Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Novel key recovery attack on secure ecdsa implementation by exploiting collisions between unknown entries
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Jin, S. | - |
| dc.contributor.author | Lee, S. | - |
| dc.contributor.author | Cho, S.M. | - |
| dc.contributor.author | Kim, H. | - |
| dc.contributor.author | Hong, S. | - |
| dc.date.accessioned | 2022-03-10T10:41:20Z | - |
| dc.date.available | 2022-03-10T10:41:20Z | - |
| dc.date.created | 2022-02-09 | - |
| dc.date.issued | 2021 | - |
| dc.identifier.issn | 2569-2925 | - |
| dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/138459 | - |
| dc.description.abstract | In this paper, we propose a novel key recovery attack against secure ECDSA signature generation employing regular table-based scalar multiplication. Our attack exploits novel leakage, denoted by collision information, which can be constructed by iteratively determining whether two entries loaded from the table are the same or not through side-channel collision analysis. Without knowing the actual value of the table entries, an adversary can recover the private key of ECDSA by finding the condition for which several nonces are linearly dependent by exploiting only the collision information. We show that this condition can be satisfied practically with a reasonable number of digital signatures and corresponding traces. Furthermore, we also show that all entries in the pre-computation table can be recovered using the recovered private key and a sufficient number of digital signatures based on the collision information. As case studies, we find that fixed-base comb and T_SM scalar multiplication are vulnerable to our attack. Finally, we verify that our attack is a real threat by conducting an experiment with power consumption traces acquired during T_SM scalar multiplication operations on an ARM Cortex-M based microcontroller. We also provide the details for validation process. © 2021, Ruhr-University of Bochum. All rights reserved. | - |
| dc.language | English | - |
| dc.language.iso | en | - |
| dc.publisher | Ruhr-University of Bochum | - |
| dc.title | Novel key recovery attack on secure ecdsa implementation by exploiting collisions between unknown entries | - |
| dc.type | Article | - |
| dc.contributor.affiliatedAuthor | Kim, H. | - |
| dc.identifier.doi | 10.46586/tches.v2021.i4.1-26 | - |
| dc.identifier.scopusid | 2-s2.0-85118419820 | - |
| dc.identifier.bibliographicCitation | IACR Transactions on Cryptographic Hardware and Embedded Systems, v.2021, no.4, pp.1 - 26 | - |
| dc.relation.isPartOf | IACR Transactions on Cryptographic Hardware and Embedded Systems | - |
| dc.citation.title | IACR Transactions on Cryptographic Hardware and Embedded Systems | - |
| dc.citation.volume | 2021 | - |
| dc.citation.number | 4 | - |
| dc.citation.startPage | 1 | - |
| dc.citation.endPage | 26 | - |
| dc.type.rims | ART | - |
| dc.type.docType | Article | - |
| dc.description.journalClass | 1 | - |
| dc.description.journalRegisteredClass | scopus | - |
| dc.subject.keywordAuthor | Collision attack | - |
| dc.subject.keywordAuthor | Digital signature | - |
| dc.subject.keywordAuthor | ECDSA | - |
| dc.subject.keywordAuthor | Public-key cryptography | - |
| dc.subject.keywordAuthor | Scalar multiplication | - |
| dc.subject.keywordAuthor | Side-channel analysis | - |
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - Graduate School > Department of Cyber Security > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.