Fault-Based Attack on Montgomery’s Ladder Algorithm

In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. An elliptic curve over the binary field is defined using two parameters, a and b . We show that with a different “value” for curve parameter a , there exists a cr...

Full description

Saved in:

Bibliographic Details
Published in	Journal of cryptology Vol. 24; no. 2; pp. 346 - 374
Main Authors	Dominguez-Oviedo, Agustin, Hasan, M. Anwar, Ansari, Bijan
Format	Journal Article
Language	English
Published	New York Springer-Verlag 01.04.2011 Springer Nature B.V
Subjects	Algorithms Coding and Information Theory Combinatorics Communications Engineering Computational Mathematics and Numerical Analysis Computer Science Cryptography Curves Embedded systems Multiplication Networks Parameters Probability Theory and Stochastic Processes Elliptic curve cryptography Fault-based attacks Montgomery ladder Scalar multiplication
Online Access	Get full text
ISSN	0933-2790 1432-1378 1432-1378
DOI	10.1007/s00145-010-9087-5

Cover

Abstract	In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. An elliptic curve over the binary field is defined using two parameters, a and b . We show that with a different “value” for curve parameter a , there exists a cryptographically weaker group in nine of the ten NIST-recommended elliptic curves over . Thereafter, we present two attacks that are based on the observation that parameter a is not utilized for the Montgomery ladder algorithms proposed by López and Dahab (CHES 1999: Cryptographic Hardware and Embedded Systems, LNCS, vol. 1717, pp. 316–327, Springer, Berlin, 1999 ). We also present the probability of success of such attacks for general and NIST-recommended elliptic curves. In addition we give some countermeasures to resist these attacks.
AbstractList	In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. An elliptic curve over the binary field is defined using two parameters, a and b . We show that with a different “value” for curve parameter a , there exists a cryptographically weaker group in nine of the ten NIST-recommended elliptic curves over . Thereafter, we present two attacks that are based on the observation that parameter a is not utilized for the Montgomery ladder algorithms proposed by López and Dahab (CHES 1999: Cryptographic Hardware and Embedded Systems, LNCS, vol. 1717, pp. 316–327, Springer, Berlin, 1999 ). We also present the probability of success of such attacks for general and NIST-recommended elliptic curves. In addition we give some countermeasures to resist these attacks. In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. An elliptic curve over the binary field is defined using two parameters, a and b. We show that with a different “value” for curve parameter a, there exists a cryptographically weaker group in nine of the ten NIST-recommended elliptic curves over . Thereafter, we present two attacks that are based on the observation that parameter a is not utilized for the Montgomery ladder algorithms proposed by López and Dahab (CHES 1999: Cryptographic Hardware and Embedded Systems, LNCS, vol. 1717, pp. 316–327, Springer, Berlin, 1999). We also present the probability of success of such attacks for general and NIST-recommended elliptic curves. In addition we give some countermeasures to resist these attacks.
Author	Ansari, Bijan Dominguez-Oviedo, Agustin Hasan, M. Anwar
Author_xml	– sequence: 1 givenname: Agustin surname: Dominguez-Oviedo fullname: Dominguez-Oviedo, Agustin organization: Department of Mechatronics, ITESM Campus Queretaro – sequence: 2 givenname: M. Anwar surname: Hasan fullname: Hasan, M. Anwar email: ahasan@ece.uwaterloo.ca organization: Department of Electrical and Computer Engineering, University of Waterloo – sequence: 3 givenname: Bijan surname: Ansari fullname: Ansari, Bijan organization: Qualcomm Inc
BookMark	eNqNkMFKAzEQhoNUsFYfwNuC5-gkaTa7x1qsChUveg7TTbZu3W5qkkV68zV8PZ_ELVsQBMXTXP7vn_nmmAwa11hCzhhcMAB1GQDYWFJgQHPIFJUHZMjGglMmVDYgQ8iFoFzlcESOQ1h1aSWVGBI5w7aO9AqDNckkRixeEtck966JS7e2fvv5_hGSORpjfTKpl85X8Xl9Qg5LrIM93c8ReZpdP05v6fzh5m46mdNCyDzSwig0KUcuyzFPM8tKixwMFosMUYDiC5MyA5wZBqhSmzIBC6YKyHMJhuViRHjf2zYb3L5hXeuNr9bot5qB3onrXlx34nonrmUHnffQxrvX1oaoV671TXen5iJTivFUQZdifarwLgRvy381qx9MUUWMVfcsj1X9J7kXCd2WZmn9902_Q18RnYnX
CitedBy_id	crossref_primary_10_1007_s11432_013_5048_6
Cites_doi	10.1109/TIT.1985.1057074 10.1007/3-540-44709-1_12 10.1007/3-540-36288-6_16 10.1090/S0025-5718-1987-0866109-5 10.1007/3-540-36400-5_2 10.1109/TDSC.2008.21 10.1090/S0025-5718-1987-0866113-7 10.1109/FDTC.2007.17 10.1109/FDTC.2008.15 10.1109/FDTC.2008.17 10.1007/s00145-001-0011-x 10.1007/s001450010016 10.1109/IOLTS.2009.5196010 10.1109/TIT.1978.1055817 10.1016/S1071-5797(02)00013-8 10.1007/3-540-44598-6_8 10.1007/11889700_4 10.1007/PL00003816 10.1109/18.259647 10.1145/359340.359342 10.1007/BF02351717 10.1007/s10623-003-1160-8 10.1109/TIT.1976.1055638 10.1090/S0025-5718-98-00887-4 10.1007/BF00196725 10.1007/3-540-45664-3_24 10.1090/S0025-5718-99-01119-9 10.1090/S0025-5718-1987-0890272-3 10.1112/S1461157000000723 10.1007/978-3-642-56755-1_13
ContentType	Journal Article
Copyright	International Association for Cryptologic Research 2010 International Association for Cryptologic Research 2010.
Copyright_xml	– notice: International Association for Cryptologic Research 2010 – notice: International Association for Cryptologic Research 2010.
DBID	AAYXX CITATION JQ2 ADTOC UNPAY
DOI	10.1007/s00145-010-9087-5
DatabaseName	CrossRef ProQuest Computer Science Collection Unpaywall for CDI: Periodical Content Unpaywall
DatabaseTitle	CrossRef ProQuest Computer Science Collection
DatabaseTitleList	ProQuest Computer Science Collection
Database_xml	– sequence: 1 dbid: UNPAY name: Unpaywall url: https://proxy.k.utb.cz/login?url=https://unpaywall.org/ sourceTypes: Open Access Repository
DeliveryMethod	fulltext_linktorsrc
Discipline	Education Computer Science
EISSN	1432-1378
EndPage	374
ExternalDocumentID	10.1007/s00145-010-9087-5 10_1007_s00145_010_9087_5
GroupedDBID	-4Z -59 -5G -BR -EM -Y2 -~C -~X .4S .86 .DC .VR 06D 0R~ 0VY 199 1N0 1SB 203 28- 29K 2J2 2JN 2JY 2KG 2KM 2LR 2P1 2VQ 2~H 3-Y 30V 4.4 406 408 409 40D 40E 5GY 5QI 5VS 67Z 6NX 6TJ 78A 8TC 8UJ 95- 95. 95~ 96X AABHQ AACDK AAHNG AAIAL AAJBT AAJKR AANZL AAOBN AARHV AARTL AASML AATNV AATVU AAUYE AAWCG AAYIU AAYQN AAYTO AAYZH ABAKF ABBBX ABBXA ABDZT ABECU ABFTD ABFTV ABHLI ABHQN ABJNI ABJOX ABKCH ABKTR ABMNI ABMQK ABNWP ABQBU ABQSL ABSXP ABTEG ABTHY ABTKH ABTMW ABULA ABWNU ABXPI ACAOD ACBXY ACDTI ACGFS ACHSB ACHXU ACIWK ACKNC ACMDZ ACMLO ACOKC ACOMO ACPIV ACSNA ACZOJ ADHHG ADHIR ADIMF ADINQ ADKNI ADKPE ADMLS ADRFC ADTPH ADURQ ADYFF ADZKW AEBTG AEFIE AEFQL AEGAL AEGNC AEJHL AEJRE AEKMD AEMSY AENEX AEOHA AEPYU AESKC AETLH AEVLU AEXYK AFBBN AFEXP AFGCZ AFLOW AFQWF AFWTZ AFZKB AGAYW AGDGC AGGDS AGJBK AGMZJ AGQEE AGQMX AGRTI AGWIL AGWZB AGYKE AHAVH AHBYD AHKAY AHSBF AHYZX AIAKS AIGIU AIIXL AILAN AITGF AJBLW AJRNO AJZVZ ALMA_UNASSIGNED_HOLDINGS ALWAN AMKLP AMXSW AMYLF AMYQR AOCGG ARCSS ARMRJ ASPBG AVWKF AXYYD AYJHY AZFZN B-. BA0 BBWZM BDATZ BGNMA BSONS CAG COF CS3 CSCUP D-I DDRTE DL5 DNIVK DPUIP DU5 EBLON EBS EDO EIOEI EIS EJD ESBYG FEDTE FERAY FFXSO FIGPU FINBP FNLPD FRRFC FSGXE FWDCC GGCAI GGRSB GJIRD GNWQR GQ6 GQ7 GQ8 GXS H13 HF~ HG5 HG6 HMJXF HQYDN HRMNR HVGLF HZ~ I-F I09 IHE IJ- IKXTQ ITM IWAJR IXC IZIGR IZQ I~X I~Z J-C J0Z JBSCW JCJTX JZLTJ KDC KOV KOW LAS LLZTM M4Y MA- N2Q N9A NB0 NDZJH NPVJJ NQJWS NU0 O9- O93 O9G O9I O9J OAM P19 P2P P9O PF0 PT4 PT5 QOK QOS R4E R89 R9I RHV RIG RNI RNS ROL RPX RSV RZK S16 S1Z S26 S27 S28 S3B SAP SCJ SCLPG SCO SDH SDM SHX SISQX SJYHP SNE SNPRN SNX SOHCF SOJ SPISZ SRMVM SSLCW STPWE SZN T13 T16 TN5 TSG TSK TSV TUC TUS U2A UG4 UOJIU UTJUX UZXMN VC2 VFIZW VXZ W23 W48 WK8 YLTOR Z45 Z7R Z7X Z81 Z83 Z88 Z8M Z8R Z8U Z8W Z92 ZMTXR ~EX AAPKM AAYXX ABBRH ABDBE ABFSG ABRTQ ACSTC ADHKG ADKFA AEZWR AFDZB AFHIU AFOHR AGQPQ AHPBZ AHWEU AIXLP ATHPR AYFIA CITATION JQ2 ADTOC UNPAY
ID	FETCH-LOGICAL-c359t-cd7ad62a25f4268e1fea20dacb8aa3072bd61d021d10a76e6130b17c09950d193
IEDL.DBID	U2A
ISSN	0933-2790 1432-1378
IngestDate	Tue Aug 19 21:33:58 EDT 2025 Wed Sep 17 23:59:40 EDT 2025 Thu Apr 24 23:11:55 EDT 2025 Wed Oct 01 04:42:50 EDT 2025 Fri Feb 21 02:32:45 EST 2025
IsDoiOpenAccess	true
IsOpenAccess	true
IsPeerReviewed	true
IsScholarly	true
Issue	2
Keywords	Elliptic curve cryptography Fault-based attacks Montgomery ladder Scalar multiplication
Language	English
LinkModel	DirectLink
MergedId	FETCHMERGED-LOGICAL-c359t-cd7ad62a25f4268e1fea20dacb8aa3072bd61d021d10a76e6130b17c09950d193
Notes	ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 14
OpenAccessLink	https://proxy.k.utb.cz/login?url=https://link.springer.com/content/pdf/10.1007/s00145-010-9087-5.pdf
PQID	2387712670
PQPubID	2043756
PageCount	29
ParticipantIDs	unpaywall_primary_10_1007_s00145_010_9087_5 proquest_journals_2387712670 crossref_primary_10_1007_s00145_010_9087_5 crossref_citationtrail_10_1007_s00145_010_9087_5 springer_journals_10_1007_s00145_010_9087_5
ProviderPackageCode	CITATION AAYXX
PublicationCentury	2000
PublicationDate	2011-04-01
PublicationDateYYYYMMDD	2011-04-01
PublicationDate_xml	– month: 04 year: 2011 text: 2011-04-01 day: 01
PublicationDecade	2010
PublicationPlace	New York
PublicationPlace_xml	– name: New York
PublicationTitle	Journal of cryptology
PublicationTitleAbbrev	J Cryptol
PublicationYear	2011
Publisher	Springer-Verlag Springer Nature B.V
Publisher_xml	– name: Springer-Verlag – name: Springer Nature B.V
References	Gaudry, Hess, Smart (CR18) 2002; 15 Joye, Yen (CR20) 2002 Boneh, DeMillo, Lipton (CR5) 2001; 14 Frey (CR16) 2001 Hankerson, Menezes, Vanstone (CR19) 2003 López, Dahab (CR22) 1999 Rück (CR34) 1987; 49 Domínguez-Oviedo, Hasan (CR10) 2009; 6 CR13 Pohlig, Hellman (CR29) 1978; 24 Miller (CR26) 1986 CR32 Satoh, Araki (CR35) 1998; 47 Ciet, Joye (CR7) 2005; 36 Blömer, Otto, Seifert (CR4) 2006 Biehl, Meyer, Müller (CR3) 2000 Pollard (CR30) 1978; 32 Fouque, Lercier, Réal, Valette (CR14) 2008 Menezes, van Oorschot, Vanstone (CR25) 2001 Schnorr (CR37) 1991; 4 Montgomery (CR27) 1987; 48 Rivest, Shamir, Adleman (CR33) 1978; 21 CR2 Pontarelli, Cardarilli, Re, Salsano (CR31) 2009 Satoh, Skjernaa, Taguchi (CR36) 2003; 9 Brier, Joye (CR6) 2002 Gallant, Lambert, Vanstone (CR17) 2000; 69 Antipa, Brown, Menezes, Struik, Vanstone (CR1) 2003 CR9 Francq, Rigaud, Manet, Tria, Tisserand (CR15) 2008 Menezes, Okamoto, Vanstone (CR24) 1993; 39 Skiribogatov, Anderson (CR41) 2002 Diffie, Hellman (CR8) 1976; 22 Schoof (CR38) 1985; 44 Shanks (CR40) 1971 Feige, Fiat, Shamir (CR12) 1988; 1 Koblitz (CR21) 1987; 48 ElGamal (CR11) 1985; 31 Okeya, Sakurai (CR28) 2001 Semaev (CR39) 1998; 67 van Oorschot, Wiener (CR43) 1999; 12 Stern, Joshi, Wu, Karri (CR42) 2007 Maurer, Menezes, Teske (CR23) 2002; 5 A. Menezes (9087_CR24) 1993; 39 R. Schoof (9087_CR38) 1985; 44 D. Shanks (9087_CR40) 1971 M. Joye (9087_CR20) 2002 D. Boneh (9087_CR5) 2001; 14 A. Antipa (9087_CR1) 2003 T. Satoh (9087_CR35) 1998; 47 T. Satoh (9087_CR36) 2003; 9 M. Maurer (9087_CR23) 2002; 5 K. Okeya (9087_CR28) 2001 D. Hankerson (9087_CR19) 2003 A. Domínguez-Oviedo (9087_CR10) 2009; 6 N. Koblitz (9087_CR21) 1987; 48 T. ElGamal (9087_CR11) 1985; 31 9087_CR32 9087_CR9 V.S. Miller (9087_CR26) 1986 S. Skiribogatov (9087_CR41) 2002 P.-A. Fouque (9087_CR14) 2008 R. Stern (9087_CR42) 2007 H.-G. Rück (9087_CR34) 1987; 49 G. Frey (9087_CR16) 2001 9087_CR13 R. Gallant (9087_CR17) 2000; 69 J. López (9087_CR22) 1999 P. Gaudry (9087_CR18) 2002; 15 W. Diffie (9087_CR8) 1976; 22 J. Blömer (9087_CR4) 2006 I. Biehl (9087_CR3) 2000 E. Brier (9087_CR6) 2002 P.L. Montgomery (9087_CR27) 1987; 48 9087_CR2 A. Menezes (9087_CR25) 2001 M. Ciet (9087_CR7) 2005; 36 U. Feige (9087_CR12) 1988; 1 I.A. Semaev (9087_CR39) 1998; 67 J. Francq (9087_CR15) 2008 S. Pohlig (9087_CR29) 1978; 24 C.-P. Schnorr (9087_CR37) 1991; 4 J.M. Pollard (9087_CR30) 1978; 32 S. Pontarelli (9087_CR31) 2009 R.L. Rivest (9087_CR33) 1978; 21 P.C. van Oorschot (9087_CR43) 1999; 12
References_xml	– volume: 31 start-page: 469 issue: 4 year: 1985 end-page: 472 ident: CR11 article-title: A public key cryptosystem and a signature scheme based on discrete logarithms publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1985.1057074 – start-page: 126 year: 2001 end-page: 141 ident: CR28 article-title: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the -coordinate on a Montgomery-form elliptic curve publication-title: CHES 2001: Cryptographic Hardware and Embedded Systems doi: 10.1007/3-540-44709-1_12 – start-page: 211 year: 2003 end-page: 223 ident: CR1 article-title: Validation of elliptic curve public keys publication-title: PKC 2003: Public Key Cryptography doi: 10.1007/3-540-36288-6_16 – ident: CR2 – volume: 48 start-page: 203 year: 1987 end-page: 209 ident: CR21 article-title: Elliptic curve cryptosystems publication-title: Math. Comput. doi: 10.1090/S0025-5718-1987-0866109-5 – start-page: 2 year: 2002 end-page: 12 ident: CR41 article-title: Optical fault induction attacks publication-title: CHES 2002: Cryptographic Hardware and Embedded Systems doi: 10.1007/3-540-36400-5_2 – volume: 6 start-page: 175 year: 2009 end-page: 187 ident: CR10 article-title: Error detection and fault tolerance in ECSM using input randomization publication-title: IEEE Trans. Dependable Secure Comput. doi: 10.1109/TDSC.2008.21 – start-page: 417 year: 1986 end-page: 426 ident: CR26 article-title: Use of elliptic curves in cryptography publication-title: CRYPTO 1985: Advances in Cryptology – volume: 48 start-page: 243 year: 1987 end-page: 264 ident: CR27 article-title: Speeding the Pollard and elliptic curve methods of factorization publication-title: Math. Comput. doi: 10.1090/S0025-5718-1987-0866113-7 – start-page: 112 year: 2007 end-page: 119 ident: CR42 article-title: Register transfer level concurrent error detection in elliptic curve crypto implementations publication-title: FDTC ’07: Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography doi: 10.1109/FDTC.2007.17 – start-page: 92 year: 2008 end-page: 98 ident: CR14 article-title: Fault attack on elliptic curve Montgomery ladder implementation publication-title: Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography doi: 10.1109/FDTC.2008.15 – start-page: 415 year: 1971 end-page: 440 ident: CR40 article-title: Class number, a theory of factorization, and genera publication-title: Proceedings of the Symposium in Pure Mathematics – start-page: 77 year: 2008 end-page: 86 ident: CR15 article-title: Error detection for borrow-save adders dedicated to ECC unit publication-title: FDTC ’08: Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography doi: 10.1109/FDTC.2008.17 – volume: 15 start-page: 19 issue: 1 year: 2002 end-page: 46 ident: CR18 article-title: Constructive and destructive facets of Weil descent on elliptic curves publication-title: J. Cryptol. doi: 10.1007/s00145-001-0011-x – volume: 14 start-page: 101 issue: 2 year: 2001 end-page: 119 ident: CR5 article-title: On the importance of eliminating errors in cryptographic computations publication-title: J. Cryptol. doi: 10.1007/s001450010016 – start-page: 291 year: 2002 end-page: 302 ident: CR20 article-title: The Montgomery powering ladder publication-title: CHES 2002 – start-page: 192 year: 2009 end-page: 194 ident: CR31 article-title: Error detection in addition chain based ECC point multiplication publication-title: IEEE International On-Line Testing Symposium doi: 10.1109/IOLTS.2009.5196010 – volume: 24 start-page: 106 year: 1978 end-page: 110 ident: CR29 article-title: An improved algorithm for computing logarithms over ( ) and its cryptographic significance publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1978.1055817 – start-page: 128 year: 2001 end-page: 161 ident: CR16 article-title: Applications of arithmetical geometry to cryptographic constructions publication-title: Proceedings of the Fifth International Conference on Finite Fields and Applications – volume: 49 start-page: 301 issue: 179 year: 1987 end-page: 304 ident: CR34 article-title: A note on elliptic curves over finite fields publication-title: Math. Comput. – volume: 9 start-page: 89 year: 2003 end-page: 101 ident: CR36 article-title: Fast computation of canonical lifts of elliptic curves and its application to point counting publication-title: Finite Fields Appl. doi: 10.1016/S1071-5797(02)00013-8 – volume: 44 start-page: 483 issue: 170 year: 1985 end-page: 494 ident: CR38 article-title: Elliptic curves over finite fields and the computation of square roots mod publication-title: Math. Comput. – start-page: 131 year: 2000 end-page: 146 ident: CR3 article-title: Differential fault attacks on elliptic curve cryptosystems publication-title: CRYPTO 2000: Advances in Cryptology doi: 10.1007/3-540-44598-6_8 – start-page: 36 year: 2006 end-page: 42 ident: CR4 article-title: Sign change attacks on elliptic curve cryptosystems publication-title: FDTC 2005: Fault Diagnosis and Tolerance in Cryptography doi: 10.1007/11889700_4 – year: 2001 ident: CR25 publication-title: Handbook of Applied Cryptography – volume: 12 start-page: 1 issue: 1 year: 1999 end-page: 28 ident: CR43 article-title: Parallel collision search with cryptanalytic applications publication-title: J. Cryptol. doi: 10.1007/PL00003816 – ident: CR13 – volume: 39 start-page: 1639 issue: 5 year: 1993 end-page: 1646 ident: CR24 article-title: Reducing elliptic curve logarithms to logarithms in a finite field publication-title: IEEE Trans. Inf. Theory doi: 10.1109/18.259647 – volume: 21 start-page: 120 issue: 2 year: 1978 end-page: 126 ident: CR33 article-title: A method for obtaining digital signatures and public-key cryptosystems publication-title: Commun. ACM doi: 10.1145/359340.359342 – volume: 1 start-page: 77 issue: 2 year: 1988 end-page: 94 ident: CR12 article-title: Zero-knowledge proofs of identity publication-title: J. Cryptol. doi: 10.1007/BF02351717 – volume: 47 start-page: 81 year: 1998 end-page: 92 ident: CR35 article-title: Fermat quotients and the polynomial time discrete log algorithm for anomalous elliptic curves publication-title: Comment. Math. Univ. St. Pauli – ident: CR9 – volume: 69 start-page: 1699 issue: 232 year: 2000 end-page: 1705 ident: CR17 article-title: Improving the parallelized Pollard lambda search on anomalous binary curves publication-title: Math. Comput. – start-page: 316 year: 1999 end-page: 327 ident: CR22 article-title: Fast multiplication on elliptic curves over (2 ) without precomputation publication-title: CHES 1999: Cryptographic Hardware and Embedded Systems – ident: CR32 – volume: 36 start-page: 33 issue: 1 year: 2005 end-page: 43 ident: CR7 article-title: Elliptic curve cryptosystems in the presence of permanent and transient faults publication-title: Des. Codes Cryptogr. doi: 10.1007/s10623-003-1160-8 – volume: 22 start-page: 644 issue: 6 year: 1976 end-page: 654 ident: CR8 article-title: New directions in cryptography publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1976.1055638 – volume: 67 start-page: 353 year: 1998 end-page: 356 ident: CR39 article-title: Evaluation of discrete logarithms in a group of -torsion points of an elliptic curve in characteristic publication-title: Math. Comput. doi: 10.1090/S0025-5718-98-00887-4 – volume: 4 start-page: 161 issue: 3 year: 1991 end-page: 174 ident: CR37 article-title: Efficient signature generation by smart cards publication-title: J. Cryptol. doi: 10.1007/BF00196725 – volume: 5 start-page: 127 year: 2002 end-page: 174 ident: CR23 article-title: Analysis of the GHS Weil descent attack on the ECDLP over characteristic two finite fields of composite degree publication-title: LMS J. Comput. Math. – year: 2003 ident: CR19 publication-title: Guide to Elliptic Curve Cryptography – start-page: 335 year: 2002 end-page: 345 ident: CR6 article-title: Weierstraß elliptic curves and side-channel attacks publication-title: Public Key Cryptography doi: 10.1007/3-540-45664-3_24 – volume: 32 start-page: 918 year: 1978 end-page: 924 ident: CR30 article-title: Monte Carlo methods for index computation (mod ) publication-title: Math. Comput. – ident: 9087_CR2 – start-page: 2 volume-title: CHES 2002: Cryptographic Hardware and Embedded Systems year: 2002 ident: 9087_CR41 doi: 10.1007/3-540-36400-5_2 – volume: 44 start-page: 483 issue: 170 year: 1985 ident: 9087_CR38 publication-title: Math. Comput. – volume: 67 start-page: 353 year: 1998 ident: 9087_CR39 publication-title: Math. Comput. doi: 10.1090/S0025-5718-98-00887-4 – volume: 21 start-page: 120 issue: 2 year: 1978 ident: 9087_CR33 publication-title: Commun. ACM doi: 10.1145/359340.359342 – start-page: 415 volume-title: Proceedings of the Symposium in Pure Mathematics year: 1971 ident: 9087_CR40 – start-page: 77 volume-title: FDTC ’08: Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography year: 2008 ident: 9087_CR15 doi: 10.1109/FDTC.2008.17 – volume: 39 start-page: 1639 issue: 5 year: 1993 ident: 9087_CR24 publication-title: IEEE Trans. Inf. Theory doi: 10.1109/18.259647 – volume-title: Handbook of Applied Cryptography year: 2001 ident: 9087_CR25 – ident: 9087_CR13 – volume: 22 start-page: 644 issue: 6 year: 1976 ident: 9087_CR8 publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1976.1055638 – volume: 69 start-page: 1699 issue: 232 year: 2000 ident: 9087_CR17 publication-title: Math. Comput. doi: 10.1090/S0025-5718-99-01119-9 – start-page: 417 volume-title: CRYPTO 1985: Advances in Cryptology year: 1986 ident: 9087_CR26 – volume: 14 start-page: 101 issue: 2 year: 2001 ident: 9087_CR5 publication-title: J. Cryptol. doi: 10.1007/s001450010016 – volume: 47 start-page: 81 year: 1998 ident: 9087_CR35 publication-title: Comment. Math. Univ. St. Pauli – volume: 48 start-page: 243 year: 1987 ident: 9087_CR27 publication-title: Math. Comput. doi: 10.1090/S0025-5718-1987-0866113-7 – start-page: 126 volume-title: CHES 2001: Cryptographic Hardware and Embedded Systems year: 2001 ident: 9087_CR28 doi: 10.1007/3-540-44709-1_12 – start-page: 112 volume-title: FDTC ’07: Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography year: 2007 ident: 9087_CR42 doi: 10.1109/FDTC.2007.17 – volume: 6 start-page: 175 year: 2009 ident: 9087_CR10 publication-title: IEEE Trans. Dependable Secure Comput. doi: 10.1109/TDSC.2008.21 – volume-title: Guide to Elliptic Curve Cryptography year: 2003 ident: 9087_CR19 – ident: 9087_CR32 – volume: 31 start-page: 469 issue: 4 year: 1985 ident: 9087_CR11 publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1985.1057074 – volume: 48 start-page: 203 year: 1987 ident: 9087_CR21 publication-title: Math. Comput. doi: 10.1090/S0025-5718-1987-0866109-5 – volume: 9 start-page: 89 year: 2003 ident: 9087_CR36 publication-title: Finite Fields Appl. doi: 10.1016/S1071-5797(02)00013-8 – start-page: 36 volume-title: FDTC 2005: Fault Diagnosis and Tolerance in Cryptography year: 2006 ident: 9087_CR4 doi: 10.1007/11889700_4 – start-page: 316 volume-title: CHES 1999: Cryptographic Hardware and Embedded Systems year: 1999 ident: 9087_CR22 – volume: 32 start-page: 918 year: 1978 ident: 9087_CR30 publication-title: Math. Comput. – volume: 36 start-page: 33 issue: 1 year: 2005 ident: 9087_CR7 publication-title: Des. Codes Cryptogr. doi: 10.1007/s10623-003-1160-8 – volume: 4 start-page: 161 issue: 3 year: 1991 ident: 9087_CR37 publication-title: J. Cryptol. doi: 10.1007/BF00196725 – start-page: 131 volume-title: CRYPTO 2000: Advances in Cryptology year: 2000 ident: 9087_CR3 doi: 10.1007/3-540-44598-6_8 – start-page: 192 volume-title: IEEE International On-Line Testing Symposium year: 2009 ident: 9087_CR31 doi: 10.1109/IOLTS.2009.5196010 – volume: 49 start-page: 301 issue: 179 year: 1987 ident: 9087_CR34 publication-title: Math. Comput. doi: 10.1090/S0025-5718-1987-0890272-3 – start-page: 92 volume-title: Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography year: 2008 ident: 9087_CR14 doi: 10.1109/FDTC.2008.15 – volume: 5 start-page: 127 year: 2002 ident: 9087_CR23 publication-title: LMS J. Comput. Math. doi: 10.1112/S1461157000000723 – start-page: 128 volume-title: Proceedings of the Fifth International Conference on Finite Fields and Applications year: 2001 ident: 9087_CR16 doi: 10.1007/978-3-642-56755-1_13 – volume: 24 start-page: 106 year: 1978 ident: 9087_CR29 publication-title: IEEE Trans. Inf. Theory doi: 10.1109/TIT.1978.1055817 – start-page: 335 volume-title: Public Key Cryptography year: 2002 ident: 9087_CR6 doi: 10.1007/3-540-45664-3_24 – volume: 12 start-page: 1 issue: 1 year: 1999 ident: 9087_CR43 publication-title: J. Cryptol. doi: 10.1007/PL00003816 – start-page: 291 volume-title: CHES 2002 year: 2002 ident: 9087_CR20 – ident: 9087_CR9 – start-page: 211 volume-title: PKC 2003: Public Key Cryptography year: 2003 ident: 9087_CR1 doi: 10.1007/3-540-36288-6_16 – volume: 1 start-page: 77 issue: 2 year: 1988 ident: 9087_CR12 publication-title: J. Cryptol. doi: 10.1007/BF02351717 – volume: 15 start-page: 19 issue: 1 year: 2002 ident: 9087_CR18 publication-title: J. Cryptol. doi: 10.1007/s00145-001-0011-x
SSID	ssj0017573
Score	1.9357206
Snippet	In this paper we present invalid-curve attacks that apply to the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. An elliptic curve...
SourceID	unpaywall proquest crossref springer
SourceType	Open Access Repository Aggregation Database Enrichment Source Index Database Publisher
StartPage	346
SubjectTerms	Algorithms Coding and Information Theory Combinatorics Communications Engineering Computational Mathematics and Numerical Analysis Computer Science Cryptography Curves Embedded systems Multiplication Networks Parameters Probability Theory and Stochastic Processes
SummonAdditionalLinks	– databaseName: Unpaywall dbid: UNPAY link: http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3NThsxEB5BOAAHaKGI0LTaAyciJ7ve9Tp7DBERqlrUQyOF08prO4BYNlFwhODEa_B6PEnH-wdUVVDVs722PGN7vvXMfANwyAIqA5uNY5lcSKCERxC1RsSlmmpBmVA5qc-Ps_B0FHwbs_EKDKpcmDzavXJJFjkNlqUpM92ZmnTrxDeL7G3QmUsiF08J62DrKqyFDAF5A9ZGZz_75znLnq1UxvOXFgQGlHg-71W-zb-N89Y6vUDO2ku6CeuLbCbu70SavjJEw21Q1RKK-JPrzsIkHfnwB7vjf67xA2yVQNXpFzvrI6zobMfWeC7jQXaBDcUiNeQYzaBy-sYIee1MMwcvCXMxvdHz--fHp1vnu73Z5k4_vZjOr8zlzScYDU9-DU5JWYSBSJ9FhkjFUV8U1TZBY97T3gRV6Cohk54QeEHQRIWeQqSgPFfwUNv_kcTjEpEncxXCwz1oZNNM74MTTHBF0lcMMVAg_J6gCZfcYzrifiIj3QS3En4sS4ZyWygjjWtu5VwmMcoktjKJWROO6k9mBT3Hss6tSqNxeVJvY4QsnHs05G4T2pVSXpqXDNauN8L7Ux_8U-_PsFE8XdsAoRY0zHyhvyD2McnXcm__BvPu9pQ priority: 102 providerName: Unpaywall
Title	Fault-Based Attack on Montgomery’s Ladder Algorithm
URI	https://link.springer.com/article/10.1007/s00145-010-9087-5 https://www.proquest.com/docview/2387712670 https://link.springer.com/content/pdf/10.1007/s00145-010-9087-5.pdf
UnpaywallVersion	publishedVersion
Volume	24
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
journalDatabaseRights	– providerCode: PRVEBS databaseName: Inspec with Full Text customDbUrl: eissn: 1432-1378 dateEnd: 20241101 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: ADMLS dateStart: 19960301 isFulltext: true titleUrlDefault: https://www.ebsco.com/products/research-databases/inspec-full-text providerName: EBSCOhost – providerCode: PRVLSH databaseName: SpringerLink Journals customDbUrl: mediaType: online eissn: 1432-1378 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: AFBBN dateStart: 19880101 isFulltext: true providerName: Library Specific Holdings – providerCode: PRVAVX databaseName: SpringerLINK - Czech Republic Consortium customDbUrl: eissn: 1432-1378 dateEnd: 99991231 omitProxy: false ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: AGYKE dateStart: 19970101 isFulltext: true titleUrlDefault: http://link.springer.com providerName: Springer Nature – providerCode: PRVAVX databaseName: SpringerLink Journals (ICM) customDbUrl: eissn: 1432-1378 dateEnd: 99991231 omitProxy: true ssIdentifier: ssj0017573 issn: 0933-2790 databaseCode: U2A dateStart: 19970101 isFulltext: true titleUrlDefault: http://www.springerlink.com/journals/ providerName: Springer Nature
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8JAEJ4oHNSDD9SIIunBk6RJu3RZeqwGJD6IB0ng1Gx3FzSWQqDEcPNv-Pf8Jc5CWzQxGI9Nu9Pkm52dr50XwAV1iHB0NY7u5GI6ktsmslbXtIgiihPK5aKpz0O71uo4t13aTeq4p2m2exqSXJzUWbGbZvM60cwyXQstg25CnupuXriJO8TLQgeMLsPKrh5SxtwslPmbiJ_OaMUws6DoDmzNojGfv_Ew_OZ3mvuwmxBGw1tq-AA2VFSAvXQYg5HYZkGPX05SNQ6BNvksjM0r9FDS8OKYi1djFBlov_FgNFST-ef7x9S414fOxPDCwWjyEj8Pj6DTbDxdt8xkPoIpqtSNTSEZQkkQ0T762bqy-4iuJbkI6pyj7ZJA1myJTlzaFmc1pT8VApsJJIXUksjcjiEXjSJ1AobTR2REVVKkJw6v1jkJmGA2VS6rBsJVRbBSoHyRNA_XMyxCP2t7vMDWR2x9ja1Pi3CZLRkvO2ese7iUou8nRjT1kU0wZpMas4pQSTWyur1GWCVT2t-vPv2X7DPYXv5V1rk7JcjFk5k6R1oSB2XIeze9u0Z5sR3xqtN-9HpfNwHX8g
linkProvider	Springer Nature
linkToHtml	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1LT8JAEJ4oHtCD-Iz47MGTpqZduiw9ohFR0BMkemq2u4saazGwxODJv-Hf85c4Sx-oMRrPbafdmdmZbzsvgH3qEeGZahzTycX2JHdtRK2-7RBFFCeUy0lTn8urarPrXVzT67SOe5hlu2chyYmlzovdDJo3iWaO7Tu4M-gszHl4PiEFmKuf3bRO8-ABo0lg2TdjypifBzN_IvLVHU0xZh4WXYDiKH7i42ceRZ88T6MEneybk4STh6ORDo_Ey7d2jv9c1BIspkjUqieqswwzKl6BUjblwUo3_YqZ65zmgKwCbfBRpO1jdH3SqmvNxYPVjy00DPq2_6gG4_fXt6HVNtZsYNWj2_7gXt89rkG3cdo5adrp4AVbVKivbSEZyoigqHrowGvK7aHYHMlFWOMcjQIJZdWViA6k63BWVeYMErpMINqkjkRIuA6FuB-rDbC8Hi5QVCRF3OPxSo2TkAnmUuWzSih8VQYn438g0q7kZjhGFOT9lCcsCpBFgWFRQMtwkD_ylLTk-O3m7UyoQbo7hwHCFMZcUmVOGQ4zuUwv_0LsMNeFv1-9-S_ae1Bsdi7bQfv8qrUF88mva5MgtA0FPRipHcQ-OtxNdf0DLAL0WQ
linkToPdf	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV3JTsMwEB1BkVgO7IhCgRw4gSISN66bY1kqllJxoBK3yLHdgkjTqnWFeuM3-D2-hHGzFCRUxDnJRHr2eF4yM28AjqlHhGe6cYySi-1J7trIWn3bIYooTiiXE1Gf-2bluuXdPtGndM7pMKt2z1KSSU-DUWmK9Vlfts_yxjfD7E3RmWP7DnoJnYcFz-gk4IZukVqeRmA0STH7ZmAZ8_O05m8mfgamKdvME6QrsDSK-3z8xqPoWwyqr8NqSh6tWrLaGzCn4k1YywYzWKmfbppRzGnZxhbQOh9F2j7HaCWtmtZcvFq92EJf1p1eVw3Gn-8fQ6thDqCBVYs6vcGLfu5uQ6t-9XhxbaezEmxRpr62hWQIK0F02xhzq8ptI9KO5CKsco5-TEJZcSUGdOk6nFWU-WwIXSaQIFJHIovbgULci9UuWF4bkRFlSZGqeLxc5SRkgrlU-awcCl8VwcmACkQqJG7mWURBLoE8wTZAbAODbUCLcJI_0k9UNGbdXMrQD1KHGgbILBhzSYU5RTjNVmR6eYax03zR_n713r9sH8Hiw2U9aNw07_ZhOfnZbEp6SlDQg5E6QLaiw8PJjvwCu4Xb1g
linkToUnpaywall	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwpV3NThsxEB5BOAAHaKGI0LTaAyciJ7ve9Tp7DBERqlrUQyOF08prO4BYNlFwhODEa_B6PEnH-wdUVVDVs722PGN7vvXMfANwyAIqA5uNY5lcSKCERxC1RsSlmmpBmVA5qc-Ps_B0FHwbs_EKDKpcmDzavXJJFjkNlqUpM92ZmnTrxDeL7G3QmUsiF08J62DrKqyFDAF5A9ZGZz_75znLnq1UxvOXFgQGlHg-71W-zb-N89Y6vUDO2ku6CeuLbCbu70SavjJEw21Q1RKK-JPrzsIkHfnwB7vjf67xA2yVQNXpFzvrI6zobMfWeC7jQXaBDcUiNeQYzaBy-sYIee1MMwcvCXMxvdHz--fHp1vnu73Z5k4_vZjOr8zlzScYDU9-DU5JWYSBSJ9FhkjFUV8U1TZBY97T3gRV6Cohk54QeEHQRIWeQqSgPFfwUNv_kcTjEpEncxXCwz1oZNNM74MTTHBF0lcMMVAg_J6gCZfcYzrifiIj3QS3En4sS4ZyWygjjWtu5VwmMcoktjKJWROO6k9mBT3Hss6tSqNxeVJvY4QsnHs05G4T2pVSXpqXDNauN8L7Ux_8U-_PsFE8XdsAoRY0zHyhvyD2McnXcm__BvPu9pQ
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Fault-Based+Attack+on+Montgomery%E2%80%99s+Ladder+Algorithm&rft.jtitle=Journal+of+cryptology&rft.au=Dominguez-Oviedo%2C+Agustin&rft.au=Anwar%2C+Hasan+M&rft.au=Ansari+Bijan&rft.date=2011-04-01&rft.pub=Springer+Nature+B.V&rft.issn=0933-2790&rft.eissn=1432-1378&rft.volume=24&rft.issue=2&rft.spage=346&rft.epage=374&rft_id=info:doi/10.1007%2Fs00145-010-9087-5&rft.externalDBID=NO_FULL_TEXT
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0933-2790&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0933-2790&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0933-2790&client=summon