BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//talks.bham.ac.uk//v3//EN
BEGIN:VEVENT
CATEGORIES:Computer Security Seminars
SUMMARY:An attack on ECDSA using lattice techniques - Céci
le Pierrot (CNRS-Nancy)
DTSTART:20200130T110000Z
DTEND:20200130T120000Z
UID:TALK3966AT
URL:/talk/index/3966
DESCRIPTION:The Elliptic Curve Digital Signature Algorithm (EC
DSA) is a standard public key signature protocol w
idely deployed. The ECDSA signing algorithm requir
es the computation of some scalar multiplication o
f a point P on an elliptic curve by a nonce k. Att
acking ECDSA with wNAF implementation for the scal
ar multiplication first requires some side channel
analysis to collect information\, then lattice ba
sed methods to recover the secret key. In this tal
k\, we reinvestigate the construction of the latti
ce used after gathering information about the nonc
e k\, that can be obtained throughout some cache s
ide-channel attacks\, such as Flush & Reload.\n\nS
everal metrics can be used to compare the success
of our attack to previous ones: either we minimize
the number of signatures required for the attack
to work\, or we fix the number of signatures and o
ptimize either the total time to recover the key\,
or the probability of success. We experimentally
demonstrate here that it is possible to recover th
e secret key using only 3 signatures\, which was t
he theoretical lower bound coming from this kind o
f side channel attacks\, but was never achieved be
fore. Our attack is also faster than previous atta
cks\, and for most cases\, has better probability
of success. Moreover\, we investigate the resilien
ce to errors of our attack. We experimentally show
that we are still able to recover the secret key
even in the presence of misread digits in the side
channel part. For instance\, if 2% of the digits
are wrong among all the digits read\, it is still
possible to recover the key with 6 signatures. \n
LOCATION:Computer Science\, The Sloman Lounge (UG)
CONTACT:Isra Ahmed
END:VEVENT
END:VCALENDAR