Protecting Elliptic Curve Cryptography Against Memory Disclosure Attacks

  • Yang Yang
  • Zhi GuanEmail author
  • Zhe  Liu
  • Zhong Chen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8958)


In recent years, memory disclosure attacks, such as cold boot attack and DMA attack, have posed huge threats to cryptographic applications in real world. In this paper, we present a CPU-bounded memory disclosure attacks resistant yet efficient software implementation of elliptic curves cryptography on general purpose processors. Our implementation performs scalar multiplication using CPU registers only in kernel level atomatically to prevent the secret key and intermediate data from leaking into memory. Debug registers are used to hold the private key, and kernel is patched to restrict access to debug registers. We take full advantage of the AVX and CLMUL instruction sets to speed up the implementation. When evaluating the proposed implementation on an Intel i7-2600 processor (at a frequency of 3.4 GHz), a full scalar multiplication over binary fields for key length of 163 bits only requires 129 \(\mu s\), which outperforms the unprotected implementation in the well known OpenSSL library by a factor of 78.0 %. Furthermore, our work is also flexible for typical Linux applications. To the best of our knowledge, this is the first practical ECC implementation which is resistant against memory disclosure attacks so far.


Elliptic curve cryptography Efficient implementation Memory disclosure attack Cold boot attack AVX CLMUL 



This work is supported by National High Technology Research and Development Program of China under Grant No. 2014AA123001.


  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009) Google Scholar
  2. 2.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010) Google Scholar
  3. 3.
    PUB FIPS. 186–2. digital signature standard (DSS). National Institute of Standards and Technology (NIST) (2000)Google Scholar
  4. 4.
    Garmany, B., Mller, T.: PRIME: private RSA infrastructure for memory-less encryption. In: Proceedings of the 29th Annual Computer Security Applications Conference, ACSAC 2013, pp. 149–158. ACMGoogle Scholar
  5. 5.
    Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 45–60 (2008)Google Scholar
  6. 6.
    Hankerson, D., Hernandez, J.L., Menezes, A.: Software implementation of elliptic curve cryptography over binary fields. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 1–24. Springer, Heidelberg (2000) Google Scholar
  7. 7.
    Heninger, N., Shacham, H.: Reconstructing RSA private keys from random key bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009) Google Scholar
  8. 8.
    Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 48(177), 203–209Google Scholar
  9. 9.
    López, J., Dahab, R.: Fast multiplication on elliptic curves over \(GF\)(2\(_{\rm m}\)) without precomputation. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, p. 316. Springer, Heidelberg (1999) Google Scholar
  10. 10.
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986) Google Scholar
  11. 11.
    Müller, T., Spreitzenbarth, M.: FROST. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 373–388. Springer, Heidelberg (2013) Google Scholar
  12. 12.
    Müller, T., Taubmann, B., Freiling, F.C.: TreVisor. In: Bao, F., Samarati, P., Zhou, J. (eds.) ACNS 2012. LNCS, vol. 7341, pp. 66–83. Springer, Heidelberg (2012) Google Scholar
  13. 13.
    Müller, T., Dewald, A., Freiling, F.C.: AESSE: a cold-boot resistant implementation of AES. In: Proceedings of the Third European Workshop on System Security, EUROSEC 2010, pp. 42–47. ACM, New York, NY, USA (2010)Google Scholar
  14. 14.
    Müller, T., Freiling, F.C., Dewald, A.: TRESOR runs encryption securely outside RAM. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 17. USENIX Association, Berkeley, CA, USA (2011)Google Scholar
  15. 15.
    Naor, M., Segev, G.: Public-key cryptosystems resilient to key leakage. 41(4), 772–814Google Scholar
  16. 16.
    Simmons, P.: Security through amnesia: a software-based solution to the cold boot attack on disk encryption. In: ACSAC, pp. 73–82 (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Yang Yang
    • 1
    • 2
    • 3
  • Zhi Guan
    • 1
    • 2
    • 3
    Email author
  • Zhe  Liu
    • 4
  • Zhong Chen
    • 1
    • 2
    • 3
  1. 1.Institute of Software, School of EECSPeking UniversityBeijingChina
  2. 2.MoE Key Lab of High Confidence Software Technologies (PKU) BeijingChina
  3. 3.MoE Key Lab of Network and Software Security Assurance (PKU)BeijingChina
  4. 4.Laboratory of Algorithmics, Cryptology and SecurityUniversity of LuxembourgWalferdangeLuxembourg

Personalised recommendations