Scribd
Upload
173 views2 pages

BGM 506

This document summarizes two research papers about side-channel attacks on ECDSA implementations. The first paper describes a cache-based side-channel attack called FLUSH+RELOAD that can recover ECDSA nonces by monitoring cache access patterns during nonce calculation. The second paper demonstrates the first electromagnetic side-channel attack against OpenSSL and CoreBitcoin ECDSA signing on mobile devices, allowing recovery of private keys by analyzing electromagnetic emanations during the signing process. Together, the papers illustrate growing practical threats against the confidentiality of ECDSA private keys from side-channel attacks.

Uploaded by

Salih Ahi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
173 views2 pages

BGM 506

This document summarizes two research papers about side-channel attacks on ECDSA implementations. The first paper describes a cache-based side-channel attack called FLUSH+RELOAD that can recover ECDSA nonces by monitoring cache access patterns during nonce calculation. The second paper demonstrates the first electromagnetic side-channel attack against OpenSSL and CoreBitcoin ECDSA signing on mobile devices, allowing recovery of private keys by analyzing electromagnetic emanations during the signing process. Together, the papers illustrate growing practical threats against the confidentiality of ECDSA private keys from side-channel attacks.

Uploaded by

Salih Ahi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 2

https://eprint.iacr.org/2014/140.

pdf
Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache
Side-channel Attack
ECDSA - Ecliptic curve digital signature algorithm
* computation requires less than one second on a typical desktop.
* scalar multiplication of two points on an elliptic curve by a random
nonce. the confidentiality of this nonce is paramount.
* openssl implementation for nonce calculation is regular (doesnt
depend on the bits of previous nonce > resistant to side channel
attacks.
* but targets depend on the bits of the nonce, the code follows different
branches. tracing the brances may reveal the bits
* flush + reload attack
* security weakness in x86 machines, allows interprocess monitoring for
r/w on shared memory
* malicious party needs access to the memory of the targeted device (cohosted VMs, infected machines)
*
(montgomery ladder)
* instead of tracking addition and multiplications, the attack identifies
which branch of the if statement is taken
* flush+reload:
- clflush
- divide time into slots
- at the beginning, flush monitored memory line from cache
- at the end, load data from memory
- loading from cache is faster> measure time to load > detect
whether the memory is cached
- longer time slot > reduced measurement time
> probability to miss access of victim
> cannot determine multiple access on the same slot
https://eprint.iacr.org/2016/230.pdf
ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side
Channels
electromagnetic-power side channel attacks on OpenSSL and CoreBitcoin
(full on iOS, partial on Android)
challenges:
- ecdsa is faster than rsa > less physical information. sampling rate
needs to be increased > high cost, freq limited physical effects
- ecdsa signatures are randomized. No deterministic operations like in RSA
* first side channel attack on ecdsa on mobile devices

* figure1
* recorded 5000 OpenSSL ecdsa signatures on iphone 3gs
* measure electromagnetic emanations from iPhone
* store the recorded traces, and the signed message
* apply a Finite Impulse Response to supress noise (result in figure5)
* for locating the signing operations, a distinct pattern is discovered,
which occurs after each signing operation very similarly
* Singular Spectrum Anaylsis is applied as a preprocessing filter to further
remove noise
* end time for signing was detected in 1278 of 5000 traces
* out of these 1278, 114 were identified as having their DA sequence
terminate with at least three elliptic curve double operations, 3 of which
were false positive
* randomly 85 were selected out of 114 for analysis and were applied
Lattice Attack 30 times (to discard the effect of 3 false positives)
* accross the 30 attacks, the key was successfully recovered in 2
* the process took 2 hours on a desktop pc
* countermeasure
- constant-time implementations with constant memory access patterns
* current status of most of these software are invulnerable

You might also like