Degenerate Curve Attacks View Full Text


Ontology type: schema:Chapter     


Chapter Info

DATE

2016-02-18

AUTHORS

Samuel Neves , Mehdi Tibouchi

ABSTRACT

Invalid curve attacks are a well-known class of attacks against implementations of elliptic curve cryptosystems, in which an adversary tricks the cryptographic device into carrying out scalar multiplication not on the expected secure curve, but on some other, weaker elliptic curve of his choosing. In their original form, however, these attacks only affect elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is typically satisfied for elliptic curves in Weierstrass form but not for newer models that have gained increasing popularity in recent years, like Edwards and twisted Edwards curves. It has therefore been suggested (e.g. in the original paper on invalid curve attacks) that such alternate models could protect against those attacks.In this paper, we dispel that belief and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections and more. Our attack differs from invalid curve attacks proper in that the cryptographic device is tricked into carrying out a computation not on another elliptic curve, but on a group isomorphic to the multiplicative group of the underlying base field. This often makes it easy to recover the secret scalar with a single invalid computation.We also show how our result can be used constructively, especially on curves over random base fields, as a fault attack countermeasure similar to Shamir’s trick. More... »

PAGES

19-35

Identifiers

URI

http://scigraph.springernature.com/pub.10.1007/978-3-662-49387-8_2

DOI

http://dx.doi.org/10.1007/978-3-662-49387-8_2

DIMENSIONS

https://app.dimensions.ai/details/publication/pub.1017396235


Indexing Status Check whether this publication has been indexed by Scopus and Web Of Science using the SN Indexing Status Tool
Incoming Citations Browse incoming citations for this publication using opencitations.net

JSON-LD is the canonical representation for SciGraph data.

TIP: You can open this SciGraph record using an external JSON-LD service: JSON-LD Playground Google SDTT

[
  {
    "@context": "https://springernature.github.io/scigraph/jsonld/sgcontext.json", 
    "about": [
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/01", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Mathematical Sciences", 
        "type": "DefinedTerm"
      }, 
      {
        "id": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/0101", 
        "inDefinedTermSet": "http://purl.org/au-research/vocabulary/anzsrc-for/2008/", 
        "name": "Pure Mathematics", 
        "type": "DefinedTerm"
      }
    ], 
    "author": [
      {
        "affiliation": {
          "alternateName": "CISUC, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal", 
          "id": "http://www.grid.ac/institutes/grid.8051.c", 
          "name": [
            "CISUC, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Neves", 
        "givenName": "Samuel", 
        "id": "sg:person.011136377232.42", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011136377232.42"
        ], 
        "type": "Person"
      }, 
      {
        "affiliation": {
          "alternateName": "Okamoto Research Laboratory, NTT Secure Platform Laboratories, Musashino-shi, Japan", 
          "id": "http://www.grid.ac/institutes/grid.419819.c", 
          "name": [
            "Okamoto Research Laboratory, NTT Secure Platform Laboratories, Musashino-shi, Japan"
          ], 
          "type": "Organization"
        }, 
        "familyName": "Tibouchi", 
        "givenName": "Mehdi", 
        "id": "sg:person.015272455703.63", 
        "sameAs": [
          "https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015272455703.63"
        ], 
        "type": "Person"
      }
    ], 
    "datePublished": "2016-02-18", 
    "datePublishedReg": "2016-02-18", 
    "description": "Invalid curve attacks are a well-known class of attacks against implementations of elliptic curve cryptosystems, in which an adversary tricks the cryptographic device into carrying out scalar multiplication not on the expected secure curve, but on some other, weaker elliptic curve of his choosing. In their original form, however, these attacks only affect elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is typically satisfied for elliptic curves in Weierstrass form but not for newer models that have gained increasing popularity in recent years, like Edwards and twisted Edwards curves. It has therefore been suggested (e.g. in the original paper on invalid curve attacks) that such alternate models could protect against those attacks.In this paper, we dispel that belief and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections and more. Our attack differs from invalid curve attacks proper in that the cryptographic device is tricked into carrying out a computation not on another elliptic curve, but on a group isomorphic to the multiplicative group of the underlying base field. This often makes it easy to recover the secret scalar with a single invalid computation.We also show how our result can be used constructively, especially on curves over random base fields, as a fault attack countermeasure similar to Shamir\u2019s trick.", 
    "editor": [
      {
        "familyName": "Cheng", 
        "givenName": "Chen-Mou", 
        "type": "Person"
      }, 
      {
        "familyName": "Chung", 
        "givenName": "Kai-Min", 
        "type": "Person"
      }, 
      {
        "familyName": "Persiano", 
        "givenName": "Giuseppe", 
        "type": "Person"
      }, 
      {
        "familyName": "Yang", 
        "givenName": "Bo-Yin", 
        "type": "Person"
      }
    ], 
    "genre": "chapter", 
    "id": "sg:pub.10.1007/978-3-662-49387-8_2", 
    "isAccessibleForFree": false, 
    "isPartOf": {
      "isbn": [
        "978-3-662-49386-1", 
        "978-3-662-49387-8"
      ], 
      "name": "Public-Key Cryptography \u2013 PKC 2016", 
      "type": "Book"
    }, 
    "keywords": [
      "invalid curve attacks", 
      "cryptographic devices", 
      "elliptic curves", 
      "Edwards curves", 
      "elliptic curve cryptosystem", 
      "elliptic curve implementations", 
      "class of attacks", 
      "fault attack countermeasures", 
      "secure curve", 
      "Shamir\u2019s trick", 
      "invalid computation", 
      "attack countermeasures", 
      "secret scalar", 
      "scalar multiplication", 
      "base field", 
      "Weierstrass form", 
      "attacks", 
      "Jacobi quartics", 
      "computation", 
      "Jacobi intersections", 
      "implementation", 
      "group isomorphic", 
      "cryptosystem", 
      "multiplicative group", 
      "adversary", 
      "recent years", 
      "new model", 
      "tricks", 
      "devices", 
      "popularity", 
      "countermeasures", 
      "original form", 
      "curve parameters", 
      "model", 
      "multiplication", 
      "quartics", 
      "isomorphic", 
      "scalar", 
      "field", 
      "choosing", 
      "intersection", 
      "formula", 
      "curves", 
      "alternate model", 
      "first attack", 
      "class", 
      "parameters", 
      "form", 
      "properties", 
      "results", 
      "nature", 
      "Edwards", 
      "addition", 
      "years", 
      "beliefs", 
      "group", 
      "paper"
    ], 
    "name": "Degenerate Curve Attacks", 
    "pagination": "19-35", 
    "productId": [
      {
        "name": "dimensions_id", 
        "type": "PropertyValue", 
        "value": [
          "pub.1017396235"
        ]
      }, 
      {
        "name": "doi", 
        "type": "PropertyValue", 
        "value": [
          "10.1007/978-3-662-49387-8_2"
        ]
      }
    ], 
    "publisher": {
      "name": "Springer Nature", 
      "type": "Organisation"
    }, 
    "sameAs": [
      "https://doi.org/10.1007/978-3-662-49387-8_2", 
      "https://app.dimensions.ai/details/publication/pub.1017396235"
    ], 
    "sdDataset": "chapters", 
    "sdDatePublished": "2022-10-01T06:58", 
    "sdLicense": "https://scigraph.springernature.com/explorer/license/", 
    "sdPublisher": {
      "name": "Springer Nature - SN SciGraph project", 
      "type": "Organization"
    }, 
    "sdSource": "s3://com-springernature-scigraph/baseset/20221001/entities/gbq_results/chapter/chapter_396.jsonl", 
    "type": "Chapter", 
    "url": "https://doi.org/10.1007/978-3-662-49387-8_2"
  }
]
 

Download the RDF metadata as:  json-ld nt turtle xml License info

HOW TO GET THIS DATA PROGRAMMATICALLY:

JSON-LD is a popular format for linked data which is fully compatible with JSON.

curl -H 'Accept: application/ld+json' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-49387-8_2'

N-Triples is a line-based linked data format ideal for batch operations.

curl -H 'Accept: application/n-triples' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-49387-8_2'

Turtle is a human-readable linked data format.

curl -H 'Accept: text/turtle' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-49387-8_2'

RDF/XML is a standard XML format for linked data.

curl -H 'Accept: application/rdf+xml' 'https://scigraph.springernature.com/pub.10.1007/978-3-662-49387-8_2'


 

This table displays all metadata directly associated to this object as RDF triples.

141 TRIPLES      22 PREDICATES      81 URIs      74 LITERALS      7 BLANK NODES

Subject Predicate Object
1 sg:pub.10.1007/978-3-662-49387-8_2 schema:about anzsrc-for:01
2 anzsrc-for:0101
3 schema:author Nfb988119b89e42f392592914173cb492
4 schema:datePublished 2016-02-18
5 schema:datePublishedReg 2016-02-18
6 schema:description Invalid curve attacks are a well-known class of attacks against implementations of elliptic curve cryptosystems, in which an adversary tricks the cryptographic device into carrying out scalar multiplication not on the expected secure curve, but on some other, weaker elliptic curve of his choosing. In their original form, however, these attacks only affect elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is typically satisfied for elliptic curves in Weierstrass form but not for newer models that have gained increasing popularity in recent years, like Edwards and twisted Edwards curves. It has therefore been suggested (e.g. in the original paper on invalid curve attacks) that such alternate models could protect against those attacks.In this paper, we dispel that belief and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections and more. Our attack differs from invalid curve attacks proper in that the cryptographic device is tricked into carrying out a computation not on another elliptic curve, but on a group isomorphic to the multiplicative group of the underlying base field. This often makes it easy to recover the secret scalar with a single invalid computation.We also show how our result can be used constructively, especially on curves over random base fields, as a fault attack countermeasure similar to Shamir’s trick.
7 schema:editor N236fbc38ad5a434794d6352588da074e
8 schema:genre chapter
9 schema:isAccessibleForFree false
10 schema:isPartOf N5fea1e14b5b844c496eaf2e5581b249d
11 schema:keywords Edwards
12 Edwards curves
13 Jacobi intersections
14 Jacobi quartics
15 Shamir’s trick
16 Weierstrass form
17 addition
18 adversary
19 alternate model
20 attack countermeasures
21 attacks
22 base field
23 beliefs
24 choosing
25 class
26 class of attacks
27 computation
28 countermeasures
29 cryptographic devices
30 cryptosystem
31 curve parameters
32 curves
33 devices
34 elliptic curve cryptosystem
35 elliptic curve implementations
36 elliptic curves
37 fault attack countermeasures
38 field
39 first attack
40 form
41 formula
42 group
43 group isomorphic
44 implementation
45 intersection
46 invalid computation
47 invalid curve attacks
48 isomorphic
49 model
50 multiplication
51 multiplicative group
52 nature
53 new model
54 original form
55 paper
56 parameters
57 popularity
58 properties
59 quartics
60 recent years
61 results
62 scalar
63 scalar multiplication
64 secret scalar
65 secure curve
66 tricks
67 years
68 schema:name Degenerate Curve Attacks
69 schema:pagination 19-35
70 schema:productId N255d0ee0963349b18b29231a67ec9acd
71 N7a1f24f92586477b986f05b1339d534c
72 schema:publisher Nc8027d2334ef49ef92efb48f0d1c8669
73 schema:sameAs https://app.dimensions.ai/details/publication/pub.1017396235
74 https://doi.org/10.1007/978-3-662-49387-8_2
75 schema:sdDatePublished 2022-10-01T06:58
76 schema:sdLicense https://scigraph.springernature.com/explorer/license/
77 schema:sdPublisher Na6795c3619504a4f93c7dada993d48a9
78 schema:url https://doi.org/10.1007/978-3-662-49387-8_2
79 sgo:license sg:explorer/license/
80 sgo:sdDataset chapters
81 rdf:type schema:Chapter
82 N236fbc38ad5a434794d6352588da074e rdf:first N3d248cb41a7241949d85e13d6a1349f6
83 rdf:rest N6da1b0fae6af42a1be56a0850a720999
84 N255d0ee0963349b18b29231a67ec9acd schema:name dimensions_id
85 schema:value pub.1017396235
86 rdf:type schema:PropertyValue
87 N3d248cb41a7241949d85e13d6a1349f6 schema:familyName Cheng
88 schema:givenName Chen-Mou
89 rdf:type schema:Person
90 N5fea1e14b5b844c496eaf2e5581b249d schema:isbn 978-3-662-49386-1
91 978-3-662-49387-8
92 schema:name Public-Key Cryptography – PKC 2016
93 rdf:type schema:Book
94 N610e12fea9654724ae752b4eea99af65 schema:familyName Persiano
95 schema:givenName Giuseppe
96 rdf:type schema:Person
97 N6da1b0fae6af42a1be56a0850a720999 rdf:first Nd8048096fc2b4c66acd04aaf5cb6021a
98 rdf:rest Nab8f121f359747d2a69ded97066e206b
99 N70757832608048a3a742d1a4a8bf2c77 schema:familyName Yang
100 schema:givenName Bo-Yin
101 rdf:type schema:Person
102 N7a1f24f92586477b986f05b1339d534c schema:name doi
103 schema:value 10.1007/978-3-662-49387-8_2
104 rdf:type schema:PropertyValue
105 Na6795c3619504a4f93c7dada993d48a9 schema:name Springer Nature - SN SciGraph project
106 rdf:type schema:Organization
107 Nab8f121f359747d2a69ded97066e206b rdf:first N610e12fea9654724ae752b4eea99af65
108 rdf:rest Nd7c7be72ce3f4fdda63b8f17383ea23f
109 Nc743af6aab5240d18f1bbd2102db77e9 rdf:first sg:person.015272455703.63
110 rdf:rest rdf:nil
111 Nc8027d2334ef49ef92efb48f0d1c8669 schema:name Springer Nature
112 rdf:type schema:Organisation
113 Nd7c7be72ce3f4fdda63b8f17383ea23f rdf:first N70757832608048a3a742d1a4a8bf2c77
114 rdf:rest rdf:nil
115 Nd8048096fc2b4c66acd04aaf5cb6021a schema:familyName Chung
116 schema:givenName Kai-Min
117 rdf:type schema:Person
118 Nfb988119b89e42f392592914173cb492 rdf:first sg:person.011136377232.42
119 rdf:rest Nc743af6aab5240d18f1bbd2102db77e9
120 anzsrc-for:01 schema:inDefinedTermSet anzsrc-for:
121 schema:name Mathematical Sciences
122 rdf:type schema:DefinedTerm
123 anzsrc-for:0101 schema:inDefinedTermSet anzsrc-for:
124 schema:name Pure Mathematics
125 rdf:type schema:DefinedTerm
126 sg:person.011136377232.42 schema:affiliation grid-institutes:grid.8051.c
127 schema:familyName Neves
128 schema:givenName Samuel
129 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.011136377232.42
130 rdf:type schema:Person
131 sg:person.015272455703.63 schema:affiliation grid-institutes:grid.419819.c
132 schema:familyName Tibouchi
133 schema:givenName Mehdi
134 schema:sameAs https://app.dimensions.ai/discover/publication?and_facet_researcher=ur.015272455703.63
135 rdf:type schema:Person
136 grid-institutes:grid.419819.c schema:alternateName Okamoto Research Laboratory, NTT Secure Platform Laboratories, Musashino-shi, Japan
137 schema:name Okamoto Research Laboratory, NTT Secure Platform Laboratories, Musashino-shi, Japan
138 rdf:type schema:Organization
139 grid-institutes:grid.8051.c schema:alternateName CISUC, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal
140 schema:name CISUC, Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal
141 rdf:type schema:Organization
 




Preview window. Press ESC to close (or click here)


...