Paper 2015/1169

Strength in Numbers: Threshold ECDSA to Protect Keys in the Cloud

Marc Green and Thomas Eisenbarth

Abstract

Side-channel attacks utilize information leakage in the implementation of an otherwise secure cryptographic algorithm to extract secret information. For example, adversaries can extract the secret key used in a cryptographic algorithm by observing cache-timing data. Threshold cryptography enables the division of private keys into shares, distributed among several nodes; the knowledge of a subset of shares does not leak information about the private key, thereby defending against memory disclosure and side-channel attacks. This work shows that applying threshold cryptography to ECDSA—the elliptic curve variant of DSA—yields a fully distributive signature protocol that does not feature a single point of failure. Our security analysis shows that Threshold ECDSA protects against a wide range of side-channel attacks, including cache attacks, and counteracts memory disclosure attacks. We further provide the first performance analysis of Threshold ECDSA, and provide a proof of concept of the protocol in practice.

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Threshold CryptographyElliptic Curve CryptographyECDSASSLTLSSide-channel AttacksCloud Computing
Contact author(s)
marcgreen @ wpi edu
History
2015-12-05: received
Short URL
https://ia.cr/2015/1169
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/1169,
      author = {Marc Green and Thomas Eisenbarth},
      title = {Strength in Numbers: Threshold {ECDSA} to Protect Keys in the Cloud},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/1169},
      year = {2015},
      url = {https://eprint.iacr.org/2015/1169}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.