Paper 2018/651

Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Nicola Tuveri, Sohaib ul Hassan, Cesar Pereida García, and Billy Brumley

Abstract

SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

Note: Revised with the final version published as open access in the proceedings.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. 2018 Annual Computer Security Applications Conference (ACSAC ’18), December 3–7, 2018, San Juan, PR, USA. ACM, New York, NY, USA, 14 pages
DOI
10.1145/3274694.3274725
Keywords
applied cryptographypublic-key cryptographyside-channel analysistiming attackscache-timing attackspower analysisTVLASM2OpenSSLapplied cryptographycryptanalysis
Contact author(s)
nicola tuveri @ tut fi
History
2018-12-21: revised
2018-07-06: received
See all versions
Short URL
https://ia.cr/2018/651
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/651,
      author = {Nicola Tuveri and Sohaib ul Hassan and Cesar Pereida García and Billy Brumley},
      title = {Side-Channel Analysis of {SM2}: A Late-Stage Featurization Case Study},
      howpublished = {Cryptology {ePrint} Archive, Paper 2018/651},
      year = {2018},
      doi = {10.1145/3274694.3274725},
      url = {https://eprint.iacr.org/2018/651}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.