Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries

Jin, Sunghyun; Lee, Sangyub; Cho, Sung Min; Kim, Hee Seok; Hong, Seokhie

doi:10.46586/tches.v2021.i4.1-26

Cited by 2 publications

(8 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…See Figure 2 for our setup. We collected 50 traces even though our method requires at most 27 (=8+16+2+1) traces 4 , which is one more than the sum of the possible entry number in the first iteration, the remaining iterations, and the final point addition. We apply an additional 5 MHz low-pass filter to all measured traces for noise reduction.…”

Section: Methodsmentioning

confidence: 99%

“…It thus may be difficult to succeed with a single trace attack against table-based scalar multiplication. Another form of key recovery attack against ECDSA employing table-based scalar multiplication by exploiting collisions between unknown entries has been introduced [4]. In the next section, we introduce this attack in order to better understand the approach proposed in the present paper.…”

Section: Related Work On Side-channel Analysis On Ecdsa Signature Gen...mentioning

confidence: 99%

“…Jin et al proposed a novel key recovery attack against ECDSA signature generation employing regular table-based scalar multiplication [4]. For convenience, we refer to this as a key recovery attack through the linear combination of entry collision information (LCECI) from now.…”

Section: Ecdsa Key Recovery Attack Through the Linear Combination Of ...mentioning

confidence: 99%

“…Because the target leakages in our method are similar to those in jin et al's original attack, we perform a similar process for identifying and extracting subtraces in this experiment [4]. We investigate traces to identify target operations and extract subtraces corresponding to these operations.…”

Section: Identification and Extraction Of Subtraces For The Target Op...mentioning

confidence: 99%

“…FBC scalar multiplication also offers some practical security features against side-channel analysis, including allowing fewer exploitable leakages of word multiplications for horizontal correlation attacks and the complexity of guessing entries for collision attacks is not neglectable. However, a novel key recovery attack against ECDSA signature generation that employs regular table-based scalar multiplication, including the FBC method, was recently introduced at CHES 2021 [4]. This attack finds the secret key using a linear combination of collisions between the leakages that provide information on whether table entries are the same or not.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Enhanced Side-Channel Analysis on ECDSA Employing Fixed-Base Comb Method

Jin

Cho²,

Kim

et al. 2022

IEEE Trans. Comput.

Self Cite

View full text Add to dashboard Cite

Section: Methodsmentioning

confidence: 99%

Section: Related Work On Side-channel Analysis On Ecdsa Signature Gen...mentioning

confidence: 99%

Section: Ecdsa Key Recovery Attack Through the Linear Combination Of ...mentioning

confidence: 99%

Section: Identification and Extraction Of Subtraces For The Target Op...mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Enhanced Side-Channel Analysis on ECDSA Employing Fixed-Base Comb Method

Jin

Cho²,

Kim

et al. 2022

IEEE Trans. Comput.

Self Cite

View full text Add to dashboard Cite

Stealing Keys From Hardware Wallets: A Single Trace Side-Channel Attack on Elliptic Curve Scalar Multiplication Without Profiling

et al. 2023

Self Cite

View full text Add to dashboard Cite

Over the past decade, decentralized cryptocurrencies have received attention in industry and academia. Hardware wallets are dedicated devices that manage cryptocurrencies safely without entrusting cryptographic keys to a third party. Side-channel attacks have been widely studied in cryptanalysis and have already been proven threatening, but analysis on hardware wallets still needs to be researched. Although the previous work demonstrated several side-channel vulnerabilities, their attacks require a finely controlled environment or a learning phase of target devices' physical properties before the attacks. This paper proposes a side-channel attack on hardware wallets extracting private keys. The proposed attack needs a single power trace measured when wallets process elliptic curve scalar multiplication with private keys. Our attack is reasonable since we do not damage the device under attack and do not target a specific device but an algorithm; it is widely applicable to wallets using that algorithm or analogous ones. It also presents the attack results conducted with three datasets: simulation, ChipWhisperer, and actual dataset collected from the Trezor Model One, the first and representative hardware wallets which comply with the de facto standard of hardware wallets.INDEX TERMS Cryptocurrency, hardware security, power analysis, side-channel attack.

show abstract

Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries

Cited by 2 publications

References 9 publications

Enhanced Side-Channel Analysis on ECDSA Employing Fixed-Base Comb Method

Enhanced Side-Channel Analysis on ECDSA Employing Fixed-Base Comb Method

Stealing Keys From Hardware Wallets: A Single Trace Side-Channel Attack on Elliptic Curve Scalar Multiplication Without Profiling

Contact Info

Product

Resources

About