Denis Réal scite author profile

Denis Réal

3Publications

90Citation Statements Received

34Citation Statements Given

How they've been cited

How they cite others

Affiliations

École Nationale de la Statistique et de l'Analyse de l'Information, Institut National des Sciences Appliquées de Rennes, Direction Générale de l'Armement

Publications

Order By: Most citations

Fault Attack on Elliptic Curve Montgomery Ladder Implementation

Fouque

Lercier

Réal

et al. 2008

View full text Add to dashboard Cite

In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the y-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, with few faults (around one or two faults), we can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks. It turns out that this attack has not been anticipated as the security of the elliptic curve parameters in most standards can be strongly reduced. Especially, the attack is meaningful on some NIST or SECG parameters.

show abstract

The Carry Leakage on the Randomized Exponent Countermeasure

Fouque

Réal

Valette³

et al.

View full text Add to dashboard Cite

Abstract. In this paper, we describe a new attack against a classical differential power analysis resistant countermeasure in public key implementations. This countermeasure has been suggested by Coron since 1999 and is known as the exponent randomization.Here, we show that even though the binary exponentiation, or the scalar product on elliptic curves implementation, does not leak information on the secret key, the computation of the randomized secret exponent, or scalar, can leak useful information for an attacker. Such part of the algorithm can be not well-protected since its goal is to avoid attack during the exponentiation. Consequently, our attack can be mounted against any kind of exponentiation, even very resistant as soon as the exponent randomization countermeasure is used. We target an -bit adder which adds -bit words of the secret exponent and of a random value. We show that if the carry leaks during the addition, then we can almost learn the high order bits of each word of the secret exponent. Finally, such information can be then used to recover the entire secret key of RSA or ECC based cryptosystems.

show abstract

Defeating Any Secret Cryptography with SCARE Attacks

Guilley

Sauvage

Micolod

et al. 2010

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Denis Réal

Fault Attack on Elliptic Curve Montgomery Ladder Implementation

The Carry Leakage on the Randomized Exponent Countermeasure

Defeating Any Secret Cryptography with SCARE Attacks

Contact Info

Product

Resources

About