Bilibili Tech
Jun 28, 2022 · Information Security
Code Branch Avoidance Techniques in SM2 Elliptic Curve Cryptographic Implementations
The article explains how data‑dependent branches in SM2 elliptic‑curve implementations leak secret keys via power, EM, and cache side‑channels, compares point addition and doubling, critiques Montgomery ladder timing leaks, and proposes a branch‑free select‑based scalar multiplication to achieve constant‑time security at some performance cost.
Montgomery LadderSM2 cryptographySide-Channel Attack
0 likes · 11 min read