Affiliation:
1. , 3–9–11, Midori-cho, Musashino-shi, Tokyo, 180–8585, Japan
Abstract
AbstractIn a recent paper devoted to fault analysis of elliptic curve-based signature schemes, Takahashi et al. (TCHES 2018) described several attacks, one of which assumed an equidistribution property that can be informally stated as follows: given an elliptic curve E over 𝔽q in Weierstrass form and a large subgroup H ⊂ E(𝔽q) generated by G(xG, yG), the points in E(𝔽q) whose x-coordinates are obtained from xG by randomly flipping a fixed, sufficiently long substring of bits (and rejecting cases when the resulting value does not correspond to a point in E(𝔽q)) are close to uniformly distributed among the cosets modulo H. The goal of this note is to formally state, prove and quantify (a variant of) that property, and in particular establish sufficient bounds on the size of the subgroup and on the length of the substring of bits for it to hold. The proof relies on bounds for character sums on elliptic curves established by Kohel and Shparlinski (ANTS–IV).
Subject
Applied Mathematics,Computational Mathematics,Computer Science Applications
Reference16 articles.
1. New Bleichenbacher records: fault attacks on qDSA signatures;IACR Trans. Cryptogr. Hardw. Embed. Syst.,2018
2. Montgomery curves and their arithmetic;J. Cryptographic Engineering,2018
3. Speeding the Pollard and elliptic curve methods of factorization;Math. Comp.,1987