[curves] Same Value Analysis on Edwards Curves

Samuel Neves sneves at dei.uc.pt
Sun Jul 26 19:06:32 PDT 2015

On 27-07-2015 01:48, Tony Arcieri wrote:
> Seems targeted at sidechannels against the embedded / IoT scenario:
> https://eprint.iacr.org/2015/731.pdf
> Bold claim: "Our results indicate that no Edwards curve is safe from such
> an attacks."

This is a direct application of the COSADE 2012 SVA attack to Edwards curves. This kind of attack is defeated with most
standard countermeasures, such as scalar randomization.

The authors demonstrate that all _currently proposed_ curves have points conducive to mounting SVA attacks; as far as I
can tell no argument was made that _all_ Edwards curves have them. Even if this is the case, it would not be a big deal.

More information about the Curves mailing list