Paper 2015/839

Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?

David Wong


In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSL’s ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babai’s procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.

Available format(s)
Publication info
Preprint. MINOR revision.
DSAECDSATiming AttacksRemote Side-Channel AttacksOpenSSLHowgrave-Graham and SmartB.B.Brumley and N.TuveriHidden Number ProblemLatticesSVPCVPBabaiLLLBKZEmbedding StrategyShort Nonces.
Contact author(s)
moi @ davidwong fr
2015-08-31: received
Short URL
Creative Commons Attribution


      author = {David Wong},
      title = {Timing and Lattice Attacks on a Remote ECDSA OpenSSL Server: How Practical Are They Really?},
      howpublished = {Cryptology ePrint Archive, Paper 2015/839},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.