Cryptology ePrint Archive: Report 2015/839

Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?

David Wong

Abstract: In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSLís ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babaiís procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.

Category / Keywords: DSA, ECDSA, Timing Attacks, Remote Side-Channel Attacks, OpenSSL, Howgrave-Graham and Smart, B.B.Brumley and N.Tuveri, Hidden Number Problem, Lattices, SVP, CVP, Babai, LLL, BKZ, Embedding Strategy, Short Nonces.

Date: received 30 Aug 2015

Contact author: moi at davidwong fr

Available format(s): PDF | BibTeX Citation

Version: 20150831:152412 (All versions of this report)

Short URL: ia.cr/2015/839

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]