Filters








6 Hits in 1.2 sec

Breaking Ed25519 in WolfSSL [chapter]

Niels Samwel, Lejla Batina, Guido Bertoni, Joan Daemen, Ruggero Susella
2018 Lecture Notes in Computer Science  
In particular, we break an Ed25519 implementation in WolfSSL, which is a suitable use case for IoT applications.  ...  Today Ed25519 is used in numerous security protocols, networks and both software and hardware security products e.g. OpenSSH, Tor, GnuPG etc.  ...  In this work we show that, although expensive, one should possibly retreat to randomness as we are able to break Ed25519 by using 1st order differential power analysis.  ... 
doi:10.1007/978-3-319-76953-0_1 fatcat:vpxe3i4n7jgozb4npadi5iwh7y

Online Template Attacks: Revisited

Alejandro Cabrera Aldaya, Billy Bob Brumley
2021 Transactions on Cryptographic Hardware and Embedded Systems  
We obtain similar results for mbedTLS and wolfSSL with curve secp256r1.  ...  This demonstrates that randomizing the initial targeted algorithm state does not prevent the attack as believed in previous works.We analyze three libraries libgcrypt, mbedTLS, and wolfSSL using two microarchitecture  ...  Ed25519). Generating a signature using Ed25519 involves computing a pseudorandom 512-bit nonce r and computing the scalar multiplication rG.  ... 
doi:10.46586/tches.v2021.i3.28-59 fatcat:p3v3uan37beprersu6oyuvggpi

Microarchitecture Online Template Attacks [article]

Alejandro Cabrera Aldaya, Billy Bob Brumley
2020 arXiv   pre-print
We obtain similar results for mbedTLS and wolfSSL with curve secp256r1.  ...  We analyze three libraries libgcrypt, mbedTLS, and wolfSSL using two microarchitecture side-channels. For the libgcrypt case we target its EdDSA implementation using Curve25519 twist curve.  ...  Ed25519). Generating a signature using Ed25519 involves computing a random nonce r of 512 bits and computing the scalar multiplication rG where G is the group generator point.  ... 
arXiv:2007.05337v1 fatcat:lry2o74mtbgpboescpa44zbncy

Systematic Side-Channel Analysis of Curve25519 with Machine Learning

Léo Weissbart, Łukasz Chmielewski, Stjepan Picek, Lejla Batina
2020 Journal of Hardware and Systems Security  
Most techniques considered in this work result in potent attacks, and especially the method of choice appears to be convolutional neural networks (CNNs), which can break the first implementation with only  ...  The first implementation follows the baseline implementation with complete formulae as used for EdDSA in WolfSSl, where we exploit power consumption as a side-channel.  ...  In Section 3, we added information about the new dataset (for protected implementation), and we briefly discuss the metrics we use.  ... 
doi:10.1007/s41635-020-00106-w fatcat:wmwwznqpizhkvk6wfbryoneqvm

Certified Side Channels [article]

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, Billy Bob Brumley
2020 arXiv   pre-print
We demonstrate that the format in which private keys are persisted impacts Side Channel Analysis (SCA) security.  ...  We uncover a combination of weaknesses and vulnerabilities, in extreme cases inducing completely disjoint multi-precision arithmetic stacks deep within the cryptosystem level for keys that otherwise seem  ...  Triggerflow will trace the execution of lines beginning with debug to detect break points getting hit at SCA-critical points in the code.  ... 
arXiv:1909.01785v2 fatcat:3j2dpdg2k5b3ze5cgyzoq2yzii

Analysing and improving the crypto ecosystem of Rust [article]

Philipp Keck, Universität Stuttgart, Universität Stuttgart
2017
In the medium term, an officially endorsed API could improve interoperability and foster competition.  ...  Für eine solche API und für die Verbesserung der existierenden APIs werden in der Thesis diverse Designentscheidungen und ihre Auswirkungen auf die Ben [...]  ...  While the former solution breaks backward compatibility, the latter is in conflict with Tulach's cluelessness concept.  ... 
doi:10.18419/opus-9294 fatcat:qm3ltmtwwjdoliugpd6exjg2y4