Loading...
conference paper
When Constant-time Source Yields Variable-time Binary: Exploiting Curve25519-donna Built with MSVC 2015
2016
Cryptology And Network Security, Cans 2016
The elliptic curve Curve25519 has been presented as pro- tected against state-of-the-art timing attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implemen- tation which follows the RFC 7748 requirements [11]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execu- tion and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.
Loading...
Name
32_1.pdf
Access type
openaccess
Size
323.37 KB
Format
Adobe PDF
Checksum (MD5)
9b3d4f586b3a0b343cc13ec47a6d0dec