English  简体中文
搜索   
首页 中心概况 新闻动态 科研成果 研究队伍 技术园地 公共信息 联系我们

学术报告-对OpenSSL中ECDSA实现的格攻击


2017-09-12        撰稿人: 李杰


报告人:范淑琴

时间:2017916日下午2:00

地点:中国科学院信息工程研究所4303会议室

摘要:We give a lattice attack on the ECDSA implementation in the latest version of OpenSSL, which implement the scalar multiplication by windowed Non-Adjacent Form method. We first propose a totally different but more efficient method of extracting and utilizing information from the side-channel results, which can extract almost all information from the side-channel results, obtaining 105.8 bits of information per signature on average for 256-bit ECDSA. Then in order to make the utmost of our extracted information, we translate the problem of recovering secret key to the Extended Hidden Number Problem, which can be solved by lattice reduction algorithms. Finally, we introduce the methods of elimination, merging, most significant digit recovering and enumeration to improve the attack. Our attack is mounted to the secp256k1 curve, and the result shows that only 4 signatures would be enough to recover the secret key if the Flush+Reload attack is implemented perfectly without any error.


评论人:          
lois.local\

中国科学院DCS中心版权所有
地址:北京市海淀区闵庄路甲89号 4号楼
联系电话:010-82546536 010-82546537
京ICP备05046059号