On the Applicability of a Cache Side-Channel Attack on ECDSA Signatures: The Flush+Reload attack on the point multiplication in ECDSA signature generation process
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Student thesis
Abstract [en]
Context. Digital counterparts of handwritten signatures are known as Digital Signatures. The Elliptic Curve Digital Signature Algorithm (ECDSA) is an Elliptic Curve Cryptography (ECC) primitive, which is used for generating and verifying digital signatures. The attacks that target an implementation of a cryptosystem are known as side-channel attacks. The Flush+Reload attack is a cache side-channel attack that relies on cache hits/misses to recover secret information from the target program execution. In elliptic curve cryptosystems, side-channel attacks are particularly targeted towards the point multiplication step. The Gallant-Lambert-Vanstone (GLV) method for point multiplication is a special method that speeds up the computation for elliptic curves with certain properties.
Objectives. In this study, we investigate the applicability of the Flush+Reload attack on ECDSA signatures that employ the GLV method to protect point multiplication.
Methods. We demonstrate the attack through an experiment using the curve secp256k1. We perform a pair of experiments to estimate both the applicability and the detection rate of the attack in capturing side-channel information.
Results. Through our attack, we capture side-channel information about the decomposed GLV scalars.
Conclusions. Based on an analysis of the results, we conclude that for certain implementation choices, the Flush+Reload attack is applicable on ECDSA signature generation process that employs the GLV method. The practitioner should be aware of the implementation choices which introduce vulnerabilities, and avoid the usage of such ECDSA implementations.
Place, publisher, year, edition, pages
2015. , p. 75
Keywords [en]
Digital signatures, Elliptic curve cryptography, GLV method, Side-channel attack
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:bth-10820OAI: oai:DiVA.org:bth-10820DiVA, id: diva2:861503
Subject / course
DV2566 Master's Thesis (120 credits) in Computer Science
Educational program
DVAXA Master of Science Programme in Computer Science
Presentation
2015-09-21, J1620, Blekinge Tekniska Högskola, Valhallavägen, 371 41, Sweden, Karlskrona, 13:00 (English)
Supervisors
Examiners
2015-10-222015-10-162015-10-22Bibliographically approved