Skip to main content

Projective Coordinates Leak

Nigel Smart, Jacques Stern, David Naccache, Projective Coordinates Leak. Advances in Cryptology - EuroCrypt 2004. ISBN 3-540-21935-8, pp. 257–267. April 2004. No electronic version available. External information


Denoting by $P=[k]G$ the elliptic-curve double-and-add multiplication of a public base point $G$ by a secret $k$, we show that allowing an adversary access to the projective representation of $P$, obtained using a particular double and add method, may re sult in information being revealed about $k$. \smallskip

Such access might be granted to an adversary by a poor software implementation that does not erase the $Z$ coordinate of $P$ from the computer's memory or by a computationally-constrained secure token that sub-contracts the affine conversion of $P$ to the external world. \smallskip

From a wider perspective, our result proves that the choice of representation of elliptic curve points {\sl can reveal} information about their underlying discrete logarithms, hence casting potential doubt on the appropriateness of bli ndly modelling elliptic-curves as generic groups.

Bibtex entry.

Contact details

Publication Admin