Kaufmann, ThierryPelletier, HerveVaudenay, SergeVillegas, Karine2016-12-212016-12-212016-12-21201610.1007/978-3-319-48965-0_36https://infoscience.epfl.ch/handle/20.500.14299/132145WOS:000389953600036The elliptic curve Curve25519 has been presented as pro- tected against state-of-the-art timing attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implemen- tation which follows the RFC 7748 requirements [11]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execu- tion and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.Elliptic curvecryptographytext::conference output::conference proceedings::conference paper