Abstract
Invalid curve attacks are a well known attack class targeting elliptic curve arithmetic implementations. In such attacks, the adversary tricks the cryptographic device into carrying out scalar multiplications on a weaker curve instead of on the expected, secure curve. The original approach of Antipa et al., however, only affects elliptic curve implementations using addition and doubling formulas that are independent of at least one of the curve parameters. This property is satisfied for elliptic curves in Weierstrass form, but not newer, increasingly popular models such as (twisted) Edwards curves. It has, therefore, been suggested that invalid curve attacks would not be applicable against these alternate models. In this study, the authors demonstrate that this is not the case, and present the first attack of this nature against (twisted) Edwards curves, Jacobi quartics, Jacobi intersections, and more. They also extend the analysis to characteristic 2 models, namely binary Huff, Edwards, and Lambda coordinates. They also show that our result may be used constructively as a fault attack countermeasure inspired by Shamir's trick, particularly on curves over random base fields.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
