Binary Edwards Curves for Intrinsically Secure ECC Implementations for the IoT

  title={Binary Edwards Curves for Intrinsically Secure ECC Implementations for the IoT},
  author={Antoine Loiseau and Jacques J. A. Fournier},
: Even if recent advances in public key cryptography tend to focus on algorithms able to survive the post quantum era. At present, there is a urgent need to propose fast, low power and securely implemented cryptography to address the immediate security challenges of the IoT. In this document, we present a new set of Binary Edwards Curves which have been defined to achieve the highest security levels (up to 284-bit security level) and whose parameters have been defined to fit IoT devices embedding… 

Tables from this paper

Hardware Implementation of Secure scalar multiplication Algorithm

This paper will first specify the elliptic curve parameters that are responsible for the optimization of the implementation of the scalar multiplication algorithm, then it will choose the most secure scalarmultiplication algorithm to be implemented for security applications.

A Survey on RISC-V Security: Hardware and Architecture

  • Tao Lu
  • Computer Science
  • 2021
An in-depth survey on RISC-V security technologies covers hardware and physical access security, hardware-assisted security units, ISA security extensions, memory protection, cryptographic primitives, and side-channel attack protection.

Survey: Vulnerability Analysis of Low-Cost ECC-Based RFID Protocols against Wireless and Side-Channel Attacks

This paper first reviews the most relevant ECC-based RFID authentication protocols, focusing on their security analysis and operational performances, and presents the most promising E CC-based protocols released during 2014–2021 by underlining their advantages and disadvantages.



Low-Resource and Fast Binary Edwards Curves Cryptography

This paper utilizes corrected mixed point addition and doubling formulas to achieve a secure, but still fast implementation of a point multiplication on binary Edwards curves.

Efficient implementation of elliptic curve cryptography in wireless sensors

The results strongly indicate that binary curves are the most efficient alternative for the implementation of elliptic curve cryptography in the MICAz Mote, a popular sensor platform.

Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation

This article shows how template attacks can be used to extract sufficient information to recover the mask and confirms that the described attack could be a serious threat for public key algorithms implemented on devices with small word size.

State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures

This paper can be used as a road map for countermeasure selection in a first design iteration of Elliptic Curve Cryptosystems and three principles of selecting countermeasures to thwart multiple attacks are given.

The Carry Leakage on the Randomized Exponent Countermeasure

It is shown that even though the binary exponentiation, or the scalar product on elliptic curves implementation, does not leak information on the secret key, the computation of the randomized secret exponent, or scalar, can leak useful information for an attacker.

Zero-Value Point Attacks on Elliptic Curve Cryptosystem

The zero-value point attack is proposed as an extension of Goubin’s attack and it is noted that this attack and the proposed attack assume that the base point P can be chosen by the attacker and the secret scalar d is fixed, so that they are not applicable to ECDSA signature generation.

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

  • P. Kocher
  • Computer Science, Mathematics
  • 1996
By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.

Fault Attack on Elliptic Curve Montgomery Ladder Implementation

It is shown how, with few faults, one can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks on elliptic curve scalar product algorithms.

Complete Addition Formulas for Prime Order Elliptic Curves

This paper presents optimized addition formulas that are complete on every prime order short Weierstrass curve defined over a field k with $$\mathrm{char}k \ne 2,3$$charki¾?2,3 and discusses how these formulas can be used to achieve secure, exception-free implementations on all of the prime order curves in the NIST and many other standards.

Horizontal Correlation Analysis on Exponentiation

A technique in which a single exponentiation curve is applied using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip, which cannot be prevented by exponent blinding.