Paper 2008/081

Template Attacks on ECDSA

Marcel Medwed and Elisabeth Oswald

Abstract

Template attacks have been considered exclusively in the context of implementations of symmetric cryptographic algorithms on 8-bit devices. Within these scenarios, they have proven to be the most powerful attacks. This is not surprising because they assume the most powerful adversaries. In this article we investigate how template attacks can be applied to implementations of an asymmetric cryptographic algorithm on a 32-bit platform. The asymmetric cryptosystem under scrutiny is the elliptic curve digital signature algorithm (ECDSA). ECDSA is particularly suitable for 32-bit platforms. In this article we show that even SPA resistant implementations of ECDSA on a typical 32-bit platform succumb to template-based SPA attacks. The only way to secure such implementations against template-based SPA attacks is to make them resistant against DPA attacks.

Note: Report shows the practical application of template attacks to reveal ECDSA keys of an implementation on an ARM7 platform. We hope to submit an extended version of this paper soon.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
elliptic curve cryptosystempower analysistemplate attacks
Contact author(s)
Elisabeth Oswald @ bristol ac uk
History
2008-02-27: received
Short URL
https://ia.cr/2008/081
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/081,
      author = {Marcel Medwed and Elisabeth Oswald},
      title = {Template Attacks on ECDSA},
      howpublished = {Cryptology ePrint Archive, Paper 2008/081},
      year = {2008},
      note = {\url{https://eprint.iacr.org/2008/081}},
      url = {https://eprint.iacr.org/2008/081}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.