Paper 2020/432
From A to Z: Projective coordinates leakage in the wild
Alejandro Cabrera Aldaya, Cesar Pereida García, and Billy Bob Brumley
Abstract
At EUROCRYPT 2004, Naccache et al. showed that the projective coordinates representation of the resulting point of an elliptic curve scalar multiplication potentially allows to recover some bits of the scalar. However, this attack has received little attention by the scientific community, and the status of deployed mitigations to prevent it in widely adopted cryptography libraries is unknown. In this paper, we aim to fill this gap, by analyzing several cryptography libraries in this context. To demonstrate the applicability of the attack, we use a side-channel attack to exploit this vulnerability within libgcrypt in the context of ECDSA. To the best of our knowledge, this is the first practical attack instance. It targets the insecure binary extended Euclidean algorithm implementation using a microarchitectural side-channel attack that allows recovering the projective representation of the output point of scalar multiplication during ECDSA signature generation. We captured 100k traces to estimate the number of traces an attacker would need to compromise the libgcrypt ECDSA implementation, resulting in less than 2k for commonly used elliptic curve secp256r1, demonstrating the attack feasibility. During exploitation, we found two additional vulnerabilities. However, we remark the purpose of this paper is not merely exploiting a library but about providing an analysis on the projective coordinates vulnerability status in widely deployed open-source libraries, filling a gap between its original description in the academic literature and the adoption of countermeasures to thwart it in real-world applications.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Published by the IACR in TCHES 2020
- Keywords
- applied cryptographyprojective coordinates leakopen source librariesside-channel analysisECDSAmodular inversionbinary GCDlibgcryptCVE-2020-10932CVE-2020-11735
- Contact author(s)
- aldaya @ gmail com
- History
- 2020-04-15: received
- Short URL
- https://ia.cr/2020/432
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/432, author = {Alejandro Cabrera Aldaya and Cesar Pereida García and Billy Bob Brumley}, title = {From A to Z: Projective coordinates leakage in the wild}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/432}, year = {2020}, url = {https://eprint.iacr.org/2020/432} }