[cryptography] Fault attacks on Bitcoin's secp256k1
ondrej.mikle at nic.cz
Sun Jun 29 16:25:36 EDT 2014
Could anyone give an example what flaws a secp256k1 implementation needs to have
in order to succumb to the fault attack described in this tweet:
It mentions that an implementation is susceptible "unless the implementation
checks everything", but doesn't go into details.
I don't understand the fault attacks much, but IIRC it requires a raw point that
is not on the curve to enter an incorrectly written algorithm. I don't see where
the problematic raw point comes into play.
More information about the cryptography