Skip to main content
SpringerLink
Log in

Just a Little Bit More

  • Conference paper
  • First Online:
Book cover Topics in Cryptology –- CT-RSA 2015 (CT-RSA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9048))

Included in the following conference series:

Abstract

We extend the Flush+Reload side-channel attack of Benger et al. to extract a significantly larger number of bits of information per observed signature when using OpenSSL. This means that by observing only 25 signatures, we can recover secret keys of the secp256k1 curve, used in the Bitcoin protocol, with a probability greater than 50 percent. This is an order of magnitude improvement over the previously best known result.

The new method of attack exploits two points: Unlike previous partial disclosure attacks we utilize all information obtained and not just that in the least significant or most significant bits, this is enabled by a property of the “standard” curves choice of group order which enables extra bits of information to be extracted. Furthermore, whereas previous works require direct information on ephemeral key bits, our attack utilizes the indirect information from the wNAF double and add chain.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute. ANSI X9.62, Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (1999)

    Google Scholar 

  2. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh aah.. just a little bit” : a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  3. Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in diffie-hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)

    Google Scholar 

  4. Brumley, B.B., Hakala, R.M.: Cache-timing template attacks. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 667–684. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  6. Cadé, D., Pujol, X., Stehlé, D.: FPLLL-4.0.4 (2013). http://perso.ens-lyon.fr/damien.stehle/fplll/

  7. Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0, January 2010

    Google Scholar 

  8. Ciet, M., Joye, M.: (Virtually) free randomization techniques for elliptic curve cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Teodoro Cipresso and Mark Stamp. Software reverse engineering. In: Peter Stavroulakis and Mark Stamp, editors, Handbook of Information and Communication Security, chapter 31, pp. 659–696. Springer (2010)

    Google Scholar 

  10. Crandall, R.E.: Method and apparatus for public key exchange in a cryptographic system. US Patent 5,159,632, October 1992

    Google Scholar 

  11. Feix, B., Roussellet, M., Venelli, A.: Side-channel analysis on blinded regular scalar multiplications. In: Meier, W., Mukhopadhyay, D. (eds.) Progress in Cryptology – INDOCRYPT 2014. LNCS, pp. 3–20. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  12. Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  13. Gordon, D.M.: A survey of fast exponentiation methods. Journal of Algorithms 27(1), 129–146 (1998)

    Article  MATH  MathSciNet  Google Scholar 

  14. Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Designs, Codes and Cryptography 23(3), 283–290 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  15. Kivity, A., Kamay, Y., Laor, D., Lublin, U., Liguori, A.: kvm: the Linux virtual machine monitor. In: Proceedings of the Linux Symposium. volume one, pp. 225–230. Ottawa, Ontario, Canada (2007)

    Google Scholar 

  16. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)

    Article  MATH  MathSciNet  Google Scholar 

  17. Li, L., Just, J.E. Sekar, R.: Address-space randomization for Windows systems. In: Proceedings of the 22nd Annual Computer Security Applications Conference, pp. 329–338, Miami Beach, Florida, United States, December 2006

    Google Scholar 

  18. Möller, B.: Parallelizable elliptic curve point multiplication method with resistance against side-channel attacks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, p. 402. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Möller, B.: Improved techniques for fast exponentiation. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 298–312. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. National Institute of Standards and Technology. FIPS PUB 186–4 Digital Signature Standard (DSS) (2013)

    Google Scholar 

  21. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the digital signature algorithm with partially known nonces. Journal of Cryptology 15(3), 151–176 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  22. Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Designs, Codes and Cryptography 30(2), 201–217 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  23. Schnorr, C.-P., Euchner, M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. In: Budach, L. (ed.) FCT 1991. LNCS, vol. 529, pp. 68–85. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  24. Solinas, J.A.: Generalized Mersenne numbers. Technical Report CORR-39, University of Waterloo (1999)

    Google Scholar 

  25. Waldspurger, C.A.: Memory resource management in VMware ESX Server. In: Culler, D.E., Druschel, P., (eds), Proceedings of the Fifth Symposium on Operating Systems Design and Implementation, pp. 181–194. Boston, Massachusetts, United States, December 2002

    Google Scholar 

  26. Yarom, Y., Benger, N.: Recovering OpenSSL ECDSA nonces using the Flush+Reload cache side-channel attack. Cryptology ePrint Archive, Report 2014/140, February 2014. http://eprint.iacr.org/

  27. Yarom, Y., Falkner, K.: Flush+Reload: a high resolution, low noise, L3 cache side-channel attack. In: Proceedings of the 23rd USENIX Security Symposium, pp. 719–732. San Diego, California, United States, August 2014

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department Computer Science, University of Bristol, Bristol, UK

    Joop van de Pol & Nigel P. Smart

  2. School of Computer Science, The University of Adelaide, Adelaide, Australia

    Yuval Yarom

Authors
  1. Joop van de Pol
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nigel P. Smart
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuval Yarom
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joop van de Pol .

Editor information

Editors and Affiliations

  1. Aalto University School of Science, Espoo, Finland

    Kaisa Nyberg

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

van de Pol, J., Smart, N.P., Yarom, Y. (2015). Just a Little Bit More. In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16715-2_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16714-5

  • Online ISBN: 978-3-319-16715-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation