'Ooh Aah... Just a Little Bit': A Small Amount of Side Channel Can Go a Long Way

Naomi Benger, Joop van de Pol, Nigel P Smart, Yuval Yarom

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

130 Citations (Scopus)

Abstract

We apply the Flush+Reload side-channel attack based on cache hits/misses to extract a small amount of data from OpenSSL ECDSA signature requests. We then apply a “standard” lattice technique to extract the private key, but unlike previous attacks we are able to make use of the side-channel information from almost all of the observed executions. This means we obtain private key recovery by observing a relatively small number of executions, and by expending a relatively small amount of post-processing via lattice reduction. We demonstrate our analysis via experiments using the curve secp256k1 used in the Bitcoin protocol. In particular we show that with as little as 200 signatures we are able to achieve a reasonable level of success in recovering the secret key for a 256-bit curve. This is significantly better than prior methods of applying lattice reduction techniques to similar side channel information.
Original languageEnglish
Title of host publicationCryptographic Hardware and Embedded Systems - CHES 2014
EditorsLejla Batina, Matthew Robshaw
PublisherSpringer Verlag
Pages75-92
Number of pages18
Volume8731
ISBN (Electronic)9783662447093
ISBN (Print)9783662447086
DOIs
Publication statusPublished - 23 Sept 2014

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
Volume8731
ISSN (Print)0302-9743
ISSN (Electronic)0302-9743

Fingerprint

Dive into the research topics of ''Ooh Aah... Just a Little Bit': A Small Amount of Side Channel Can Go a Long Way'. Together they form a unique fingerprint.
  • COED - Computing on Encrypted Data

    Smart, N. P. (Principal Investigator)

    1/10/1130/09/15

    Project: Research

Cite this