Template Attacks on ECDSA
نویسندگان
چکیده
Template attacks have been considered exclusively in the context of implementations of symmetric cryptographic algorithms on 8-bit devices. Within these scenarios, they have proven to be the most powerful attacks. This is not surprising because they assume the most powerful adversaries. In this article we investigate how template attacks can be applied to implementations of an asymmetric cryptographic algorithm on a 32-bit platform. The asymmetric cryptosystem under scrutiny is the elliptic curve digital signature algorithm (ECDSA). ECDSA is particularly suitable for 32-bit platforms. In this article we show that even SPA resistant implementations of ECDSA on a typical 32-bit platform succumb to template-based SPA attacks. The only way to secure such implementations against template-based SPA attacks is to make them resistant against DPA attacks.
منابع مشابه
Attacking ECDSA-Enabled RFID Devices
The elliptic curve digital signature algorithm (ECDSA) is used in many devices to provide authentication. In the last few years, more and more ECDSA implementations have been proposed that allow the integration into resource-constrained devices like RFID tags. Their resistance against power-analysis attacks has not been scrutinized so far. In this article, we provide first results of power-anal...
متن کاملTemplate attacks exploiting static power and application to CMOS lightweight crypto-hardware
Side-channel attacks are a serious threat to security-critical software. OpenSSL is a prime security attack target due to the library’s ubiquitous real world applications, therefore, the history of cache-timing attacks against OpenSSL is varied and rich. The presentation includes a brief history of cache-timing attacks in OpenSSL. To mitigate remote timing and cache-timing attacks, many ubiquit...
متن کاملGLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias
The fastest implementations of elliptic curve cryptography in recent years have been achieved on curves endowed with nontrivial efficient endomorphisms, using techniques due to Gallant–Lambert– Vanstone (GLV) and Galbraith–Lin–Scott (GLS). In such implementations, a scalar multiplication [k]P is computed as a double multiplication [k1]P + [k2]ψ(P ), for ψ an efficient endomorphism and k1, k2 ap...
متن کاملStrength in Numbers: Threshold ECDSA to Protect Keys in the Cloud
Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subse...
متن کاملUsing Randomizers for Batch Verification of ECDSA Signatures
Randomizers are popularly used to prevent various types of attacks on batch-verification schemes. Recently, several algorithms based upon symbolic computation are proposed for the batch verification of ECDSA signatures. In this article, we demonstrate that the concept of randomizers can be easily embedded in these symbolic-computation algorithms. The performance degradation caused by randomizer...
متن کامل