Using Bleichenbacher”s Solution to the Hidden Number Problem to Attack Nonce Leaks in 384-Bit ECDSA

  • Elke De Mulder
  • Michael Hutter
  • Mark E. Marson
  • Peter Pearson
Conference paper

DOI: 10.1007/978-3-642-40349-1_25

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8086)
Cite this paper as:
De Mulder E., Hutter M., Marson M.E., Pearson P. (2013) Using Bleichenbacher”s Solution to the Hidden Number Problem to Attack Nonce Leaks in 384-Bit ECDSA. In: Bertoni G., Coron JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg

Abstract

In this paper we describe an attack against nonce leaks in 384-bit ECDSA using an FFT-based attack due to Bleichenbacher. The signatures were computed by a modern smart card. We extracted the low-order bits of each nonce using a template-based power analysis attack against the modular inversion of the nonce. We also developed a BKZ-based method for the range reduction phase of the attack, as it was impractical to collect enough signatures for the collision searches originally used by Bleichenbacher. We confirmed our attack by extracting the entire signing key using a 5-bit nonce leak from 4000 signatures.

Keywords

Side Channel Analysis ECDSA Modular Inversion Hidden Number Problem Bleichenbacher FFT LLL BKZ 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Elke De Mulder
    • 1
  • Michael Hutter
    • 1
    • 2
  • Mark E. Marson
    • 1
  • Peter Pearson
    • 1
  1. 1.Cryptography Research, Inc.San FranciscoUSA
  2. 2.Institute for Applied Information Processing and Communications (IAIK)Graz University of TechnologyGrazAustria

Personalised recommendations