2019
DOI: 10.1007/978-3-030-32101-7_1
|View full text |Cite
|
Sign up to set email alerts
|

Biased Nonce Sense: Lattice Attacks Against Weak ECDSA Signatures in Cryptocurrencies

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
13
0

Year Published

2019
2019
2022
2022

Publication Types

Select...
5
2
2

Relationship

1
8

Authors

Journals

citations
Cited by 41 publications
(13 citation statements)
references
References 21 publications
0
13
0
Order By: Relevance
“…Howgrave-Graham and Smart [HS01] and Nguyen and Shparlinski [NS02; NS03] used the HNP to show that the (EC)DSA schemes are insecure if the attacker can obtain information about the most significant bits of the nonces used. Since then, the HNP was used in many attacks against biased or leaked nonces in (EC)DSA, often utilizing side channels such as timing [ABuH Other attacks utilizing the HNP include using information about nonce distribution [BH19] or fault injection in the case of the SM2 signature algorithm [LCL13]. There have also been some theoretical extensions [FGR12;GRV16;HR06].…”
Section: Related Workmentioning
confidence: 99%
“…Howgrave-Graham and Smart [HS01] and Nguyen and Shparlinski [NS02; NS03] used the HNP to show that the (EC)DSA schemes are insecure if the attacker can obtain information about the most significant bits of the nonces used. Since then, the HNP was used in many attacks against biased or leaked nonces in (EC)DSA, often utilizing side channels such as timing [ABuH Other attacks utilizing the HNP include using information about nonce distribution [BH19] or fault injection in the case of the SM2 signature algorithm [LCL13]. There have also been some theoretical extensions [FGR12;GRV16;HR06].…”
Section: Related Workmentioning
confidence: 99%
“…Elliptic curve over finite field 𝔽 2 𝑚 is used in practical cryptography, one of which is elliptic curve digital signature algorithm (ECDSA). ECDSA consists three steps: key generation, signature generation, and verification algorithm [14].…”
Section: Ifmentioning
confidence: 99%
“…The public-key algorithm (ECDSA [32], EdDSA [6], Schnorr [48], ElGamal [24]) used for these keys have known attacks [8,27,29,35,45,47] that might be applied in some cases. There are real-world use cases [10,22]. To reduce the attack surface, it is necessary to use a library that implements the required cryptosystem with side-channel attack protections.…”
Section: Underlying Cryptosystemmentioning
confidence: 99%