Attacks Against White-Box ECDSA and Discussion of Countermeasures
This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations. In particular, we provide a systematic overview of various fault attacks, to which ECDSA white-box implementations are especially...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Ruhr-Universität Bochum
2022-08-01
|
| Series: | Transactions on Cryptographic Hardware and Embedded Systems |
| Subjects: | |
| Online Access: | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9812 |
| _version_ | 1797690060580061184 |
|---|---|
| author | Sven Bauer Hermann Drexler Max Gebhardt Dominik Klein Friederike Laus Johannes Mittmann |
| author_facet | Sven Bauer Hermann Drexler Max Gebhardt Dominik Klein Friederike Laus Johannes Mittmann |
| author_sort | Sven Bauer |
| collection | DOAJ |
| description |
This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations. In particular, we provide a systematic overview of various fault attacks, to which ECDSA white-box implementations are especially susceptible. Then, we propose different mathematical countermeasures, mainly based on masking/blinding of sensitive variables, in order to prevent or at least make such attacks more difficult. We also briefly mention some typical implementational countermeasures and their challenges in the ECDSA white-box scenario. Our work has been initiated by the CHES challenge WhibOx Contest 2021, which consisted of designing and breaking white-box ECDSA implementations, so called challenges. We illustrate our results and findings by means of the submitted challenges and provide a comprehensive overview which challenge could be solved in which way. Furthermore, we analyze selected challenges in more details.
|
| first_indexed | 2024-03-12T01:54:06Z |
| format | Article |
| id | doaj.art-4cef4fc175cc4be394aed1474886d8cb |
| institution | Directory Open Access Journal |
| issn | 2569-2925 |
| language | English |
| last_indexed | 2024-03-12T01:54:06Z |
| publishDate | 2022-08-01 |
| publisher | Ruhr-Universität Bochum |
| record_format | Article |
| series | Transactions on Cryptographic Hardware and Embedded Systems |
| spelling | doaj.art-4cef4fc175cc4be394aed1474886d8cb2023-09-08T07:01:12ZengRuhr-Universität BochumTransactions on Cryptographic Hardware and Embedded Systems2569-29252022-08-012022410.46586/tches.v2022.i4.25-55Attacks Against White-Box ECDSA and Discussion of CountermeasuresSven Bauer0Hermann Drexler1Max Gebhardt2Dominik Klein3Friederike Laus4Johannes Mittmann5Giesecke+Devrient Mobile Security GmbH, Munich, GermanyGiesecke+Devrient Mobile Security GmbH, Munich, GermanyBundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, GermanyBundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, GermanyBundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, GermanyBundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations. In particular, we provide a systematic overview of various fault attacks, to which ECDSA white-box implementations are especially susceptible. Then, we propose different mathematical countermeasures, mainly based on masking/blinding of sensitive variables, in order to prevent or at least make such attacks more difficult. We also briefly mention some typical implementational countermeasures and their challenges in the ECDSA white-box scenario. Our work has been initiated by the CHES challenge WhibOx Contest 2021, which consisted of designing and breaking white-box ECDSA implementations, so called challenges. We illustrate our results and findings by means of the submitted challenges and provide a comprehensive overview which challenge could be solved in which way. Furthermore, we analyze selected challenges in more details. https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9812White-box cryptographyDeterministic ECDSAComputation analysisFault analysisCountermeasuresCHES Challenge |
| spellingShingle | Sven Bauer Hermann Drexler Max Gebhardt Dominik Klein Friederike Laus Johannes Mittmann Attacks Against White-Box ECDSA and Discussion of Countermeasures Transactions on Cryptographic Hardware and Embedded Systems White-box cryptography Deterministic ECDSA Computation analysis Fault analysis Countermeasures CHES Challenge |
| title | Attacks Against White-Box ECDSA and Discussion of Countermeasures |
| title_full | Attacks Against White-Box ECDSA and Discussion of Countermeasures |
| title_fullStr | Attacks Against White-Box ECDSA and Discussion of Countermeasures |
| title_full_unstemmed | Attacks Against White-Box ECDSA and Discussion of Countermeasures |
| title_short | Attacks Against White-Box ECDSA and Discussion of Countermeasures |
| title_sort | attacks against white box ecdsa and discussion of countermeasures |
| topic | White-box cryptography Deterministic ECDSA Computation analysis Fault analysis Countermeasures CHES Challenge |
| url | https://ojs-dev.ub.rub.de/index.php/TCHES/article/view/9812 |
| work_keys_str_mv | AT svenbauer attacksagainstwhiteboxecdsaanddiscussionofcountermeasures AT hermanndrexler attacksagainstwhiteboxecdsaanddiscussionofcountermeasures AT maxgebhardt attacksagainstwhiteboxecdsaanddiscussionofcountermeasures AT dominikklein attacksagainstwhiteboxecdsaanddiscussionofcountermeasures AT friederikelaus attacksagainstwhiteboxecdsaanddiscussionofcountermeasures AT johannesmittmann attacksagainstwhiteboxecdsaanddiscussionofcountermeasures |