A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards

Danger, Jean‐Luc; Guilley, Sylvain; Hoogvorst, Philippe; Murdica, Cédric; Naccache, David

doi:10.1007/s13389-013-0062-6

Cited by 29 publications

(24 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Regarding side-channel analysis, the scalar multiplication has received a lot of attention since the inception of this field [FV12,Dan+13], but recently vulnerabilities on other operations have emerged, like for example the nonce inversion operation [ACSS17,PGB17] and the multiplication of rd mod p [Rya19].…”

Section: Security Of An Unexpected Gcd Call In Mbedtls Ecdsamentioning

confidence: 99%

When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

Aldaya

Brumley

2020

TCHES

View full text Add to dashboard Cite

Microarchitecture based side-channel attacks are common threats nowadays. Intel SGX technology provides a strong isolation from an adversarial OS, however, does not guarantee protection against side-channel attacks. In this paper, we analyze the security of the mbedTLS binary GCD algorithm, an implementation that offers interesting challenges when compared for example with OpenSSL, due to the usage of very tight loops in the former. Using practical experiments we demonstrate the mbedTLS binary GCD implementation is vulnerable to side-channel analysis using the SGX-Step framework against mbedTLS based SGX enclaves.We analyze the security of some use cases of this algorithm in this library, resulting in the discovery of a new vulnerability in the ECDSA code path that allows a single-trace attack against this implementation. This vulnerability is three-fold interesting: It resides in the implementation of a countermeasure which makes it more dangerous due to the false state of security the countermeasure currently offers. It reduces mbedTLS ECDSA security to an integer factorization problem. An unexpected GCD call inside the ECDSA code path compromises the countermeasure. We also cover an orthogonal use case, this time inside the mbedTLS RSA code path during the computation of a CRT parameter when loading a private key. The attack also exploits the binary GCD implementation threat, showing how a single vulnerable primitive leads to multiple vulnerabilities. We demonstrate both security threats with end-to-end attacks using 1000 trials each, showing in both cases single-trace attacks can be achieved with success rates very close to 100%.

show abstract

Section: Security Of An Unexpected Gcd Call In Mbedtls Ecdsamentioning

confidence: 99%

When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

Aldaya

Brumley

2020

TCHES

View full text Add to dashboard Cite

show abstract

“…Scalar multiplication has received generous attention w.r.t. SCA since the attack vector's inception, and several good surveys exist on the topic [Fan+10,FV12,Dan+13]. But vulnerabilities on other operations have emerged recently, such as in the nonce inversion operation [ACSS17,PGB17], and the modular reduction after h + rα [Rya19].…”

Section: Projective Coordinates Attack and Ecdsa: Previous Workmentioning

confidence: 99%

“…ECDSA uses the secret nonce to compute a scalar multiplication, a highly targeted operation in the SCA realm [BH09,Fan+10,FV12,Dan+13,AVL19]. The modular inversion of the nonce is also a target [AGS07,PGB17,Ald+19a], as well as ECDSA private key operations [Rya19].…”

Section: Introductionmentioning

confidence: 99%

From A to Z: Projective coordinates leakage in the wild

Aldaya

García

Brumley

2020

TCHES

View full text Add to dashboard Cite

At EUROCRYPT 2004, Naccache et al. showed that the projective coordinates representation of the resulting point of an elliptic curve scalar multiplication potentially allows to recover some bits of the scalar. However, this attack has received little attention by the scientific community, and the status of deployed mitigations to prevent it in widely adopted cryptography libraries is unknown. In this paper, we aim to fill this gap, by analyzing several cryptography libraries in this context. To demonstrate the applicability of the attack, we use a side-channel attack to exploit this vulnerability within libgcrypt in the context of ECDSA. To the best of our knowledge, this is the first practical attack instance. It targets the insecure binary extended Euclidean algorithm implementation using a microarchitectural side-channel attack that allows recovering the projective representation of the output point of scalar multiplication during ECDSA signature generation. We captured 100k traces to estimate the number of traces an attacker would need to compromise the libgcrypt ECDSA implementation, resulting in less than 2k for commonly used elliptic curve secp256r1, demonstrating the attack feasibility. During exploitation, we found two additional vulnerabilities. However, we remark the purpose of this paper is not merely exploiting a library but about providing an analysis on the projective coordinates vulnerability status in widely deployed open-source libraries, filling a gap between its original description in the academic literature and the adoption of countermeasures to thwart it in real-world applications.

show abstract

“…For attacking symmetric block ciphers, the most popular technique is Differential Fault Analysis (DFA), in which the fault is usually inserted in the last rounds of a cipher for observing differences between correct and faulty ciphertexts. Other techniques include Collision Fault Analysis (CFA), Ineffective Fault Analysis (IFA), Safe-Error Analysis (SEA) [7,8]. We have chosen DFA as our attack technique, with inserting multiple faults in the penultimate round of PRESENT cipher.…”

Section: Introductionmentioning

confidence: 99%

Multiple Fault Attack on PRESENT with a Hardware Trojan Implementation in FPGA

Breier

He²

2015

2015 International Workshop on Secure Internet of Things (SIoT)

View full text Add to dashboard Cite

Abstract. Internet of Things connects lots of small constrained devices to the Internet. As in any other environment, communication security is important and cryptographic algorithms are one of many elements that we use in order to keep messages secure. Because of the constrained nature of these environments, it is necessary to use algorithms that do not require high computational power. Lightweight ciphers are therefore ideal candidates for this purpose. In this paper, we explore a possibility of attacking an ultra-lightweight cipher PRESENT by using a multiple fault attack. Utilizing the Differential Fault Analysis technique, we were able to recover the secret key with two faulty encryptions and an exhaustive search of 2 16 remaining key bits. Our attack aims at four nibbles in the penultimate round of the cipher, causing faulty output in all nibbles of the output. We also provide a practical attack scenario by exploiting Hardware Trojan (HT) technique for the proposed fault injection in a Xilinx Spartan-6 FPGA.

show abstract

A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards

Cited by 29 publications

References 52 publications

When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA

From A to Z: Projective coordinates leakage in the wild

Multiple Fault Attack on PRESENT with a Hardware Trojan Implementation in FPGA

Contact Info

Product

Resources

About