wiener (ed.),Advances in Cryptology – CRYPTO ’99, Volume 1666 ofLecture Notes in Computer Science, Springer-Verlag (1999) pp. 388–397.

  17. M. Maurer, A. J. Menezes and Teske E., Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree. In C.Pandu Rangan and C.Ding (ed.),Progress in Cryptology – INDOCRYPT2001, Volume 2247 of Lecture Notes in Computer Science, Springer-Verlag (2001) pp. 195–213.

  18. A. J. Menezes, Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers (1993).

  19. A. Menezes T. Okamoto S. Vanstone (1993) ArticleTitleReducing elliptic curve logarithms to logarithms in a finite field IEEE Transactions on Information Theory 39 1639–1646

    Google Scholar 

  20. A. J. Menezes and Qu M.,, Analysis of the Weil descent attack of Gaudry, Hess and Smart. In D.Naccache (ed.), Topics in Cryptology – CT-RSA2001, Volume 2020 of Lecture Notes in Computer Science, Springer (2001) pp.308–318.

  21. V. S. Miller, Use of elliptic curves in cryptography. In H. C. Williams (ed.),Advances in Cryptology – CRYPTO ’85, Volume 218 ofLecture Notes in Computer Science, Springer (1986) pp. 417–426.

  22. J.M. Pollard (1978) ArticleTitleMonte Carlo methods for index computation (mod p) Mathematics of Computation 32 918–924

    Google Scholar 

  23. J.M. Pollard (2000) ArticleTitleKangaroos, monopoly and discrete logarithms Journal of Cryptology 13 IssueID4 437–447

    Google Scholar 

  24. N. P. Smart, How secure are elliptic curves over composite extension fields? In B.Pfitzmann (ed.),Advances in Cryptology – EUROCRYPT2001, Volume 2045 of Lecture Notes in Computer Science, Springer-Verlag (2001) pp. 30–39.

  25. J.A. Solinas, Generalized Mersenne numbers. Technical Report CORR-99-39, Dept of C&O, University of Waterloo, Canada (1999).

Download references

Author information

Authors and Affiliations

  1. UCL Crypto Group, Université catholique de Louvain, Place du Levant 3, 1348, Louvain-la-Neuve, Belgium

    Mathieu Ciet

  2. Card Security Group, La Vigie, Gemplus, Avenue du Jujubier, ZI Athélia IV, 13705, La Ciotat, Cedex, France

    Marc Joye

Authors
  1. Mathieu Ciet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marc Joye
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Marc Joye.

Additional information

communication by : P. Wild

The work described in this paper has been supported [in part] by the Commission of the European Communities through the IST Programme under Contract IST-1999-12324, http://www.cryptonessie.org/. The information in this document is provided as is, and no guarantee or warranty is given or implied that the information is fit for any particular purpose. The user thereof uses the information at his sole risk and liability. The views expressed are those of the authors and do not represent an official view/position of the NESSIE project (as a whole)

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ciet, M., Joye, M. Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. Des Codes Crypt 36, 33–43 (2005). https://doi.org/10.1007/s10623-003-1160-8

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-003-1160-8

Keywords

Search

Navigation