---
_id: '65538'
abstract:
- lang: eng
  text: <jats:p>Developers implementing elliptic curve cryptography (ECC) face a wide
    range of implementation choices created by decades of research into elliptic curves.
    The literature on elliptic curves offers a plethora of curve models, scalar multipliers,
    and addition formulas, but this comes with the price of enabling attacks to also
    use the rich structure of these techniques. Navigating through this area is not
    an easy task and developers often obscure their choices, especially in black-box
    hardware implementations. Since side-channel attackers rely on the knowledge of
    the implementation details, reverse engineering becomes a crucial part of attacks.This
    work presents ECTester – a tool for testing black-box ECC implementations. Through
    various test suites, ECTester observes the behavior of the target implementation
    against known attacks but also non-standard inputs and elliptic curve parameters.
    We analyze popular ECC libraries and smartcards and show that some libraries and
    most smartcards do not check the order of the input points and improperly handle
    the infinity point. Based on these observations, we design new techniques for
    reverse engineering scalar randomization countermeasures that are able to distinguish
    between group scalar randomization, additive, multiplicative or Euclidean splitting.
    Our techniques do not require side-channel measurements; they only require the
    ability to set custom domain parameters, and are able to extract not only the
    size but also the exact value of the random mask used. Using the techniques, we
    successfully reverse-engineered the countermeasures on 13 cryptographic smartcards
    from 5 major manufacturers – all but one we tested on. Finally, we discuss what
    mitigations can be applied to prevent such reverse engineering, and whether it
    is possible at all.</jats:p>
author:
- first_name: Vojtech
  full_name: Suchanek, Vojtech
  last_name: Suchanek
- first_name: Jan
  full_name: Jancar, Jan
  last_name: Jancar
- first_name: Jan
  full_name: Kvapil, Jan
  last_name: Kvapil
- first_name: Petr
  full_name: Svenda, Petr
  last_name: Svenda
- first_name: Łukasz
  full_name: Chmielewski, Łukasz
  last_name: Chmielewski
citation:
  ama: 'Suchanek V, Jancar J, Kvapil J, Svenda P, Chmielewski Ł. ECTester: Reverse-engineering
    side-channel countermeasures of ECC implementations. <i>IACR Transactions on Cryptographic
    Hardware and Embedded Systems</i>. 2025;2025(4):290-316. doi:<a href="https://doi.org/10.46586/tches.v2025.i4.290-316">10.46586/tches.v2025.i4.290-316</a>'
  apa: 'Suchanek, V., Jancar, J., Kvapil, J., Svenda, P., &#38; Chmielewski, Ł. (2025).
    ECTester: Reverse-engineering side-channel countermeasures of ECC implementations.
    <i>IACR Transactions on Cryptographic Hardware and Embedded Systems</i>, <i>2025</i>(4),
    290–316. <a href="https://doi.org/10.46586/tches.v2025.i4.290-316">https://doi.org/10.46586/tches.v2025.i4.290-316</a>'
  bibtex: '@article{Suchanek_Jancar_Kvapil_Svenda_Chmielewski_2025, title={ECTester:
    Reverse-engineering side-channel countermeasures of ECC implementations}, volume={2025},
    DOI={<a href="https://doi.org/10.46586/tches.v2025.i4.290-316">10.46586/tches.v2025.i4.290-316</a>},
    number={4}, journal={IACR Transactions on Cryptographic Hardware and Embedded
    Systems}, publisher={Universitatsbibliothek der Ruhr-Universitat Bochum}, author={Suchanek,
    Vojtech and Jancar, Jan and Kvapil, Jan and Svenda, Petr and Chmielewski, Łukasz},
    year={2025}, pages={290–316} }'
  chicago: 'Suchanek, Vojtech, Jan Jancar, Jan Kvapil, Petr Svenda, and Łukasz Chmielewski.
    “ECTester: Reverse-Engineering Side-Channel Countermeasures of ECC Implementations.”
    <i>IACR Transactions on Cryptographic Hardware and Embedded Systems</i> 2025,
    no. 4 (2025): 290–316. <a href="https://doi.org/10.46586/tches.v2025.i4.290-316">https://doi.org/10.46586/tches.v2025.i4.290-316</a>.'
  ieee: 'V. Suchanek, J. Jancar, J. Kvapil, P. Svenda, and Ł. Chmielewski, “ECTester:
    Reverse-engineering side-channel countermeasures of ECC implementations,” <i>IACR
    Transactions on Cryptographic Hardware and Embedded Systems</i>, vol. 2025, no.
    4, pp. 290–316, 2025, doi: <a href="https://doi.org/10.46586/tches.v2025.i4.290-316">10.46586/tches.v2025.i4.290-316</a>.'
  mla: 'Suchanek, Vojtech, et al. “ECTester: Reverse-Engineering Side-Channel Countermeasures
    of ECC Implementations.” <i>IACR Transactions on Cryptographic Hardware and Embedded
    Systems</i>, vol. 2025, no. 4, Universitatsbibliothek der Ruhr-Universitat Bochum,
    2025, pp. 290–316, doi:<a href="https://doi.org/10.46586/tches.v2025.i4.290-316">10.46586/tches.v2025.i4.290-316</a>.'
  short: V. Suchanek, J. Jancar, J. Kvapil, P. Svenda, Ł. Chmielewski, IACR Transactions
    on Cryptographic Hardware and Embedded Systems 2025 (2025) 290–316.
date_created: 2026-04-30T09:31:59Z
date_updated: 2026-04-30T09:32:25Z
doi: 10.46586/tches.v2025.i4.290-316
intvolume: '      2025'
issue: '4'
page: 290-316
publication: IACR Transactions on Cryptographic Hardware and Embedded Systems
publication_identifier:
  issn:
  - 2569-2925
publication_status: published
publisher: Universitatsbibliothek der Ruhr-Universitat Bochum
status: public
title: 'ECTester: Reverse-engineering side-channel countermeasures of ECC implementations'
type: journal_article
user_id: '125442'
volume: 2025
year: '2025'
...