When Constant-Time Source Yields Variable-Time Binary: Exploiting Curve25519-donna Built with MSVC 2015
نویسندگان
چکیده
The elliptic curve Curve25519 has been presented as protected against state-of-the-art timing-attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implementation which follows the RFC 4 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execution and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.
منابع مشابه
Full-Size High-Security ECC Implementation on MSP430 Microcontrollers
In the era of the Internet of Things, smart electronic devices facilitate processes in our everyday lives. Texas Instrument's MSP430 microcontrollers target low-power applications, among which are wireless sensor, metering and medical applications. Those domains have in common that sensitive data is processed, which calls for strong security primitives to be implemented on those devices. Curve2...
متن کاملEfficient implementation of low time complexity and pipelined bit-parallel polynomial basis multiplier over binary finite fields
This paper presents two efficient implementations of fast and pipelined bit-parallel polynomial basis multipliers over GF (2m) by irreducible pentanomials and trinomials. The architecture of the first multiplier is based on a parallel and independent computation of powers of the polynomial variable. In the second structure only even powers of the polynomial variable are used. The par...
متن کاملEstimating the Change Point of Binary Profiles with a Linear Trend Disturbance (Quality Engineering Conference Paper)
Identification of a real time of a change in a process, when an out-of-control signal is present is significant. This may reduce costs of defective products as well as the time of exploring and fixing the cause of defects. Another popular topic in the Statistical Process Control (SPC) is profile monitoring, where knowing the distribution of one or more quality characteristics may not be appropr...
متن کاملCoding with Temporal Layers or Multiple Descriptions for Lossy Video Transmission
In this paper, we compare temporal layered coding (TLC), as well as single-state coding (SSC), to multi-state video coding (MSVC) in the context of lossy video communications. MSVC is a MDC scheme where the video is coded into multiple independently decodable streams each with its own prediction process and state. The performance of these three coding schemes are analyzed at different loss rate...
متن کاملHigh-speed Curve25519 on 8-bit, 16-bit, and 32-bit microcontrollers
This paper presents new speed records for 128-bit secure elliptic-curve Diffie-Hellman key-exchange software on three different popular microcontroller architectures. We consider a 255-bit curve proposed by Bernstein known as Curve25519, which has also been adopted by the IETF. We optimize the X25519 key-exchange protocol proposed by Bernstein in 2006 for AVR ATmega 8-bit microcontrollers, MSP4...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016