{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T14:59:53Z","timestamp":1771513193801,"version":"3.50.1"},"reference-count":58,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2013,10,23]],"date-time":"2013-10-23T00:00:00Z","timestamp":1382486400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2013,11]]},"DOI":"10.1007\/s13389-013-0062-6","type":"journal-article","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T10:53:26Z","timestamp":1382439206000},"page":"241-265","source":"Crossref","is-referenced-by-count":22,"title":["A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards"],"prefix":"10.1007","volume":"3","author":[{"given":"Jean-Luc","family":"Danger","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sylvain","family":"Guilley","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Philippe","family":"Hoogvorst","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"C\u00e9dric","family":"Murdica","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"David","family":"Naccache","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,10,23]]},"reference":[{"key":"62_CR1","doi-asserted-by":"crossref","unstructured":"Akishita, T., Takagi, T.: Zero-value point attacks on elliptic curve cryptosystem. In: Proceedings of ISC\u201903, LNCS, vol. 2851. Springer, pp. 218\u2013233 (2003)","DOI":"10.1007\/10958513_17"},{"key":"62_CR2","doi-asserted-by":"crossref","unstructured":"Amiel, F., Villegas, K., Feix, B., Marcel, L.: Passive and active combined attacks: combining fault attacks and side channel analysis. In: Proceedings of FDTC\u201907, IEEE Computer Society, pp. 92\u2013102","DOI":"10.1109\/FDTC.2007.12"},{"key":"62_CR3","unstructured":"Bajard, J.C.: An RNS montgomery modular multiplication algorithm. J. IEEE Trans. Comput \u201998 47, 766\u2013776 (1998)"},{"key":"62_CR4","doi-asserted-by":"crossref","unstructured":"Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer\u2019s apprentice guide to fault attacks. In: Proceedings of IEEE\u201906, vol. 94, pp. 370\u2013382 (2006)","DOI":"10.1109\/JPROC.2005.862424"},{"key":"62_CR5","doi-asserted-by":"crossref","unstructured":"Bauer, A., Jaulmes, \u00c9., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Proceedings of CT-RSA\u201913, LNCS, vol. 7779. Springer, Berlin, pp. 1\u201317 (2013)","DOI":"10.1007\/978-3-642-36095-4_1"},{"key":"62_CR6","doi-asserted-by":"crossref","unstructured":"Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Proceedings of CRYPTO\u201986, LNCS, vol. 263. Springer, Berlin, pp. 311\u2013323 (1987)","DOI":"10.1007\/3-540-47721-7_24"},{"key":"62_CR7","doi-asserted-by":"crossref","unstructured":"Boscher, A., Handschuh, H., Trichina, E.: Blinded fault resistant exponentiation revisited. In: Proceedings of FDTC\u201909, IEEE, pp. 3\u20139 (2009)","DOI":"10.1109\/FDTC.2009.31"},{"key":"62_CR8","doi-asserted-by":"crossref","unstructured":"Biehl, I., Meyer, B., M\u00fcller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Proceedings of CRYPTO\u201900, LNCS, vol. 1880. Springer, Berlin, pp. 131\u2013146 (2000)","DOI":"10.1007\/3-540-44598-6_8"},{"key":"62_CR9","doi-asserted-by":"crossref","unstructured":"Bl\u00f6mer, J., Otto, M., Seifert, J.-P.: Sign change fault attacks on elliptic curve cryptosystems. In: Proceedings of FDTC\u201906, LNCS, vol. 4236. Springer, New York, pp. 36\u201352 (2006)","DOI":"10.1007\/11889700_4"},{"key":"62_CR10","doi-asserted-by":"crossref","unstructured":"Brier, E., Joye, M.: Weierstra\u00df elliptic curves and side-channel attacks. In: Proceedings of PKC\u201902, LNCS, vol. 2274. Springer, New York, pp. 335\u2013345 (2002)","DOI":"10.1007\/3-540-45664-3_24"},{"key":"62_CR11","doi-asserted-by":"crossref","unstructured":"Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Proceedings of CHES\u201902, LNCS, vol. 2523. Springer, New York, pp. 13\u201328 (2003)","DOI":"10.1007\/3-540-36400-5_3"},{"issue":"6","key":"62_CR12","first-page":"460","volume":"53","author":"B Chevallier-Mames","year":"2004","unstructured":"Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. J. IEEE Trans. Comput.\u201904 53(6), 460\u2013468 (2004)","journal-title":"J. IEEE Trans. Comput.\u201904"},{"key":"62_CR13","doi-asserted-by":"crossref","unstructured":"Ciet, M., Joye, M.: (Virtually) free randomization techniques for elliptic curve cryptography. In: Proceedings of ICIS\u201903, LNCS, vol. 2836. Springer, New York, pp. 348\u2013359 (2003)","DOI":"10.1007\/978-3-540-39927-8_32"},{"issue":"1","key":"62_CR14","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1007\/s10623-003-1160-8","volume":"36","author":"M Ciet","year":"2005","unstructured":"Ciet, M., Joye, M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. J. Des. Codes Cryptogr.\u201905 36(1), 33\u201343 (2005)","journal-title":"J. Des. Codes Cryptogr.\u201905"},{"key":"62_CR15","doi-asserted-by":"crossref","unstructured":"Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Proceedings of ICIS\u201910, LNCS, vol. 6476. Springer, New York, pp. 46\u201361 (2010)","DOI":"10.1007\/978-3-642-17650-0_5"},{"key":"62_CR16","doi-asserted-by":"crossref","unstructured":"Clavier, C., Joye, M.: Universal exponentiation algorithm. In: Proceedings of CHES\u201901, LNCS, vol. 2162. Springer, New York, pp. 300\u2013308 (2001)","DOI":"10.1007\/3-540-44709-1_25"},{"key":"62_CR17","doi-asserted-by":"crossref","unstructured":"Cohen, H., Miyaji, A., Ono, T.: Efficient elliptic curve exponentiation using mixed coordinates. In: Proceedings of ASIACRYPT\u201998, LNCS, vol. 1514. Springer, New York, pp. 51\u201365 (1998)","DOI":"10.1007\/3-540-49649-1_6"},{"key":"62_CR18","doi-asserted-by":"crossref","unstructured":"Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Proceedings of CHES\u201999, LNCS, vol. 1717. Springer, New York, pp. 292\u2013302 (1999)","DOI":"10.1007\/3-540-48059-5_25"},{"key":"62_CR19","doi-asserted-by":"crossref","unstructured":"Danger, J.-L., Guilley, S., Hoogvorst, P., Murdica, C., Naccache, D.: Low-cost countermeasure against RPA. In: Proceedings of CARDIS\u201912, LNCS, vol. 7771. Springer, Berlin, pp. 106\u2013122 (2013)","DOI":"10.1007\/978-3-642-37288-9_8"},{"key":"62_CR20","doi-asserted-by":"crossref","unstructured":"Fan, J., Gierliches, B., Vercauteren, F.: To infinity and beyond: combined attack on (ECC) using points of low order. In: Proceedings of CHES\u201911, LNCS, vol. 6917. Springer, Berlin, pp. 143\u2013159 (2011)","DOI":"10.1007\/978-3-642-23951-9_10"},{"key":"62_CR21","doi-asserted-by":"crossref","unstructured":"Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B., Verbauwhede, I.: State-of-the-art of secure (ECC) implementations: a survey on known side-channel attacks and countermeasures. In: Proceedings of HOST\u201910, IEEEE, pp. 76\u201387 (2010)","DOI":"10.1109\/HST.2010.5513110"},{"key":"62_CR22","doi-asserted-by":"crossref","unstructured":"Fan, J., Verbauwhede, I.: An updated survey on secure (ECC) implementations: attacks, countermeasures and cost. Cryptography and security: from theory to applications, LNCS, vol. 6805. Springer, New York, pp. 265\u2013282 (2012)","DOI":"10.1007\/978-3-642-28368-0_18"},{"key":"62_CR23","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., Lercier, R., R\u00e9al, D., Valette, F.: Fault attack on elliptic curve Montgomery ladder implementation. In: Proceedings of FDTC\u201908, IEEE Computer Society, pp. 92\u201398 (2008)","DOI":"10.1109\/FDTC.2008.15"},{"key":"62_CR24","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., R\u00e9al, D., Valette, F., Drissi, M.: The Carry leakage on the randomized exponent countermeasure. In: Proceedings of CHES\u201908, LNCS, vol. 5154. Springer, New York, pp. 198\u2013213 (2008)","DOI":"10.1007\/978-3-540-85053-3_13"},{"key":"62_CR25","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., Valette, F.: The doubling attack\u2014why upwards is better than downwards. In: Proceedings of CHES\u201903, LNCS, vol. 2779. Springer, New York, pp. 269\u2013280 (2003)","DOI":"10.1007\/978-3-540-45238-6_22"},{"issue":"9","key":"62_CR26","doi-asserted-by":"crossref","first-page":"1116","DOI":"10.1109\/TC.2006.135","volume":"55","author":"C Giraud","year":"2006","unstructured":"Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. J. IEEE Trans. Comput.\u201906 55(9), 1116\u20131120 (2006)","journal-title":"J. IEEE Trans. Comput.\u201906"},{"key":"62_CR27","doi-asserted-by":"crossref","unstructured":"Giraud, C., Verneuil, V.: Atomicity improvement for elliptic curve scalar multiplication. In: Proceedings of CARDIS\u201910, LNCS, vol. 6035. Springer, Berlin, pp. 80\u2013101 (2010)","DOI":"10.1007\/978-3-642-12510-2_7"},{"key":"62_CR28","doi-asserted-by":"crossref","unstructured":"Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: Proceedings of PKC\u201903, LNCS, vol. 2567. Springer, Berlin, pp. 199\u2013210 (2002)","DOI":"10.1007\/3-540-36288-6_15"},{"key":"62_CR29","doi-asserted-by":"crossref","unstructured":"Goundar, R.R., Joye, M., Miyaji, A.: Co-Z addition formulae and binary ladders on elliptic curves\u2014extended abstract. In: Proceedings of CHES\u201910, LNCS, vol. 6225. Springer, Berlin, pp. 65\u201379 (2010)","DOI":"10.1007\/978-3-642-15031-9_5"},{"issue":"2","key":"62_CR30","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1007\/s13389-011-0012-0","volume":"1","author":"RR Goundar","year":"2011","unstructured":"Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstra\u00df elliptic curves from Co- $$Z$$ Z arithmetic. J. Cryptogr. Eng.\u201911 1(2), 161\u2013176 (2011)","journal-title":"J. Cryptogr. Eng.\u201911"},{"key":"62_CR31","doi-asserted-by":"crossref","unstructured":"Hachez, G., Quisquater, J.-J.: Montgomery exponentiation with no final subtractions: improved results. In: Proceedings of CHES\u201900, LNCS, vol. 1965. Springer, New York, pp. 293\u2013301 (2000)","DOI":"10.1007\/3-540-44499-8_23"},{"issue":"3","key":"62_CR32","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1023\/A:1011214926272","volume":"23","author":"N Howgrave-Graham","year":"2001","unstructured":"Howgrave-Graham, N., Smart, N.: Lattice attacks on digital signature schemes. J. Des. Codes Cryptogr.\u201901 23(3), 283\u2013290 (2001)","journal-title":"J. Des. Codes Cryptogr.\u201901"},{"key":"62_CR33","doi-asserted-by":"crossref","unstructured":"Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Proceedings of CHES\u201902, LNCS, vol. 2523. Springer, Berlin, pp. 129\u2013143 (2003)","DOI":"10.1007\/3-540-36400-5_11"},{"key":"62_CR34","doi-asserted-by":"crossref","unstructured":"Itoh, K., Izu, T., Takenaka, M.: A practical countermeasure against address-bit differential power analysis. In: Proceedings of CHES\u201903, LNCS, vol. 2779. Springer, Berlin, pp. 382\u2013396 (2003)","DOI":"10.1007\/978-3-540-45238-6_30"},{"key":"62_CR35","doi-asserted-by":"crossref","unstructured":"Itoh, K., Izu, T., Takenaka, M.: Efficient countermeasures against power analysis for elliptic curve cryptosystems. In: CARDIS\u201904, Kluwer, Dordrecht, pp. 99\u2013114 (2004)","DOI":"10.1007\/1-4020-8147-2_7"},{"key":"62_CR36","doi-asserted-by":"crossref","unstructured":"Izu, T., M\u00f6ller, B., Takagi, T.: Improved elliptic curve multiplication methods resistant against side channel attacks. In: Proceedings of INDOCRYPT\u201902, LNCS, vol. 2551. Springer, New York, pp. 296\u2013313 (2002)","DOI":"10.1007\/3-540-36231-2_24"},{"key":"62_CR37","doi-asserted-by":"crossref","unstructured":"Izumi, M., Ikegami, J., Sakiyama, K., Ohta, K.: Improved countermeasure against address-bit DPA for (ECC) scalar multiplication. DATE\u201910, IEEE, pp. 981\u2013984 (2010)","DOI":"10.1109\/DATE.2010.5456907"},{"key":"62_CR38","doi-asserted-by":"crossref","unstructured":"Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography. In: Proceedings of CHES\u201901, LNCS, vol. 2162. Springer, Berlin, pp. 377\u2013390 (2001)","DOI":"10.1007\/3-540-44709-1_31"},{"key":"62_CR39","doi-asserted-by":"crossref","unstructured":"Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: Proceedings of CHES\u201902, LNCS, vol. 2162. Springer, Berlin, pp. 291\u2013302 (2003)","DOI":"10.1007\/3-540-36400-5_22"},{"issue":"177","key":"62_CR40","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1090\/S0025-5718-1987-0866109-5","volume":"48","author":"N Koblitz","year":"1987","unstructured":"Koblitz, N.: Elliptic curve cryptosystems. J. Math. Comput.\u201987 48(177), 203\u2013209 (1987)","journal-title":"J. Math. Comput.\u201987"},{"key":"62_CR41","doi-asserted-by":"crossref","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie\u2013Hellman, RSA, DSS, and other systems. In: Proceedings of CRYPTO\u201996, LNCS, vol. 1109. Springer, Berlin, pp. 104\u2013113 (1996)","DOI":"10.1007\/3-540-68697-5_9"},{"key":"62_CR42","doi-asserted-by":"crossref","unstructured":"Mamiya, H., Miyaji, A., Morimoto, H.: Efficient countermeasures against RPA, DPA, and SPA. In: Proceedings of CHES\u201904, LNCS, vol. 3156. Springer, Berlin, pp. 343\u2013356 (2004)","DOI":"10.1007\/978-3-540-28632-5_25"},{"key":"62_CR43","doi-asserted-by":"crossref","unstructured":"Miller, V.S.: Use of elliptic curves in cryptography. In: Proceedings of CRYPTO\u201985, LNCS, vol. 218. Springer, New York, pp. 417\u2013426 (1985)","DOI":"10.1007\/3-540-39799-X_31"},{"key":"62_CR44","doi-asserted-by":"crossref","unstructured":"Medwed, M., Oswald, E.: Template attacks on ECDSA. In: Proceedings of WISA\u201908, LNCS, vol. 5379. Springer, Berlin, pp. 14\u201327 (2009)","DOI":"10.1007\/978-3-642-00306-6_2"},{"key":"62_CR45","doi-asserted-by":"crossref","unstructured":"Meloni, N.: New point addition formulae for (ECC) applications. In: Proceedings of WAIFI\u201907, LNCS, vol. 4547. Springer, Berlin, pp. 189\u2013201 (2007)","DOI":"10.1007\/978-3-540-73074-3_15"},{"issue":"170","key":"62_CR46","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1090\/S0025-5718-1985-0777282-X","volume":"44","author":"PL Montgomery","year":"1985","unstructured":"Montgomery, P.L.: Modular multiplication without trial division. J. Math. Comput.\u201985 44(170), 519\u2013521 (1985)","journal-title":"J. Math. Comput.\u201985"},{"key":"62_CR47","doi-asserted-by":"crossref","unstructured":"Murdica, C., Guilley, S., Danger, J.-L., Hoogvorst, P., Naccache, D.: Same values power analysis using special points on elliptic curves. In: Proceedings of COSADE\u201912, LNCS, vol. 7275. Springer, Berlin, pp. 183\u2013198 (2012)","DOI":"10.1007\/978-3-642-29912-4_14"},{"key":"62_CR48","doi-asserted-by":"crossref","unstructured":"Muller, F., Valette, F.: High-order attacks against the exponent splitting protection. In: Proceedings of PKC\u201906, LNCS, vol. 3958. Springer, New York, pp. 315\u2013329 (2006)","DOI":"10.1007\/11745853_21"},{"key":"62_CR49","unstructured":"Dominguez-Oviedo, A., Hansan, M.A.: Algorithm-level error detection for Montgomery ladder-based ecsm. J. Cryptogr. Eng.\u201911 1(1), 57\u201369 (2011)"},{"key":"62_CR50","doi-asserted-by":"crossref","unstructured":"Sato, H., Schepers, D., Takagi, T.: Exact analysis of Montgomery multiplication. In: Proceedings of INDOCRYPT\u201904, LNCS, vol. 3348. Springer, Berlin, pp. 290\u2013304 (2004)","DOI":"10.1007\/978-3-540-30556-9_23"},{"key":"62_CR51","doi-asserted-by":"crossref","unstructured":"Stebila, D., Th\u00e9riault, N.: Unified point addition formulae and side-channel attacks. In: Proceedings of CHES\u201906, LNCS, vol. 4249. Springer, Berlin, pp. 354\u2013368 (2006)","DOI":"10.1007\/11894063_28"},{"key":"62_CR52","unstructured":"Shanks, D.: Class number, a theory of factorization and genera. Proc. Symp. Pure Math.\u201971 20, 415\u2013440 (1971)"},{"key":"62_CR53","doi-asserted-by":"crossref","unstructured":"Trichina, E. Bellezza, A.: Implementation of elliptic curve cryptography with built-in counter measures against side channel attacks. In: Proceedings of CHES\u201902, LNCS, vol. 2523. Springer, Berlin, pp. 98\u2013113 (2002)","DOI":"10.1007\/3-540-36400-5_9"},{"key":"62_CR54","unstructured":"Verneuil, V.: Cryptographie \u00e0 base de courbes elliptiques et s\u00e9curit\u00e9 de composants embarqu\u00e9s. Ph.D. thesis, Universit\u00e9 de Bordeaux (2012)"},{"key":"62_CR55","doi-asserted-by":"crossref","unstructured":"Walter, C.D.: Sliding windows succumbs to big mac attack. In: Proceedings of CHES\u201901, LNCS, vol. 2162. Springer, Berlin, pp. 286\u2013299 (2001)","DOI":"10.1007\/3-540-44709-1_24"},{"key":"62_CR56","doi-asserted-by":"crossref","unstructured":"Walter, C.D.: Montgomery\u2019s multiplication technique: how to make it smaller and faster. In: Proceedings of CHES\u201999, LNCS, vol. 1717. Springer, Berlin, pp. 80\u201393 (1999)","DOI":"10.1007\/3-540-48059-5_9"},{"key":"62_CR57","doi-asserted-by":"crossref","unstructured":"Walter, C.D.: Simple power analysis of unified code for (ECC) double and add. In: Proceedings of CHES\u201904, LNCS, vol. 3156. Springer, Berlin, pp. 191\u2013204 (2004)","DOI":"10.1007\/978-3-540-28632-5_14"},{"issue":"9","key":"62_CR58","doi-asserted-by":"crossref","first-page":"967","DOI":"10.1109\/12.869328","volume":"49","author":"S-M Yen","year":"2000","unstructured":"Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. J. IEEE Trans. Comput.\u201900 49(9), 967\u2013970 (2000)","journal-title":"J. IEEE Trans. Comput.\u201900"}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-013-0062-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s13389-013-0062-6\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-013-0062-6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T17:49:34Z","timestamp":1746035374000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s13389-013-0062-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,10,23]]},"references-count":58,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,11]]}},"alternative-id":["62"],"URL":"https:\/\/doi.org\/10.1007\/s13389-013-0062-6","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,10,23]]}}}