Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Distinguishing Exponent Digits by Observing Modular Subtractions
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Hardness of Computing the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Montgomery Exponentiation with no Final Subtractions: Improved Results
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces
Designs, Codes and Cryptography
Attacking ECDSA-Enabled RFID Devices
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Exponent Recoding and Regular Exponentiation Algorithms
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
Experimenting with faults, lattices and the DSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
BKZ 2.0: better lattice security estimates
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Solving BDD by enumeration: an update
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
In this paper we describe an attack against nonce leaks in 384-bit ECDSA using an FFT-based attack due to Bleichenbacher. The signatures were computed by a modern smart card. We extracted the low-order bits of each nonce using a template-based power analysis attack against the modular inversion of the nonce. We also developed a BKZ-based method for the range reduction phase of the attack, as it was impractical to collect enough signatures for the collision searches originally used by Bleichenbacher. We confirmed our attack by extracting the entire signing key using a 5-bit nonce leak from 4000 signatures.