When Constant-time Source Yields Variable-time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Serge Vaudenay
2016
Conference paper

Abstract

The elliptic curve Curve25519 has been presented as pro- tected against state-of-the-art timing attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implemen- tation which follows the RFC 7748 requirements [11]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execu- tion and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.

Official source

https://infoscience.epfl.ch/record/223794?ln=en

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

When Constant-time Source Yields Variable-time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Side-channel analysis of isogeny-based key encapsulation mechanisms and hash-based digital signatures

Secure and Efficient Cryptographic Algorithms in a Quantum World

New SIDH Countermeasures for a More Efficient Key Exchange

Secure and Efficient Cryptographic Algorithms in a Quantum World

Side-channel analysis of isogeny-based key encapsulation mechanisms and hash-based digital signatures

New SIDH Countermeasures for a More Efficient Key Exchange