On 27-07-2015 01:48, Tony Arcieri wrote: > Seems targeted at sidechannels against the embedded / IoT scenario: > > https://eprint.iacr.org/2015/731.pdf > > Bold claim: "Our results indicate that no Edwards curve is safe from such > an attacks."
This is a direct application of the COSADE 2012 SVA attack to Edwards curves. This kind of attack is defeated with most standard countermeasures, such as scalar randomization. The authors demonstrate that all _currently proposed_ curves have points conducive to mounting SVA attacks; as far as I can tell no argument was made that _all_ Edwards curves have them. Even if this is the case, it would not be a big deal. _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
