Aranha et al., 2020 - Google Patents
LadderLeak: Breaking ECDSA with less than one bit of nonce leakageAranha et al., 2020
View PDF- Document ID
- 1633612139504771145
- Author
- Aranha D
- Novaes F
- Takahashi A
- Tibouchi M
- Yarom Y
- Publication year
- Publication venue
- Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
External Links
Snippet
Although it is one of the most popular signature schemes today, ECDSA presents a number of implementation pitfalls, in particular due to the very sensitive nature of the random value (known as the nonce) generated as part of the signing algorithm. It is known that any small …
- 238000004458 analytical method 0 abstract description 18
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/726—Inversion; Reciprocal calculation; Division of elements of a finite field
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
- G06F2207/7223—Randomisation as countermeasure against side channel attacks
- G06F2207/7233—Masking, e.g. (A**e)+r mod n
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/30—Arrangements for executing machine-instructions, e.g. instruction decode
- G06F9/30003—Arrangements for executing specific machine instructions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/38—Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/002—Countermeasures against attacks on cryptographic mechanisms
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Aranha et al. | LadderLeak: Breaking ECDSA with less than one bit of nonce leakage | |
| Beirendonck et al. | A side-channel-resistant implementation of SABER | |
| Shin et al. | Unveiling hardware-based data prefetcher, a hidden source of information leakage | |
| Aldaya et al. | Port contention for fun and profit | |
| Wichelmann et al. | Microwalk: A framework for finding side channels in binaries | |
| Genkin et al. | May the fourth be with you: A microarchitectural side channel attack on several real-world applications of curve25519 | |
| Benger et al. | “Ooh Aah... Just a Little Bit”: a small amount of side channel can go a long way | |
| Ryan | Return of the hidden number problem.: A widespread and novel key extraction attack on ecdsa and dsa | |
| Hutter et al. | NaCl on 8-bit AVR microcontrollers | |
| Owens et al. | Efficient and side-channel resistant Ed25519 on ARM Cortex-M4 | |
| Liu et al. | Four on embedded devices with strong countermeasures against side-channel attacks | |
| US10374790B2 (en) | Countermeasure method for an electronic component implementing an elliptic curve cryptography algorithm | |
| Aldaya et al. | When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA | |
| JP2019515353A (en) | Countermeasures against Safe-Error Fault Injection Attack on Cryptographic Power-up Algorithm | |
| Takahashi et al. | New Bleichenbacher records: Fault attacks on qDSA signatures | |
| Arnaud et al. | Timing attack against protected RSA-CRT implementation used in PolarSSL | |
| Hutter et al. | An ECDSA processor for RFID authentication | |
| Pereida García et al. | Size, speed, and security: An Ed25519 case study | |
| Batina et al. | SoK: SCA-secure ECC in software–mission impossible? | |
| US11985221B2 (en) | Efficient masking of secure data in ladder-type cryptographic computations | |
| Chen et al. | Masking floating-point number multiplication and addition of falcon: First-and higher-order implementations and evaluations | |
| Batina et al. | SCA-secure ECC in software–mission impossible? | |
| Sepulveda et al. | Cache attacks and countermeasures for ntruencrypt on mpsocs: Post-quantum resistance for the iot | |
| Fournaris | Fault and power analysis attack protection techniques for standardized public key cryptosystems | |
| Chrapek et al. | HEAR: Homomorphically Encrypted Allreduce |