Minerva: The curse of ECDSA nonces

We present our discovery of a group of side-channel vulnerabilities in implementations of the ECDSA signature algorithm in a widely used Atmel AT90SC FIPS 140-2 certified smartcard chip and five cryptographic libraries (libgcrypt, wolfSSL, MatrixSSL, SunEC/OpenJDK/Oracle JDK, Crypto++). Vulnerable implementations leak the bit-length of the scalar used in scalar multiplication via timing. Using leaked bit-length, we mount a lattice attack on a 256-bit curve, after observing enough signing operations. We propose two new methods to recover the full private key requiring just 500 signatures for simulated leakage data, 1200 for real cryptographic library data, and 2100 for smartcard data. The number of signatures needed for a successful attack depends on the chosen method and its parameters as well as on the noise profile, influenced by the type of leakage and used computation platform. We use the set of vulnerabilities reported in this paper, together with the recently published TPM-FAIL vulnerability [MSE+20] as a basis for real-world benchmark datasets to systematically compare our newly proposed methods and all previously published applicable lattice-based key recovery methods. The resulting exhaustive comparison highlights the methods’ sensitivity to its proper parametrization and demonstrates that our methods are more efficient in most cases. For the TPM-FAIL dataset, we decreased the number of required signatures from approximately 40 000 to mere 900.

[1]  Michael Hutter,et al.  Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version , 2013, Journal of Cryptographic Engineering.

[2]  Thomas Pornin Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) , 2013, RFC.

[3]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[4]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[5]  Tsuyoshi Takagi,et al.  Improved Progressive BKZ Algorithms and Their Precise Cost Estimation by Sharp Simulator , 2016, EUROCRYPT.

[6]  Keegan Ryan,et al.  Return of the Hidden Number Problem. A Widespread and Novel Key Extraction Attack on ECDSA and DSA , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[7]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[9]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[10]  Yuval Yarom,et al.  Just a Little Bit More , 2015, CT-RSA.

[11]  Jiazhe Chen,et al.  Partially Known Nonces and Fault Injection Attacks on SM2 Signature Algorithm , 2013, Inscrypt.

[12]  Nadia Heninger,et al.  Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[13]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[14]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.

[15]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[16]  Yuval Yarom,et al.  ECDSA Key Extraction from Mobile Devices via Nonintrusive Physical Side Channels , 2016, IACR Cryptol. ePrint Arch..

[17]  David Schrammel,et al.  Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations , 2020, USENIX Security Symposium.

[18]  Ruggero Susella,et al.  A Compact and Exception-Free Ladder for All Short Weierstrass Elliptic Curves , 2016, CARDIS.

[19]  Keegan Ryan,et al.  Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm's TrustZone , 2019, CCS.

[20]  Jean-Charles Faugère,et al.  Attacking (EC)DSA Given Only an Implicit Hint , 2012, Selected Areas in Cryptography.

[21]  Naomi Benger,et al.  "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.

[22]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[23]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[24]  Mehdi Tibouchi,et al.  Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones , 2016, CT-RSA.

[25]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[26]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[27]  Matthieu Rivain,et al.  Lattice Attacks Against Elliptic-Curve Signatures with Blinded Scalar Multiplication , 2016, SAC.

[28]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[29]  Thomas Eisenbarth,et al.  TPM-FAIL: TPM meets Timing and Lattice Attacks , 2019, USENIX Security Symposium.

[30]  Wenbo Wang,et al.  Attacking OpenSSL Implementation of ECDSA with a Few Signatures , 2016, CCS.

[31]  Martin R. Albrecht,et al.  The General Sieve Kernel and New Records in Lattice Reduction , 2019, IACR Cryptol. ePrint Arch..

[32]  Cesar Pereida García,et al.  Port Contention for Fun and Profit , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[33]  David Naccache,et al.  A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards , 2013, Journal of Cryptographic Engineering.

[34]  Martin Hlavác,et al.  Extended Hidden Number Problem and Its Cryptanalytic Applications , 2006, Selected Areas in Cryptography.

[35]  Thomas Eisenbarth,et al.  CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[36]  Mehdi Tibouchi,et al.  GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias , 2014, ASIACRYPT.

[37]  Craig Costello,et al.  Complete Addition Formulas for Prime Order Elliptic Curves , 2016, EUROCRYPT.