### Ooh Aah... Just a Little Bit'' : A small amount of side channel can go a long way

Naomi Benger, Joop van de Pol, Nigel P. Smart, and Yuval Yarom

##### Abstract

We apply the Flush-Reload side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a standard'' lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is significantly better than prior methods of applying lattice reduction techqniques to similar side channel information.

Available format(s)
Category
Implementation
Publication info
A minor revision of an IACR publication in CHES 2014
Contact author(s)
mail for minnie @ gmail com
yval @ cs adelaide edu au
joop vandepol @ bristol ac uk
nigel @ cs bris ac uk
History
2014-06-02: last of 2 revisions
See all versions
Short URL
https://ia.cr/2014/161

CC BY

BibTeX

@misc{cryptoeprint:2014/161,
author = {Naomi Benger and Joop van de Pol and Nigel P.  Smart and Yuval Yarom},
title = {Ooh Aah... Just a Little Bit'' : A small amount of side channel can go  a long way},
howpublished = {Cryptology ePrint Archive, Paper 2014/161},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/161}},
url = {https://eprint.iacr.org/2014/161}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.