Elliptic curve cryptosystems proved to be well suited for securing systems with constrained resources like embedded and portable devices. In a fault-based attack, errors are induced during the computation of a cryptographic primitive, and the results are collected to derive information about the secret key safely stored into the device. We introduce a novel attack methodology to recover the secret key employed in implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA). Our attack exploits the information leakage induced when altering the execution of the modular arithmetic operations used in the signature primitive and does not rely on the underlying elliptic curve mathematical structure, thus being applicable to all standardized curves. We provide both a validation of the feasibility of the attack even employing common off-the-shelf hardware to perform the required computations, and a low cost countermeasure to counteract it.

A fault-based secret key retrieval method for ECDSA: analysis and countermeasure

BARENGHI, ALESSANDRO;BREVEGLIERI, LUCA ODDONE;PELOSI, GERARDO;
2016

Abstract

Elliptic curve cryptosystems proved to be well suited for securing systems with constrained resources like embedded and portable devices. In a fault-based attack, errors are induced during the computation of a cryptographic primitive, and the results are collected to derive information about the secret key safely stored into the device. We introduce a novel attack methodology to recover the secret key employed in implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA). Our attack exploits the information leakage induced when altering the execution of the modular arithmetic operations used in the signature primitive and does not rely on the underlying elliptic curve mathematical structure, thus being applicable to all standardized curves. We provide both a validation of the feasibility of the attack even employing common off-the-shelf hardware to perform the required computations, and a low cost countermeasure to counteract it.
File in questo prodotto:
File Dimensione Formato  
JETC1301-08.pdf

Accesso riservato

Descrizione: Articolo principale
: Publisher’s version
Dimensione 347.34 kB
Formato Adobe PDF
347.34 kB Adobe PDF   Visualizza/Apri
11311-943786_Barenghi.pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 425.58 kB
Formato Adobe PDF
425.58 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11311/943786
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 8
  • ???jsp.display-item.citation.isi??? 5
social impact