“Ooh Aah…, Just a Little Bit”: a small amount of side channel can go a long way
Files
(Restricted Access)
Date
2014
Authors
Benger, N.
van de Pol, J.
Smart, N.
Yarom, Y.
Editors
Batina, L.
Robshaw, M.
Robshaw, M.
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014 / Batina, L., Robshaw, M. (ed./s), vol.8731, pp.75-92
Statement of Responsibility
Naomi Benger, Joop van de Pol, Nigel P. Smart, and Yuval Yarom
Conference Name
16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES) (23 Sep 2014 - 26 Sep 2014 : Busan, South Korea)
Abstract
We apply the FLUSH+RELOAD side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a “standard” lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is significantly better than prior methods of applying lattice reduction techniques to similar side channel information.
School/Discipline
Dissertation Note
Provenance
Description
Lecture Notes in Computer Science, vol. 8731
Access Status
Rights
© International Association for Cryptologic Research 2014