Publication

When Constant-time Source Yields Variable-time Binary: Exploiting Curve25519-donna Built with MSVC 2015

Serge Vaudenay
2016
Conference paper
Abstract

The elliptic curve Curve25519 has been presented as pro- tected against state-of-the-art timing attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implemen- tation which follows the RFC 7748 requirements [11]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execu- tion and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.

About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.