Improved Timing Attacks on ECDSA
نویسنده
چکیده
We improve the timing attack on ECDSA in [1] by Brumley and Tuveri. We use the Gaussian heuristic to analyse the length of error vectors in the lattice Close Vector Problem in order to determine the problems which are theoretically solvable. Then we cost each solution using a strengthened lattice reduction algorithm and Schnorr-Euchner enumeration to determine which problems are practically solvable. The original work by Brumley and Tuveri resulted in OpenSSL’s ECDSA being updated to remove the timing information they exploited, so that application is not vulnerable to our improvements. However we publish this work as a general advance in side-channel recovery techniques which may be applicable in related scenarios.
منابع مشابه
Template attacks exploiting static power and application to CMOS lightweight crypto-hardware
Side-channel attacks are a serious threat to security-critical software. OpenSSL is a prime security attack target due to the library’s ubiquitous real world applications, therefore, the history of cache-timing attacks against OpenSSL is varied and rich. The presentation includes a brief history of cache-timing attacks in OpenSSL. To mitigate remote timing and cache-timing attacks, many ubiquit...
متن کاملTiming and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?
In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSL’s ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babai’s procedure...
متن کاملConstant-Time Callees with Variable-Time Callers
Side-channel attacks are a serious threat to securitycritical software. To mitigate remote timing and cachetiming attacks, many ubiquitous cryptography software libraries feature constant-time implementations of cryptographic primitives. In this work, we disclose a vulnerability in OpenSSL 1.0.1u that recovers ECDSA private keys for the standardized elliptic curve P-256 despite the library feat...
متن کاملStrength in Numbers: Threshold ECDSA to Protect Keys in the Cloud
Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subse...
متن کاملAttacking ECDSA-Enabled RFID Devices
The elliptic curve digital signature algorithm (ECDSA) is used in many devices to provide authentication. In the last few years, more and more ECDSA implementations have been proposed that allow the integration into resource-constrained devices like RFID tags. Their resistance against power-analysis attacks has not been scrutinized so far. In this article, we provide first results of power-anal...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014