Cryptology ePrint Archive: Report 2015/839
Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?
Abstract: In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSLís ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babaiís procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.
Category / Keywords: DSA, ECDSA, Timing Attacks, Remote Side-Channel Attacks, OpenSSL, Howgrave-Graham and Smart, B.B.Brumley and N.Tuveri, Hidden Number Problem, Lattices, SVP, CVP, Babai, LLL, BKZ, Embedding Strategy, Short Nonces.
Date: received 30 Aug 2015
Contact author: moi at davidwong fr
Available format(s): PDF | BibTeX Citation
Version: 20150831:152412 (All versions of this report)
Short URL: ia.cr/2015/839
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]