University of Birmingham > Talks@bham > Computer Security Seminars > An attack on ECDSA using lattice techniques

## An attack on ECDSA using lattice techniquesAdd to your list(s) Download to your calendar using vCal - Cécile Pierrot (CNRS-Nancy)
- Thursday 30 January 2020, 11:00-12:00
- Computer Science, The Sloman Lounge (UG).
If you have a question about this talk, please contact Isra Ahmed. The Elliptic Curve Digital Signature Algorithm (ECDSA) is a standard public key signature protocol widely deployed. The ECDSA signing algorithm requires the computation of some scalar multiplication of a point P on an elliptic curve by a nonce k. Attacking ECDSA with wNAF implementation for the scalar multiplication first requires some side channel analysis to collect information, then lattice based methods to recover the secret key. In this talk, we reinvestigate the construction of the lattice used after gathering information about the nonce k, that can be obtained throughout some cache side-channel attacks, such as Flush & Reload. Several metrics can be used to compare the success of our attack to previous ones: either we minimize the number of signatures required for the attack to work, or we fix the number of signatures and optimize either the total time to recover the key, or the probability of success. We experimentally demonstrate here that it is possible to recover the secret key using only 3 signatures, which was the theoretical lower bound coming from this kind of side channel attacks, but was never achieved before. Our attack is also faster than previous attacks, and for most cases, has better probability of success. Moreover, we investigate the resilience to errors of our attack. We experimentally show that we are still able to recover the secret key even in the presence of misread digits in the side channel part. For instance, if 2% of the digits are wrong among all the digits read, it is still possible to recover the key with 6 signatures. This talk is part of the Computer Security Seminars series. ## This talk is included in these lists:- Computer Science Departmental Series
- Computer Science Distinguished Seminars
- Computer Science, The Sloman Lounge (UG)
- Computer Security Seminars
- computer sience
Note that ex-directory lists are not shown. |
## Other listsSpeech Recognition by Synthesis Seminars School of Chemistry Seminars Cond. Mat. seminar## Other talksColloquium: TBA Cost optimisation of hybrid institutional incentives for promoting cooperation in finite populations Spectrally selective metasurfaces based on bound states in the continuum: a versatile platform for enhanced light-matter coupling Seminar: TBA Seminar: TBA Seminar: TBA |