Cryptography Reference
In-Depth Information
9.7 Conclusion
The use of elliptic curves in cryptography has gained wide acceptance since it was
first proposed and has become a core component of many industry standards. This
can be attributed to the rich mathematical structure of elliptic curves that enables
novel applications and implementations, and to their apparent resistance to general
mathematical attacks.
However, elliptic curve cryptosystems are vulnerable, like other cryptosystems,
to side-channel attacks, which target the implementation weaknesses rather than the
mathematical structure. Similarly, they are vulnerable to the various classes of fault
analysis attacks, which include invalid-curve attacks, sign change attacks and attacks
on validation and dummy operations. The feasibility and effectiveness of a specific
fault attack depends on the properties of the implementation and the level of access
the attacker has. Some fault attacks are generic with relatively relaxed assumptions
and simple procedures, while others involve a sophisticated attacker and expensive
apparatus.
It is essential for designers to consider and evaluate the risk of fault attacks against
their implementations and implement the necessary countermeasures to defeat these
and other side-channel attacks. It is also important for them to consider the interac-
tions between countermeasures and attacks since a countermeasure of one attack can
enable another one.
