Impact of randomization in VKO mechanisms on overall security level

Multiplier randomization techniques with hashing of the results is one of widely used (especially for semi-trusted environment) countermeasures against attacks on key agreement protocols in practice. This approach is used, for instance, in VKO mechanisms, which are used as building blocks for Russian cipher suites for main cryptographic protocols (including IPsec, TLS, CMS), standardized in Russia. As an important example, shared keys are produced with this technique in TLS 1.2 cipher suites, which are widespread in cryptographic software for citizens of Russia. In this paper, we consider overall security of procedures of shared key computation in the practically significant cases of implementation errors in computations on twisted Edwards elliptic curves and non-constant time of scalar multiplication operations.