A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

  • Louis Goubin
Conference paper

DOI: 10.1007/3-540-36288-6_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2567)
Cite this paper as:
Goubin L. (2003) A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt Y.G. (eds) Public Key Cryptography — PKC 2003. PKC 2003. Lecture Notes in Computer Science, vol 2567. Springer, Berlin, Heidelberg


As Elliptic Curve Cryptosystems are becoming more and more popular and are included in many standards, an increasing demand has appeared for secure implementations that are not vulnerable to sidechannel attacks. To achieve this goal, several generic countermeasures against Power Analysis have been proposed in recent years.

In particular, to protect the basic scalar multiplication – on an elliptic curve — against Differential Power Analysis (DPA), it has often been recommended using “random projective coordinates”, “random elliptic curve isomorphisms” or “random field isomorphisms”. So far, these countermeasures have been considered by many authors as a cheap and secure way of avoiding the DPA attacks on the “scalar multiplication” primitive. However we show in the present paper that, for many elliptic curves, such a DPA-protection of the “scalar” multiplication is not suficient. In a chosen message scenario, a Power Analysis attack is still possible even if one of the three aforementioned countermeasures is used. We expose a new Power Analysis strategy that can be successful for a large class of elliptic curves, including most of the sample curves recommended by standard bodies such as ANSI, IEEE, ISO, NIST, SECG or WTLS.

This result means that the problem of randomizing the basepoint may be more difficult than expected and that “standard” techniques have still to be improved, which may also have an impact on the performances of the implementations.


Public-key cryptography Side-channel attacks Power Analysis Differential Power Analysis (DPA) Elliptic curves Smartcards 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Louis Goubin
    • 1
  1. 1.CP8 Crypto LabSchlumbergerSemaLouveciennes CedexFrance

Personalised recommendations