File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Scopus: eid_2-s2.0-84872457195
- WOS: WOS:000311655500016
- Find via
Supplementary
- Citations:
- Appears in Collections:
Article: Fault attacks on hyperelliptic curve discrete logarithm problem over finite fields
Title | Fault attacks on hyperelliptic curve discrete logarithm problem over finite fields |
---|---|
Authors | |
Keywords | Cryptosystem Discrete logarithm Finite field Genus Hyperelliptic curve |
Issue Date | 2012 |
Citation | China Communications, 2012, v. 9, n. 11, p. 150-161 How to Cite? |
Abstract | In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice. |
Persistent Identifier | http://hdl.handle.net/10722/311935 |
ISSN | 2023 Impact Factor: 3.1 2023 SCImago Journal Rankings: 1.388 |
ISI Accession Number ID |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Wang, Mingqiang | - |
dc.contributor.author | Xue, Haiyang | - |
dc.contributor.author | Zhan, Tao | - |
dc.date.accessioned | 2022-04-06T04:31:48Z | - |
dc.date.available | 2022-04-06T04:31:48Z | - |
dc.date.issued | 2012 | - |
dc.identifier.citation | China Communications, 2012, v. 9, n. 11, p. 150-161 | - |
dc.identifier.issn | 1673-5447 | - |
dc.identifier.uri | http://hdl.handle.net/10722/311935 | - |
dc.description.abstract | In this paper, we present two explicit invalid-curve attacks on the genus 2 hyperelliptic curve over a finite field. First, we propose two explicit attack models by injecting a one-bit fault in a given divisor. Then, we discuss the construction of an invalid curve based on the faulted divisor. Our attacks are based on the fact that the Hyperelliptic Curve Scalar Multiplication (HECSM) algorithm does not utilize the curve parameters and We consider three hyperelliptic curves as the attack targets. For curve with security level 186 (in bits), our attack method can get the weakest invalid curve with security level 42 (in bits); there are 93 invalid curves with security level less than 50. We also estimate the theoretical probability of getting a weak hyperelliptic curve whose cardinality is a smooth integer. Finally, we show that the complexity of the fault attack is subexponential if the attacker can freely inject a fault in the input divisor. Cryptosystems based on the genus 2 hyperelliptic curves cannot work against our attack algorithm in practice. | - |
dc.language | eng | - |
dc.relation.ispartof | China Communications | - |
dc.subject | Cryptosystem | - |
dc.subject | Discrete logarithm | - |
dc.subject | Finite field | - |
dc.subject | Genus | - |
dc.subject | Hyperelliptic curve | - |
dc.title | Fault attacks on hyperelliptic curve discrete logarithm problem over finite fields | - |
dc.type | Article | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.scopus | eid_2-s2.0-84872457195 | - |
dc.identifier.volume | 9 | - |
dc.identifier.issue | 11 | - |
dc.identifier.spage | 150 | - |
dc.identifier.epage | 161 | - |
dc.identifier.isi | WOS:000311655500016 | - |