Solving Discrete Logarithms from Partial Knowledge of the Key

  • K. Gopalakrishnan
  • Nicolas Thériault
  • Chui Zhi Yao
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4859)


For elliptic curve based cryptosystems, the discrete logarithm problem must be hard to solve. But even when this is true from a mathematical point of view, side-channel attacks could be used to reveal information about the key if proper countermeasures are not used. In this paper, we study the difficulty of the discrete logarithm problem when partial information about the key is revealed by side channel attacks. We provide algorithms to solve the discrete logarithm problem for generic groups with partial knowledge of the key which are considerably better than using a square-root attack on the whole key or doing an exhaustive search using the extra information, under two different scenarios. In the first scenario, we assume that a sequence of contiguous bits of the key is revealed. In the second scenario, we assume that partial information on the “Square and Multiply Chain” is revealed.


Discrete Logarithm Problem Generic Groups Side Channel Attacks 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brier, É., Déchène, I., Joye, M.: Unified point addition formulæ for elliptic curve cryptosystems. In: Embedded Cryptographic Hardware: Methodologies and Architectures, pp. 247–256. Nova Science Publishers (2004)Google Scholar
  2. 2.
    Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Cheng, Q.: On the bounded sum-of-digits discrete logarithm problem in finite fields. SIAM J. Comput. 34(6), 1432–1442 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Gordon, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27, 129–146 (1998)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Cryptogr. 23(3), 283–290 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  8. 8.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Leadbitter, P.J., Page, D., Smart, N.P.: Attacking DSA under a repeated bits assumption. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 428–440. Springer, Heidelberg (2004)Google Scholar
  10. 10.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Inc., Boca Raton (1996)Google Scholar
  11. 11.
    Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptology 15(3), 151–176 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  12. 12.
    Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptogr. 30(2), 201–217 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Odlyzko, A.M.: Discrete logarithms: The past and the future. Designs, Codes and Cryptography 19, 129–145 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    Pohlig, S.C., Hellman, M.E.: An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory 24, 106–110 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Pollard, J.M.: Monte Carlo methods for index computation (mod p). Mathematics of Computation 32(143), 918–924 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Pollard, J.M.: Kangaroos, Monopoly and discrete logarithms. Journal of Cryptology 13(4), 437–447 (2000)zbMATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Quisquater, J.-J., Samyde, D.: Electromagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Schrijver, A.: Theory of Linear and Integer Programming. In: Wiley-Interscience Series in Discrete Mathematics, John Wiley & Sons, Chichester (1986)Google Scholar
  19. 19.
    Shanks, D.: Class number, a theory of factorization and genera. In: Proc. Symp. Pure Math., vol. 20, pp. 415–440 (1971)Google Scholar
  20. 20.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997)Google Scholar
  21. 21.
    Stebila, D., Thériault, N.: Unified point addition formulae and side-channel attacks. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 354–368. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Stinson, D.: Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. Math. Comp. 71(237), 379–391 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  23. 23.
    Teske, E.: Square-root algorithms for the discrete logarithm problem (a survey). In: Public-Key Cryptography and Computational Number Theory, pp. 283–301. Walter de Gruyter, Berlin (2001)Google Scholar
  24. 24.
    Walter, C.D.: Simple power analysis of unified code for ECC double and add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • K. Gopalakrishnan
    • 1
  • Nicolas Thériault
    • 2
  • Chui Zhi Yao
    • 3
  1. 1.Department of Computer Science, East Carolina University, Greenville, NC 27858 
  2. 2.Instituto de Matemática y Física, Universidad de Talca, Casilla 747, TalcaChile
  3. 3.Department of Mathematics, University of California - Riverside, CA 92521 

Personalised recommendations