Lattice-Based Fault Attacks Against ECMQV
ECMQV is a standardized key agreement protocol based on ECC with an additional implicit signature authentication. In this paper we investigate the vulnerability of ECMQV against fault attacks and propose two efficient lattice-based fault attacks. In our attacks, by inducing a storage fault to the ECC parameter a before the execution of ECMQV, we can construct two kinds of weak curves and successfully pass the public-key validation step in the protocol. Then, by solving ECDLP and using a guess-and-determine method, some information of the victim’s temporary private key and the implicit-signature result can be deduced. Based on the retrieved information, we build two new lattice-attack models and recover the upper half of the static private key. Compared with the previous lattice-attack models, our models relax the attack conditions and do not require the exact partial knowledge of the nonces. The validity of the attacks is proven by experimental simulations, which show our attacks pose real threats to the unprotected ECMQV implementations since only one permanent fault is sufficient to retrieve half bits of the secret key.
KeywordsECC Fault attack Lattice attack ECMQV
We thank the anonymous reviewers for their careful reading and insightful comments. This work is supported by China’s National Cryptography Development Fund (No. MMJJ20170214 and No. MMJJ20170211), National Natural Science Foundation (No. 61672509) and National Science and Technology Major Project (No. 2014ZX01032401-001).
- 6.Schmidt, J., Medwed, M.: A fault attack on ECDSA. In: 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 93–99. IEEE (2009)Google Scholar
- 9.IEEE Std: 1363-2000 - IEEE standard specifications for public-key cryptography, pp. 1–228. IEEE Computer Society, August 2000Google Scholar
- 10.Alberta Teachers’ Association: Public key cryptography for the financial services industry, key agreement and key transport using elliptic curve cryptography. Speculum 81(2), 566–569 (2006)Google Scholar
- 11.Office of State Commercial Cryptgraphy Administration: Public Key Cryptographic Algorithm SM2 Based on Elliptic Curves (2010, in Chinese). http://www.oscca.gov.cn/UpFile/2010122214822692.pdf
- 23.Ajtai, M.: Generating random lattices according to the invariant distribution. Draft of March (2006)Google Scholar
- 27.Shoup, V.: Number Theory C++ Library (NTL) version 9.6.4. (2016). http://www.shoup.net/ntl/