D. Danger, S. Guilley, P. Hoogvorst, and C. , 3: Synthesis of the Implementation Specificity for each attack, Murdica and D. Naccache, Low-Cost Countermeasure against RPA. Proceedings of cardis'12, pp.106-122, 2013.

[. Danger, S. Guilley, P. Hoogvorst, C. Murdica, and D. Naccache, A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards, Journal of Cryptographic Engineering, vol.49, issue.9, pp.241-265, 2013.
DOI : 10.1007/s13389-013-0062-6

URL : https://hal.archives-ouvertes.fr/hal-00934333

C. [. Maimut and D. Murdica, Naccache and M. Tibouchi Fault Attacks on Projectiveto-Affine Coordinates Conversion, Proceedings of cosade'13, pp.46-61, 2013.

. Mgd-+-12-]-c, S. Murdica, J. Guilley, P. Danger, D. Hoogvorst et al., Same Values Power Analysis Using Special Points on Elliptic Curves, Proceedings of cosade'12, pp.2012-183

R. Akishita and T. Takagi, Zero-Value Point Attacks on Elliptic Curve Cryptosystem, Proceedings of isc'03, pp.218-233, 2003.
DOI : 10.1007/10958513_17

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

F. Amiel, K. Villegas, B. Feix, and L. Marcel, Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007), pp.92-102, 2007.
DOI : 10.1109/FDTC.2007.12

J. Bajard, An RNS Montgomery modular multiplication algorithm, IEEE Transactions on Computers, vol.47, issue.7, pp.766-776, 1998.
DOI : 10.1109/12.709376

H. El, D. Choukri, M. Naccache, C. Tunstall, and . Whelan, The Sorcerer's Apprentice Guide to Fault Attacks, Proceedings of the IEEE'06, pp.370-382

P. Barrett, Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor, Proceedings of crypto'86, pp.311-323, 1987.
DOI : 10.1007/3-540-47721-7_24

]. A. Bjpw13a, ´. E. Bauer, E. Jaulmes, J. Prouff, and . Wild, Horizontal and Vertical Side-Channel Attacks against Secure rsa Implementations, Proceedings of ct-rsa'13, pp.1-17, 2013.

]. A. Bjpw13b, ´. E. Bauer, E. Jaulmes, J. Prouff, and . Wild, Horizontal Collision Correlation Attack on Elliptic Curves

T. [. Bernstein and . Lange, Explicit-formulas database, 2004.

B. [. Biehl, V. Meyer, and . Müller, Differential Fault Attacks on Elliptic Curve Cryptosystems, Proceedings of crypto'00, pp.131-146, 2000.
DOI : 10.1007/3-540-44598-6_8

A. [. Biham and . Shamir, Differential fault analysis of secret key cryptosystems, Proceedings of crypto'97, pp.513-525, 1997.
DOI : 10.1007/BFb0052259

G. [. Blake, N. Seroussi, and . Smart, Elliptic Curves in Cryptography, 1999.
DOI : 10.1017/CBO9781107360211

J. Blömer, M. Otto, and J. Seifert, Sign Change Fault Attacks on Elliptic Curve Cryptosystems, Proceedings of fdtc'06, pp.36-52, 2006.
DOI : 10.1007/11889700_4

R. [. Boneh, R. Demillo, and . Lipton, On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract), Proceedings of eurocrypt'97, pp.37-51, 1997.

H. [. Boscher, E. Handschuh, and . Trichina, Blinded Fault Resistant Exponentiation Revisited. fdtc'09, IEEE Computer Society, pp.3-9, 2009.
DOI : 10.1109/fdtc.2009.31

URL : https://www.cosic.esat.kuleuven.be/publications/article-2249.pdf

M. [. Brier and . Joye, Weierstra?? Elliptic Curves and Side-Channel Attacks, Proceedings of pkc'02, pp.335-345, 2002.
DOI : 10.1007/3-540-45664-3_24

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Ciet and M. Joye, (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography, Proceedings of icis'03, pp.348-359, 2003.
DOI : 10.1007/978-3-540-39927-8_32

M. Ciet and M. Joye, Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults, Designs, Codes and Cryptography, vol.13, issue.4, pp.33-43, 2005.
DOI : 10.1007/s10623-003-1160-8

J. [. Chari, P. Rao, and . Rohatgi, Template Attacks, Proceedings of ches'02, pp.13-28, 2003.
DOI : 10.1007/3-540-36400-5_3

M. [. Chevallier-mames, M. Ciet, and . Joye, Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity, IEEE Transactions on Computers, vol.53, issue.6, pp.460-468, 2004.
DOI : 10.1109/TC.2004.13

G. [. Chudnovsky and . Chudnovsky, Sequences of numbers generated by addition in formal groups and new primality and factorization tests, Advances in Applied Mathematics, vol.7, issue.4, pp.385-502, 1986.
DOI : 10.1016/0196-8858(86)90023-0

. Cfg-+-11-]-c, B. Clavier, G. Feix, M. Gagnerot, V. Rousselet et al., Improved Collision- Correlation Power Analysis on First Order Protected aes, Proceedings of ches'11, pp.49-62, 2011.

. Cfg-+-10-]-c, B. Clavier, G. Feix, M. Gagnerot, V. Roussellet et al., Horizontal Correlation Analysis on Exponentiation, Proceedings of icics'10, pp.46-61, 2010.

M. [. Clavier and . Joye, Universal Exponentiation Algorithm, Proceedings of ches'01, pp.300-308, 2001.

H. Cohen, A. Miyaji, and T. Ono, Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Proceedings of asiacrypt'98, pp.51-65, 1998.
DOI : 10.1007/3-540-49649-1_6

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

J. Coron, Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems, Proceedings of ches'99, pp.292-302, 1999.
DOI : 10.1007/3-540-48059-5_25

[. Dhem, F. Koeune, P. Leroux, P. Mestré, J. Quisquater et al., A Practical Implementation of the Timing Attack, Proceedings of cardis'98, pp.167-182, 2000.
DOI : 10.1007/10721064_15

M. [. Dominguez-oviedo and . Hansan, Algorithm-level error detection for Montgomery ladder-based ECSM, Journal of Cryptographic Engineering, vol.49, issue.9, pp.57-69, 2011.
DOI : 10.1007/s13389-011-0003-1

J. Fan, B. Gierliches, and F. Vercauteren, To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order, Proceedings of ches'11, pp.143-159, 2011.
DOI : 10.1007/978-3-642-23951-9_10

]. J. Fgd-+-10, X. Fan, E. Guo, P. De-mulder, and B. Schaumont, Preneel and I. Verbauwhede, Stateof-the-art of Secure ECC Implementations: A Survey on Known Side-channel Attacks and Countermeasures, Proceedings of host'10, pp.76-87, 2010.

J. Faugères, L. Perret, C. Petit, and G. Renault, Improving the Complexity of Index Calculus Algorithms in Elliptic Curves over Binary Fields, Proceedings of eurocrypt'12, pp.2012-2039

P. Fouque, R. Lercier, D. , and F. Valette, Fault Attack on Elliptic Curve Montgomery Ladder Implementation. fdtc'08, IEEE Computer Society, pp.92-98, 2008.
URL : https://hal.archives-ouvertes.fr/hal-00373562

[. Fouque, D. Réal, F. Valette, and M. Drissi, The Carry Leakage on the Randomized Exponent Countermeasure, Proceedings of ches'08, pp.198-213, 2008.
DOI : 10.1007/978-3-540-85053-3_13

URL : https://hal.archives-ouvertes.fr/hal-00538489

[. Fouque, J. Stern, and J. G. Wackers, CryptoComputing with Rationals, Proceedings of Financial Cryptography'02, pp.136-146, 2003.
DOI : 10.1007/3-540-36504-4_10

URL : https://hal.archives-ouvertes.fr/inria-00565270

R. Fouque and F. Valette, The Doubling Attack ??? Why Upwards Is Better than Downwards, Proceedings of ches'03, pp.269-280, 2003.
DOI : 10.1007/978-3-540-45238-6_22

URL : https://hal.archives-ouvertes.fr/inria-00563965

]. C. Gir06 and . Giraud, An rsa Implementation Resistant to Fault Attacks and to Simple Power Analysis, IEEE Trans. Computers, vol.55, issue.9, pp.1116-1120, 2006.

[. Giraud and V. Verneuil, Atomicity Improvement for Elliptic Curve Scalar Multiplication, Proceedings of cardis'10, pp.80-101, 2010.
DOI : 10.1007/978-3-642-12510-2_7

URL : https://hal.archives-ouvertes.fr/inria-00459461

]. L. Gou03 and . Goubin, A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems, Proceedings of pkc'03, pp.199-210, 2002.

M. [. Goundar, A. Joye, and . Miyaji, Co-Z Addition Formulae and Binary Ladders on Elliptic Curves -(Extended Abstract, Proceedings of ches'10, pp.65-79, 2010.
DOI : 10.1007/978-3-642-15031-9_5

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

. R. Gjm-+-11-]-r, M. Goundar, A. Joye, M. Miyaji, A. Rivain et al., Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic, J. Cryptographic Engineering, vol.1, issue.2, pp.161-176, 2011.

]. H. Has36 and . Hasse, Zur Theorie der abstrakten elliptischen Funktionenkörper III, J. Reine Angew. Math, vol.1936, pp.193-208

J. [. Hachez and . Quisquater, Montgomery Exponentiation with no Final Subtractions: Improved Results, Proceedings of ches'00, pp.293-301, 2000.
DOI : 10.1007/3-540-44499-8_23

D. Hankerson, A. J. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography, 2003.

N. Howgrave-graham and N. Smart, Lattice Attacks on Digital Signature Schemes, Designs, Codes and Cryptography, vol.23, issue.3, pp.283-290, 2001.
DOI : 10.1023/A:1011214926272

M. Hutter, M. Joye, and Y. Sierra, Memory-Constrained Implementations of Elliptic Curve Cryptography in Co-Z Coordinate Representation, Proceedings of africacrypt'11, pp.170-187, 2011.
DOI : 10.1109/12.869328

T. [. Itoh, M. Izu, and . Takenaka, Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA, Proceedings of ches'02, pp.129-143, 2003.
DOI : 10.1007/3-540-36400-5_11

T. [. Itoh, M. Izu, and . Takenaka, A Practical Countermeasure against Address-Bit Differential Power Analysis, Proceedings of ches'03, pp.382-396, 2003.
DOI : 10.1007/978-3-540-45238-6_30

T. [. Itoh, M. Izu, and . Takenaka, Efficient Countermeasures Against Power Analysis for Elliptic Curve Cryptosystems, pp.99-114, 2004.
DOI : 10.1007/1-4020-8147-2_7

B. [. Izu, T. Möller, and . Takagi, Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks, pp.296-313, 2002.
DOI : 10.1007/3-540-36231-2_24

T. [. Izu and . Takagi, Exceptional Procedure Attack on Elliptic Curve Cryptosystems, Proceedings of pkc'03, pp.224-239, 2003.
DOI : 10.1007/3-540-36288-6_17

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Izumi, J. Ikegami, K. Sakiyama, and K. Ohta, Improved countermeasure against Address-bit DPA for ecc scalar multiplication. date'10, pp.981-984, 2010.

]. M. Joy07 and . Joye, Highly Regular Right-to-Left Algorithms for Scalar Multiplication, Proceedings of ches'07, pp.135-147, 2007.

M. Joye and C. Tymen, Protections against Differential Analysis for Elliptic Curve Cryptography, Proceedings of ches'01, pp.377-390, 2001.
DOI : 10.1007/3-540-44709-1_31

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Joye and S. Yen, The Montgomery Powering Ladder, Proceedings of ches'02, pp.291-302, 2003.
DOI : 10.1007/3-540-36400-5_22

]. N. Kob87 and . Koblitz, Elliptic Curve Cryptosystems, Mathematics of Computation, vol.48, issue.177, pp.203-209, 1987.

T. [. Ko¸andko¸and and . Acar, Analyzing and Comparing Montgomery Multiplication Algorithms, pp.26-33, 1996.

]. P. Koc96 and . Kocher, Timing Attacks on Implementations of Diffie-Hellman, rsa, dss, and Other Systems, Proceedings of crypto'96, pp.104-113, 1996.

H. [. Lenstra, L. Lenstra, and . Lovàsz, Factoring polynomials with rational coefficients, Mathematische Annalen, vol.32, issue.4, pp.515-534, 1982.
DOI : 10.1007/BF01457454

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

M. Medwed and E. Oswald, Template Attacks on ECDSA, Proceedings of wisa'08, pp.14-27, 2009.
DOI : 10.1017/CBO9780511546570.007

]. N. Mel07 and . Meloni, New Point Addition Formulae for ecc Applications, Proceedings of waifi'07, pp.189-201, 2007.

]. V. Mil85 and . Miller, Use of elliptic curves in cryptography, Proceedings of crypto'85, pp.417-426, 1985.

]. P. Mon85 and . Montgomery, Modular Multiplication without Trial Division, Mathematics of Computation, vol.44, issue.170, pp.519-521, 1985.

F. [. Muller and . Valette, High-Order Attacks Against the Exponent Splitting Protection, Proceedings of pkc'06, pp.315-329, 2006.
DOI : 10.1007/11745853_21

N. [. Naccache, J. Smart, and . Stern, Projective Coordinates Leak, Proceedings of eurocrypt'04, pp.257-267, 2004.
DOI : 10.1007/978-3-540-24676-3_16

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

V. Y. Pan and X. Wang, On Rational Number Reconstruction and Approximation, SIAM Journal on Computing, vol.33, issue.2, pp.502-503, 2004.
DOI : 10.1137/S0097539703437181

J. Pollard, Monte Carlo methods for Index Computation (mod p) Mathematics of Computation, pp.918-924, 1978.

]. J. Qui90 and . Quisquater, Procédé de codage selon la méthode dite rsa par un microcontrôleur et dispositifs utilisant ce procédé. Demande de brevet français, 1990.

J. J. Quisquater, Encoding system according to the so-called rsa method, by means of a microcontroller and arrangement implementing this system, U.S. Patent #5, vol.166, p.978, 1991.

T. [. Schramm, C. Wollinger, and . Paar, A New Class of Collision Attacks and Its Application to DES, fse'03, pp.206-222, 2003.
DOI : 10.1007/978-3-540-39887-5_16

]. D. Sha71 and . Shanks, Class Number, a Theory of Factorization and Genera, Proceedings of Symposia in Pure Mathematics, pp.415-440, 1971.

]. E. Str64 and . Straus, Addition chains of vectors (problem 5125), The American Mathematical Monthly, vol.71, issue.7, pp.806-808, 1964.

N. [. Stebila and . Thériault, Unified Point Addition Formul?? and Side-Channel Attacks, Proceedings of ches'06, pp.354-368, 2006.
DOI : 10.1007/11894063_28

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

. [. Stein, Sage Mathematics Software (Version 5.0) The Sage Development Team, 2012.

A. [. Trichina and . Bellezza, Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks, Proceedings of ches'02, pp.98-113, 2002.
DOI : 10.1007/3-540-36400-5_9

]. V. Ver12 and . Verneuil, Cryptographiè a base de courbes elliptiques et sécurité de composants embarqués, 2012.

]. C. Wal99 and . Walter, Montgomery's Multiplication Technique: How to Make It Smaller and Faster, Proceedings of ches'99, pp.80-93, 1999.

]. C. Wal01 and . Walter, Sliding Windows Succumbs to Big Mac Attack, Proceedings of ches'01, pp.286-299, 2001.

]. C. Wal04 and . Walter, Simple Power Analysis of Unified Code for ecc Double and Add, Proceedings of ches'04, pp.191-204, 2004.

X. Wang and V. Y. Pan, Acceleration of Euclidean Algorithm and Rational Number Reconstruction, SIAM Journal on Computing, vol.32, issue.2, pp.548-556, 2003.
DOI : 10.1137/S0097539702408636

[. Yen and M. Joye, Checking Before Output May Not Be Enough Against Fault- Based Cryptanalysis, IEEE Trans. Computers, vol.49, issue.9, pp.967-970, 2000.

[. Yen, S. Kim, S. Lim, and S. Moon, A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack, Proceedings of icisc'01, pp.141-427, 2001.