Cryptology ePrint Archive: Report 2019/861

A Tale of Three Signatures: practical attack of ECDSA with wNAF

Gabrielle De Micheli and Rémi Piau and Cécile Pierrot

Abstract: Attacking ECDSA with wNAF implementation for the scalar multiplication first requires some side channel analysis to collect information, then lattice based methods to recover the secret key. In this paper, we reinvestigate the construction of the lattice used in one of these methods, the Extended Hidden Number Problem (EHNP). We find the secret key with only 3 signatures, whereas best previous methods required 4 signatures at least in practice. Our attack is faster than previous attacks, in particular compared to times reported in [FWC16] and for most cases, has better probability of success. To obtain such results, we perform a detailed analysis of the parameters used in the attack and introduce a preprocessing method which reduces by a factor up to 7 the total time to recover the secret key for some parameters. We perform an error resilience analysis which has never been done before in the setup of EHNP. Our construction is still able to find the secret key with a small amount of erroneous traces, up to 2% of false digits, and 4% with a specific type of error. We also investigate Coppersmith's methods as a potential alternative to EHNP and explain why, to the best of our knowledge, EHNP goes beyond the limitations of Coppersmith's methods.

Category / Keywords: public-key cryptography / ECDSA, lattice techniques, cryptanalysis, digital signatures

Date: received 24 Jul 2019

Contact author: gabrielle de-micheli at inria fr, cecile pierrot@inria fr

Available format(s): PDF | BibTeX Citation

Version: 20190724:154816 (All versions of this report)

Short URL: ia.cr/2019/861


[ Cryptology ePrint archive ]