Big Numbers - Big Troubles: Systematically Analyzing Nonce Leakage in (EC)DSA Implementations

Side-channel attacks exploiting (EC)DSA nonce leakage easily lead to full key recovery. Although (EC)DSA implementations have already been hardened against side-channel leakage using the constant-time paradigm, the long-standing cat-andmouse-game of attacks and patches continues. In particular, current code review is prone to miss less obvious side channels hidden deeply in the call stack. To solve this problem, a systematic study of nonce leakage is necessary. We present a systematic analysis of nonce leakage in cryptographic implementations. In particular, we expand DATA, an open-source side-channel analysis framework, to detect nonce leakage. Our analysis identified multiple unknown nonce leakage vulnerabilities across all essential computation steps involving nonces. Among others, we uncover inherent problems in Bignumber implementations that break claimed constant-time guarantees of (EC)DSA implementations if secrets are close to a word boundary. We found that lazy resizing of Bignumbers in OpenSSL and LibreSSL yields a highly accurate and easily exploitable side channel, which has been acknowledged with two CVEs. Surprisingly, we also found a tiny but expressive leakage in the constant-time scalar multiplication of OpenSSL and BoringSSL. Moreover, in the process of reporting and patching, we identified newly introduced leakage with the support of our tool, thus preventing another attack-patch cycle. We open-source our tool, together with an intuitive graphical user interface we developed.

[1]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[2]  Mehdi Tibouchi,et al.  GLV/GLS Decomposition, Power Analysis, and Attacks on ECDSA Signatures with Single-Bit Nonce Bias , 2014, ASIACRYPT.

[3]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[4]  Yuval Yarom,et al.  Just a Little Bit More , 2015, CT-RSA.

[5]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[6]  Billy Bob Brumley,et al.  Amplifying side channels through performance degradation , 2016, ACSAC.

[7]  Tanja Lange,et al.  Sliding Right into Disaster: Left-to-Right Sliding Windows Leak , 2017, CHES.

[8]  Michael Hutter,et al.  Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version , 2014, Journal of Cryptographic Engineering.

[9]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[10]  Cesar Pereida García,et al.  Cache-Timing Attacks on RSA Key Generation , 2019, IACR Cryptol. ePrint Arch..

[11]  Srdjan Capkun,et al.  Software Grand Exposure: SGX Cache Attacks Are Practical , 2017, WOOT.

[12]  Mengyuan Li,et al.  STACCO: Differentially Analyzing Side-Channel Traces for Detecting SSL/TLS Vulnerabilities in Secure Enclaves , 2017, CCS.

[13]  Georg Sigl,et al.  Automated Detection of Instruction Cache Leaks in Modular Exponentiation Software , 2016, CARDIS.

[14]  Xiao Liu,et al.  CacheD: Identifying Cache-Based Timing Channels in Production Software , 2017, USENIX Security Symposium.

[15]  Keegan Ryan,et al.  Return of the Hidden Number Problem. A Widespread and Novel Key Extraction Attack on ECDSA and DSA , 2019, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[16]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[17]  Cesar Pereida García,et al.  Triggerflow: Regression Testing by Advanced Execution Path Inspection , 2019, IACR Cryptol. ePrint Arch..

[18]  David Naccache,et al.  Experimenting with Faults, Lattices and the DSA , 2005, Public Key Cryptography.

[19]  Gernot Heiser,et al.  Last-Level Cache Side-Channel Attacks are Practical , 2015, 2015 IEEE Symposium on Security and Privacy.

[20]  Laurent Mauborgne,et al.  Automatic Quantification of Cache Side-Channels , 2012, CAV.

[21]  Thomas Eisenbarth,et al.  MicroWalk: A Framework for Finding Side Channels in Binaries , 2018, ACSAC.

[22]  Ingrid Verbauwhede,et al.  Dude, is my code constant time? , 2017, Design, Automation & Test in Europe Conference & Exhibition (DATE), 2017.

[23]  Martin Hlavác,et al.  Extended Hidden Number Problem and Its Cryptanalytic Applications , 2006, Selected Areas in Cryptography.

[24]  Cesar Pereida García,et al.  "Make Sure DSA Signing Exponentiations Really are Constant-Time" , 2016, CCS.

[25]  Michael Hutter,et al.  Using Bleichenbacher’s solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version , 2013, Journal of Cryptographic Engineering.

[26]  Thomas Eisenbarth,et al.  CacheQuote: Efficiently Recovering Long-term Secrets of SGX EPID via Cache Attacks , 2018, IACR Trans. Cryptogr. Hardw. Embed. Syst..

[27]  Georg Sigl,et al.  DATA - Differential Address Trace Analysis: Finding Address-based Side-Channels in Binaries , 2018, USENIX Security Symposium.

[28]  Igor E. Shparlinski,et al.  The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces , 2003, Des. Codes Cryptogr..

[29]  Simon Josefsson,et al.  Edwards-Curve Digital Signature Algorithm (EdDSA) , 2017, RFC.

[30]  Marcus Peinado,et al.  Controlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems , 2015, 2015 IEEE Symposium on Security and Privacy.

[31]  Matthijs J. Coster,et al.  Addition Chain Heuristics , 1989, CRYPTO.

[32]  Mihir Bellare,et al.  "Pseudo-Random" Number Generation Within Cryptographic Algorithms: The DDS Case , 1997, CRYPTO.

[33]  Nadia Heninger,et al.  Biased Nonce Sense: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[34]  Stefan Mangard,et al.  Malware Guard Extension: Using SGX to Conceal Cache Attacks , 2017, DIMVA.

[35]  Risto M. Hakala,et al.  Cache-Timing Template Attacks , 2009, ASIACRYPT.

[36]  Michael K. Reiter,et al.  Cross-VM side channels and their use to extract private keys , 2012, CCS.

[37]  Ross J. Anderson,et al.  What You Get is What You C: Controlling Side Effects in Mainstream C Compilers , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[38]  Jean-Charles Faugère,et al.  Attacking (EC)DSA Given Only an Implicit Hint , 2012, Selected Areas in Cryptography.

[39]  Naomi Benger,et al.  Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack , 2014, IACR Cryptol. ePrint Arch..

[40]  Dan Boneh,et al.  Rounding in lattices and its cryptographic applications , 1997, SODA '97.

[41]  Colin Percival CACHE MISSING FOR FUN AND PROFIT , 2005 .

[42]  Naomi Benger,et al.  "Ooh Aah... Just a Little Bit" : A Small Amount of Side Channel Can Go a Long Way , 2014, CHES.

[43]  Wenbo Wang,et al.  Attacking OpenSSL Implementation of ECDSA with a Few Signatures , 2016, CCS.

[44]  Yuval Yarom,et al.  FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack , 2014, USENIX Security Symposium.

[45]  Nigel P. Smart,et al.  Lattice Attacks on Digital Signature Schemes , 2001, Des. Codes Cryptogr..

[46]  Samuel Weiser,et al.  Single Trace Attack Against RSA Key Generation in Intel SGX SSL , 2018, AsiaCCS.

[47]  David Wong,et al.  Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really? , 2015, IACR Cryptol. ePrint Arch..

[48]  Thomas Pornin Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) , 2013, RFC.

[49]  Danfeng Zhang,et al.  Identifying Cache-Based Side Channels through Secret-Augmented Abstract Interpretation , 2019, USENIX Security Symposium.

[50]  Adi Shamir,et al.  Efficient Cache Attacks on AES, and Countermeasures , 2010, Journal of Cryptology.

[51]  Yuval Yarom,et al.  CacheBleed: a timing attack on OpenSSL constant-time RSA , 2016, Journal of Cryptographic Engineering.

[52]  Billy Bob Brumley,et al.  Remote Timing Attacks Are Still Practical , 2011, ESORICS.

[53]  Frank Piessens,et al.  SGX-Step: A Practical Attack Framework for Precise Enclave Execution Control , 2017, SysTEX@SOSP.

[54]  Igor E. Shparlinski,et al.  The Insecurity of the Digital Signature Algorithm with Partially Known Nonces , 2002, Journal of Cryptology.

[55]  Cesar Pereida García,et al.  Constant-Time Callees with Variable-Time Callers , 2017, USENIX Security Symposium.

[56]  Dan Boneh,et al.  Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes , 1996, CRYPTO.