Cryptology ePrint Archive: Report 2016/231

Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones

Pierre Belgarric and Pierre-Alain Fouque and Gilles Macario-Rat and Mehdi Tibouchi

Abstract: In this paper, we study the side-channel resistance of the implementation of the ECDSA signature scheme in Android's standard cryptographic library. We show that, for elliptic curves over prime fields, one can recover the secret key very efficiently on smartphones using electromagnetic side-channel and well-known lattice reduction techniques. We experimentally show that elliptic curve operations (doublings and additions) can be distinguished in a multi-core CPU clocking over the giga-hertz. We then extend the standard lattice attack on ECDSA over prime fields to binary Koblitz curves. This is the first time that such an attack is described on Koblitz curves. These curves, which are also available in Bouncy Castle, allow very efficient implementations using the Frobenius operation. This leads to signal processing challenges since the number of available points are reduced. We investigate practical side-channel, showing the concrete vulnerability of such implementations. In comparison to previous works targeting smartphones, the attacks presented in the paper benefits from discernible architectural features, like specific instructions computations or memory accesses.

Category / Keywords: implementation / Side-Channel Analysis, Elliptic Curve Cryptography, Smartphones, Lattice-Based Cryptanalysis

Original Publication (with major differences): CT-RSA 2016

Date: received 1 Mar 2016

Contact author: tibouchi mehdi at lab ntt co jp

Available format(s): PDF | BibTeX Citation

Version: 20160302:171222 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]