International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Seokhie Hong

Publications

Year
Venue
Title
2021
TCHES
Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries 📺
In this paper, we propose a novel key recovery attack against secure ECDSA signature generation employing regular table-based scalar multiplication. Our attack exploits novel leakage, denoted by collision information, which can be constructed by iteratively determining whether two entries loaded from the table are the same or not through side-channel collision analysis. Without knowing the actual value of the table entries, an adversary can recover the private key of ECDSA by finding the condition for which several nonces are linearly dependent by exploiting only the collision information. We show that this condition can be satisfied practically with a reasonable number of digital signatures and corresponding traces. Furthermore, we also show that all entries in the pre-computation table can be recovered using the recovered private key and a sufficient number of digital signatures based on the collision information. As case studies, we find that fixed-base comb and T_SM scalar multiplication are vulnerable to our attack. Finally, we verify that our attack is a real threat by conducting an experiment with power consumption traces acquired during T_SM scalar multiplication operations on an ARM Cortex-M based microcontroller. We also provide the details for validation process.
2019
ASIACRYPT
Optimized Method for Computing Odd-Degree Isogenies on Edwards Curves
In this paper, we present an efficient method to compute arbitrary odd-degree isogenies on Edwards curves. By using the w-coordinate, we optimized the isogeny formula on Edwards curves by Moody and Shumow. We demonstrate that Edwards curves have an additional benefit when recovering the coefficient of the image curve during isogeny computation. For $$\ell $$-degree isogeny where $$\ell =2s+1$$, our isogeny formula on Edwards curves outperforms Montgomery curves when $$s \ge 2$$. To better represent the performance improvements when w-coordinate is used, we implement CSIDH using our isogeny formula. Our implementation is about 20% faster than the previous implementation. The result of our work opens the door for the usage of Edwards curves in isogeny-based cryptography, especially for CSIDH which requires higher degree isogenies.
2011
CHES
2010
FSE
2008
FSE
2007
FSE
2006
CHES
2006
FSE
2006
JOFC
2005
FSE
2004
FSE
2002
ASIACRYPT
2001
ASIACRYPT
2000
ASIACRYPT
2000
FSE

Program Committees

Asiacrypt 2019
FSE 2010 (Program chair)
FSE 2007