Just a Little Bit More

Joop van de Pol, Nigel P Smart, Yuval Yarom

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

38 Citations (Scopus)


We extend the Flush+Reload side-channel attack of Benger et al. to extract a significantly larger number of bits of information per observed signature when using OpenSSL. This means that by observing only 25 signatures, we can recover secret keys of the secp256k1 curve, used in the Bitcoin protocol, with a probability greater than 50 percent. This is an order of magnitude improvement over the previously best known result.

The new method of attack exploits two points: Unlike previous partial disclosure attacks we utilize all information obtained and not just that in the least significant or most significant bits, this is enabled by a property of the “standard” curves choice of group order which enables extra bits of information to be extracted. Furthermore, whereas previous works require direct information on ephemeral key bits, our attack utilizes the indirect information from the wNAF double and add chain.
Original languageEnglish
Title of host publicationTopics in Cryptology - CT-RSA 2015
EditorsKaisa Nyberg
PublisherSpringer International Publishing AG
ISBN (Electronic)978-3-319-16715-2
ISBN (Print)978-3-319-16714-5
Publication statusPublished - 20 Apr 2015

Publication series

NameLecture Notes in Computer Science
PublisherSpringer International Publishing
ISSN (Print)0302-9743
ISSN (Electronic)0302-9743

Fingerprint Dive into the research topics of 'Just a Little Bit More'. Together they form a unique fingerprint.

Cite this