报告人:范淑琴
时间:2017年9月16日下午2:00
地点:中国科学院信息工程研究所4303会议室
摘要:We give a lattice attack on the ECDSA implementation in the latest version of OpenSSL, which implement the scalar multiplication by windowed Non-Adjacent Form method. We first propose a totally different but more efficient method of extracting and utilizing information from the side-channel results, which can extract almost all information from the side-channel results, obtaining 105.8 bits of information per signature on average for 256-bit ECDSA. Then in order to make the utmost of our extracted information, we translate the problem of recovering secret key to the Extended Hidden Number Problem, which can be solved by lattice reduction algorithms. Finally, we introduce the methods of elimination, merging, most significant digit recovering and enumeration to improve the attack. Our attack is mounted to the secp256k1 curve, and the result shows that only 4 signatures would be enough to recover the secret key if the Flush+Reload attack is implemented perfectly without any error.
当前位置:首页 - 新闻动态 - 通知公告
