|![[Search]](/images/search.gif?1209136071)
|![[A-Z Index]](/images/az.gif?1209136071)
|![[Contact]](/images/contact.gif?1209136071)
||![[University of Birmingham]](/images/identifier2.gif?1243330508){kind=small} |
![[Talks@bham]](/images/talkslogosmall.gif?1243330508) |
University of Birmingham > Talks@bham > Computer Security Seminars > An attack on ECDSA using lattice techniques
An attack on ECDSA using lattice techniquesAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Isra Ahmed. The Elliptic Curve Digital Signature Algorithm (ECDSA) is a standard public key signature protocol widely deployed. The ECDSA signing algorithm requires the computation of some scalar multiplication of a point P on an elliptic curve by a nonce k. Attacking ECDSA with wNAF implementation for the scalar multiplication first requires some side channel analysis to collect information, then lattice based methods to recover the secret key. In this talk, we reinvestigate the construction of the lattice used after gathering information about the nonce k, that can be obtained throughout some cache side-channel attacks, such as Flush & Reload. Several metrics can be used to compare the success of our attack to previous ones: either we minimize the number of signatures required for the attack to work, or we fix the number of signatures and optimize either the total time to recover the key, or the probability of success. We experimentally demonstrate here that it is possible to recover the secret key using only 3 signatures, which was the theoretical lower bound coming from this kind of side channel attacks, but was never achieved before. Our attack is also faster than previous attacks, and for most cases, has better probability of success. Moreover, we investigate the resilience to errors of our attack. We experimentally show that we are still able to recover the secret key even in the presence of misread digits in the side channel part. For instance, if 2% of the digits are wrong among all the digits read, it is still possible to recover the key with 6 signatures. This talk is part of the Computer Security Seminars series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsDinner Table Terrorism - Achieving Food Security Biosciences seminars SERENE SeminarsOther talksQuantum Sensing in Space TBA TBA TBC Waveform modelling and the importance of multipole asymmetry in Gravitational Wave astronomy Life : it’s out there, but what and why ? |
Thursday 30 January 2020, 11:00-12:00