[curves] Same Value Analysis on Edwards Curves
sneves at dei.uc.pt
Sun Jul 26 19:06:32 PDT 2015
On 27-07-2015 01:48, Tony Arcieri wrote:
> Seems targeted at sidechannels against the embedded / IoT scenario:
> Bold claim: "Our results indicate that no Edwards curve is safe from such
> an attacks."
This is a direct application of the COSADE 2012 SVA attack to Edwards curves. This kind of attack is defeated with most
standard countermeasures, such as scalar randomization.
The authors demonstrate that all _currently proposed_ curves have points conducive to mounting SVA attacks; as far as I
can tell no argument was made that _all_ Edwards curves have them. Even if this is the case, it would not be a big deal.
More information about the Curves