---
_id: '65535'
abstract:
- lang: eng
  text: '<jats:p>Side-channel attacks on elliptic curve cryptography (ECC) often assume
    a white-box attacker who has detailed knowledge of the implementation choices
    taken by the target implementation. Due to the complex and layered nature of ECC,
    there are many choices that a developer makes to obtain a functional and interoperable
    implementation. These include the curve model, coordinate system, addition formulas,
    and the scalar multiplier, or lower-level details such as the finite-field multiplication
    algorithm. This creates a gap between the attack requirements and a real-world
    attacker that often only has black-box access to the target – i.e., has no access
    to the source code nor knowledge of specific implementation choices made. Yet,
    when the gap is closed, even real-world implementations of ECC succumb to side-channel
    attacks, as evidenced by attacks such as TPM-Fail, Minerva, the Side Journey to
    Titan, or TPMScan [MSE+20; JSS+20; RLM+21; SDB+24].We study this gap by first
    analyzing open-source ECC libraries for insight into realworld implementation
    choices. We then examine the space of all ECC implementations combinatorially.
    Finally, we present a set of novel methods for automated reverse engineering of
    black-box ECC implementations and release a documented and usable open-source
    toolkit for side-channel analysis of ECC called pyecsca.Our methods turn attacks
    around: instead of attempting to recover the private key, they attempt to recover
    the implementation configuration given control over the private and public inputs.
    We evaluate them on two simulation levels and study the effect of noise on their
    performance. Our methods are able to 1) reverse-engineer the scalar multiplication
    algorithm completely and 2) infer significant information about the coordinate
    system and addition formulas used in a target implementation. Furthermore, they
    can bypass coordinate and curve randomization countermeasures.</jats:p>'
author:
- first_name: Jan
  full_name: Jancar, Jan
  last_name: Jancar
- first_name: Vojtech
  full_name: Suchanek, Vojtech
  last_name: Suchanek
- first_name: Petr
  full_name: Svenda, Petr
  last_name: Svenda
- first_name: Vladimir
  full_name: Sedlacek, Vladimir
  last_name: Sedlacek
- first_name: Łukasz
  full_name: Chmielewski, Łukasz
  last_name: Chmielewski
citation:
  ama: 'Jancar J, Suchanek V, Svenda P, Sedlacek V, Chmielewski Ł. pyecsca: Reverse
    engineering black-box elliptic curve cryptography via side-channel analysis. <i>IACR
    Transactions on Cryptographic Hardware and Embedded Systems</i>. 2024;2024(4):355-381.
    doi:<a href="https://doi.org/10.46586/tches.v2024.i4.355-381">10.46586/tches.v2024.i4.355-381</a>'
  apa: 'Jancar, J., Suchanek, V., Svenda, P., Sedlacek, V., &#38; Chmielewski, Ł.
    (2024). pyecsca: Reverse engineering black-box elliptic curve cryptography via
    side-channel analysis. <i>IACR Transactions on Cryptographic Hardware and Embedded
    Systems</i>, <i>2024</i>(4), 355–381. <a href="https://doi.org/10.46586/tches.v2024.i4.355-381">https://doi.org/10.46586/tches.v2024.i4.355-381</a>'
  bibtex: '@article{Jancar_Suchanek_Svenda_Sedlacek_Chmielewski_2024, title={pyecsca:
    Reverse engineering black-box elliptic curve cryptography via side-channel analysis},
    volume={2024}, DOI={<a href="https://doi.org/10.46586/tches.v2024.i4.355-381">10.46586/tches.v2024.i4.355-381</a>},
    number={4}, journal={IACR Transactions on Cryptographic Hardware and Embedded
    Systems}, publisher={Universitatsbibliothek der Ruhr-Universitat Bochum}, author={Jancar,
    Jan and Suchanek, Vojtech and Svenda, Petr and Sedlacek, Vladimir and Chmielewski,
    Łukasz}, year={2024}, pages={355–381} }'
  chicago: 'Jancar, Jan, Vojtech Suchanek, Petr Svenda, Vladimir Sedlacek, and Łukasz
    Chmielewski. “Pyecsca: Reverse Engineering Black-Box Elliptic Curve Cryptography
    via Side-Channel Analysis.” <i>IACR Transactions on Cryptographic Hardware and
    Embedded Systems</i> 2024, no. 4 (2024): 355–81. <a href="https://doi.org/10.46586/tches.v2024.i4.355-381">https://doi.org/10.46586/tches.v2024.i4.355-381</a>.'
  ieee: 'J. Jancar, V. Suchanek, P. Svenda, V. Sedlacek, and Ł. Chmielewski, “pyecsca:
    Reverse engineering black-box elliptic curve cryptography via side-channel analysis,”
    <i>IACR Transactions on Cryptographic Hardware and Embedded Systems</i>, vol.
    2024, no. 4, pp. 355–381, 2024, doi: <a href="https://doi.org/10.46586/tches.v2024.i4.355-381">10.46586/tches.v2024.i4.355-381</a>.'
  mla: 'Jancar, Jan, et al. “Pyecsca: Reverse Engineering Black-Box Elliptic Curve
    Cryptography via Side-Channel Analysis.” <i>IACR Transactions on Cryptographic
    Hardware and Embedded Systems</i>, vol. 2024, no. 4, Universitatsbibliothek der
    Ruhr-Universitat Bochum, 2024, pp. 355–81, doi:<a href="https://doi.org/10.46586/tches.v2024.i4.355-381">10.46586/tches.v2024.i4.355-381</a>.'
  short: J. Jancar, V. Suchanek, P. Svenda, V. Sedlacek, Ł. Chmielewski, IACR Transactions
    on Cryptographic Hardware and Embedded Systems 2024 (2024) 355–381.
date_created: 2026-04-30T09:31:41Z
date_updated: 2026-04-30T09:32:37Z
doi: 10.46586/tches.v2024.i4.355-381
intvolume: '      2024'
issue: '4'
page: 355-381
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
  issn:
  - 2569-2925
publication_status: published
publisher: Universitatsbibliothek der Ruhr-Universitat Bochum
status: public
title: 'pyecsca: Reverse engineering black-box elliptic curve cryptography via side-channel
  analysis'
type: journal_article
user_id: '125442'
volume: 2024
year: '2024'
...