Information Security Applications

Volume 5379 of the series Lecture Notes in Computer Science pp 14-27

Template Attacks on ECDSA

  • Marcel MedwedAffiliated withCarnegie Mellon UniversityInstitute for Applied Information Processing and Communications, Graz University of TechnologySecure Business Austria (SBA)
  • , Elisabeth OswaldAffiliated withLancaster UniversityCarnegie Mellon UniversityComputer Science Department, University of BristolInstitute for Applied Information Processing and Communications, Graz University of Technology

* Final gross prices may vary according to local VAT.

Get Access


Template attacks have been considered exclusively in the context of implementations of symmetric cryptographic algorithms on 8-bit devices. Within these scenarios, they have proven to be the most powerful attacks. In this article we investigate how template attacks can be applied to implementations of an asymmetric cryptographic algorithm on a 32-bit platform. The asymmetric cryptosystem under scrutiny is the elliptic curve digital signature algorithm (ECDSA). ECDSA is particularly suitable for 32-bit platforms. In this article we show that even SPA resistant implementations of ECDSA on a typical 32-bit platform succumb to template-based SPA attacks. The only way to secure such implementations against template-based SPA attacks is to make them resistant against DPA attacks.