Paper 2021/516

A new weak curve fault attack on ECIES: embedded point validation is not enough during decryption

Weiqiong Cao, Hongsong Shi, Hua Chen, Wei Xi, and Yuhang Wang

Abstract

ECIES has been widely used in many cryptographic devices and systems to ensure the confidentiality of communication data. Hence, researching its security of implementation is essential. It is generally considered that the embedded point validation towards the input point $Q$ during decryption is enough to resist most of the existing fault attacks and small subgroup attacks. Even many open source algorithm libraries (e.g., OpenSSL and BouncyCastle) only employ the embedded point validation to resist fault attack. However, the proposed weak curve fault attack in this paper can break this situation because it can successfully pass the embedded point validation and the validation of the scalar multiplication about the input point $Q$ and cofactor $h$(i.e., $hQ \ne \mathcal{O}$). Moreover, the proposed attack does not require that the instances of ECDLP on the weak curve derived by fault injection is computationally practical which could increase the availability of fault injection. The simulations demonstrate the feasibility of our attack. Finally, we also investigate the implementations of $14$ open source algorithm libraries, and there are $10$ algorithm libraries which can not block our attack. Hence, we also give some suggestions about countermeasures.

Metadata
Available format(s)
-- withdrawn --
Category
Public-key cryptography
Publication info
Published elsewhere. Minor revision. 2021 International Conference on Block Chain Technology and Information Security
Keywords
ECIESWeak Curve AttackFault AttackSmall Subgroup Attack
Contact author(s)
caoweqion @ 163 com
History
2022-03-21: withdrawn
2021-04-23: received
See all versions
Short URL
https://ia.cr/2021/516
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.