Paper 2022/1669
Jolt: Recovering TLS Signing Keys via Rowhammer Faults
Abstract
Digital Signature Schemes such as DSA, ECDSA, and RSA are widely deployed to protect the integrity of security protocols such as TLS, SSH, and IPSec. In TLS, for instance, RSA and (EC)DSA are used to sign the state of the agreed upon protocol parameters during the handshake phase. Naturally, RSA and (EC)DSA implementations have become the target of numerous attacks, including powerful side-channel attacks. Hence, cryptographic libraries were patched repeatedly over the years.
Here we introduce Jolt, a novel attack targeting signature scheme implementations. Our attack exploits faulty signatures gained by injecting faults during signature generation. By using the signature verification primitive, we correct faulty signatures and, in the process deduce bits of the secret signing key. Compared to recent attacks that exploit single bit biases in the nonce that require
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Published elsewhere. IEEE Symposium on Security and Privacy 2023
- Keywords
- TLS attacksignature correction attackRowhammer attackfault attacksmicroarchitectural attacks
- Contact author(s)
-
kmus @ wpi edu
ydoroz @ wpi edu
mtol @ wpi edu
krahman @ wpi edu
sunar @ wpi edu - History
- 2023-04-13: revised
- 2022-11-30: received
- See all versions
- Short URL
- https://ia.cr/2022/1669
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1669, author = {Koksal Mus and Yarkın Doröz and M. Caner Tol and Kristi Rahman and Berk Sunar}, title = {Jolt: Recovering {TLS} Signing Keys via Rowhammer Faults}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1669}, year = {2022}, url = {https://eprint.iacr.org/2022/1669} }