Using Bleichenbacher's solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA: extended version

Elke De Mulder, Michael Hutter, Mark E. Marson, Peter Pearson
2014 Journal of Cryptographic Engineering  
In this paper we describe an attack against nonce leaks in 384-bit ECDSA using an FFT-based attack due to Bleichenbacher. The signatures were computed by a modern smart card. We extracted the loworder bits of each nonce using a template-based power analysis attack against the modular inversion of the nonce. We also developed a BKZ-based method for the range reduction phase of the attack, as it was impractical to collect enough signatures for the collision searches originally used by
more » ... er. We confirmed our attack by extracting the entire signing key using a 5-bit nonce leak from 4 000 signatures.
doi:10.1007/s13389-014-0072-z fatcat:tsxqox2iajagbptnzfivike2t4