Attacks Against White-Box ECDSA and Discussion of Countermeasures - A Report on the WhibOx Contest 2021

Sven Bauer; Hermann Drexler; Maximilian Gebhardt; Dominik Klein; Friederike Laus; Johannes Mittmann

eprint.iacr.org will be offline for approximately an hour for routine maintenance at 11pm UTC on Tuesday, April 16. We lost some data between April 12 and April 14, and some authors have been notified that they need to resubmit their papers.

Paper 2022/448

Attacks Against White-Box ECDSA and Discussion of Countermeasures - A Report on the WhibOx Contest 2021

Sven Bauer

, Giesecke+Devrient Mobile Security GmbH

Hermann Drexler, Giesecke+Devrient Mobile Security GmbH

Maximilian Gebhardt, Bundesamt für Sicherheit in der Informationstechnik

Dominik Klein

, Bundesamt für Sicherheit in der Informationstechnik

Friederike Laus

, Bundesamt für Sicherheit in der Informationstechnik

Johannes Mittmann

, Bundesamt für Sicherheit in der Informationstechnik

Abstract

This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations. In particular, we provide a systematic overview of various fault attacks, to which ECDSA white-box implementations are especially susceptible. Then, we propose different mathematical countermeasures, mainly based on masking/blinding of sensitive variables, in order to prevent or at least make such attacks more difficult. We also briefly mention some typical implementational countermeasures and their challenges in the ECDSA white-box scenario. Our work has been initiated by the CHES challenge WhibOx Contest 2021, which consisted of designing and breaking white-box ECDSA implementations, so called challenges. We illustrate our results and findings by means of the submitted challenges and provide a comprehensive overview which challenge could be solved in which way. Furthermore, we analyze selected challenges in more details.

Metadata

Available format(s): PDF
Category: Public-key cryptography
Publication info: A minor revision of an IACR publication in TCHES 2022
Keywords: White-box cryptography Deterministic ECDSA Computation analysis Fault analysis Countermeasures CHES Challenge WhibOx Contest 2021
Contact author(s): sven bauer @ gi-de com
hermann drexler @ gi-de com
Maximilian Gebhardt @ bsi bund de
Dominik Klein @ bsi bund de
Friederike Laus @ bsi bund de
Johannes Mittmann @ bsi bund de
History: 2022-08-16: revised; 2022-04-12: received; See all versions
Short URL: https://ia.cr/2022/448
License: CC BY

BibTeX

@misc{cryptoeprint:2022/448,
      author = {Sven Bauer and Hermann Drexler and Maximilian Gebhardt and Dominik Klein and Friederike Laus and Johannes Mittmann},
      title = {Attacks Against White-Box ECDSA and Discussion of Countermeasures - A Report on the WhibOx Contest 2021},
      howpublished = {Cryptology ePrint Archive, Paper 2022/448},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/448}},
      url = {https://eprint.iacr.org/2022/448}
}