scholarly journals Key Recovery Algorithm of Erroneous RSA Private Key Bits Using Generalized Probabilistic Measure

2016 ◽  
Vol 26 (5) ◽  
pp. 1089-1097
Author(s):  
Yoo-Jin Baek
Keyword(s):  
Key Recovery ◽  
Probabilistic Measure ◽  
Recovery Algorithm ◽  
Private Key

scholarly journals Cold Boot Attacks on LUOV

2020 ◽  
Vol 10 (12) ◽  
pp. 4106 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Key Generation ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Private Key ◽  
Research Article ◽  
The Family ◽  
And Performance ◽  
First Time

This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field K and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when α = 0.001 (probability that a 0 bit of the original secret key will flip to a 1 bit) and β (probability that a 1 bit of the original private key will flip to a 0 bit) in the range { 0.001 , 0.01 , 0.02 , … , 0.15 } by enumerating approximately 2 40 candidates.

scholarly journals A Comprehensive Study of the Key Enumeration Problem

Entropy ◽  
2019 ◽  
Vol 21 (10) ◽  
pp. 972 ◽  
Author(s):  
Ricardo Villanueva-Polanco
Keyword(s):  
Main Memory ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Enumeration Algorithm ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Enumeration Problem ◽  
Enumeration Algorithms ◽  
Recovery Problem

In this paper, we will study the key enumeration problem, which is connected to the key recovery problem posed in the cold boot attack setting. In this setting, an attacker with physical access to a computer may obtain noisy data of a cryptographic secret key of a cryptographic scheme from main memory via this data remanence attack. Therefore, the attacker would need a key-recovery algorithm to reconstruct the secret key from its noisy version. We will first describe this attack setting and then pose the problem of key recovery in a general way and establish a connection between the key recovery problem and the key enumeration problem. The latter problem has already been studied in the side-channel attack literature, where, for example, the attacker might procure scoring information for each byte of an Advanced Encryption Standard (AES) key from a side-channel attack and then want to efficiently enumerate and test a large number of complete 16-byte candidates until the correct key is found. After establishing such a connection between the key recovery problem and the key enumeration problem, we will present a comprehensive review of the most outstanding key enumeration algorithms to tackle the latter problem, for example, an optimal key enumeration algorithm (OKEA) and several nonoptimal key enumeration algorithms. Also, we will propose variants to some of them and make a comparison of them, highlighting their strengths and weaknesses.

scholarly journals Asymmetric key Cryptography using Laplace Transform

2020 ◽  
Vol 9 (4) ◽  
pp. 3083-3087
Keyword(s):  
Network Security ◽  
Laplace Transform ◽  
Inverse Laplace Transform ◽  
Text File ◽  
Key Recovery ◽  
Public And Private ◽  
Plain Text ◽  
Private Key ◽  
Coefficient Corrélation ◽  
Key Recovery Attack

This paper presents a method of Asymmetric key cryptography using Laplace transform and inverse Laplace transform respectively on Maclaurin’s series to attain information and network Security. The public key and private key are used to encrypt and decrypt data in Asymmetric cryptography. Public and private key are generated using Encryption and Decryption algorithms with a numerical example. Frequency allocations of characters in plain text file and cipher text file with proposed algorithm are analyzed using bar diagrams. It has been observed that the repeated character in encipher file has same frequency while running ElGamal and RSA encryption algorithms but differ in proposed algorithm. Time complexity of each algorithm is tested for distinct file size and is presented in a suitable table. Statistical analysis for the proposed algorithm is performed using coefficient correlation and compared with ElGamal, RSA algorithms. All these tests ensure that the proposed algorithm provide network security and key recovery attack.

scholarly journals Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries

2021 ◽  
pp. 1-26
Author(s):  
Sunghyun Jin ◽  
Sangyub Lee ◽  
Sung Min Cho ◽  
HeeSeok Kim ◽  
Seokhie Hong
Keyword(s):  
Power Consumption ◽  
Digital Signatures ◽  
Scalar Multiplication ◽  
Side Channel ◽  
Validation Process ◽  
Key Recovery ◽  
Private Key ◽  
Signature Generation ◽  
Fixed Base ◽  
Key Recovery Attack

In this paper, we propose a novel key recovery attack against secure ECDSA signature generation employing regular table-based scalar multiplication. Our attack exploits novel leakage, denoted by collision information, which can be constructed by iteratively determining whether two entries loaded from the table are the same or not through side-channel collision analysis. Without knowing the actual value of the table entries, an adversary can recover the private key of ECDSA by finding the condition for which several nonces are linearly dependent by exploiting only the collision information. We show that this condition can be satisfied practically with a reasonable number of digital signatures and corresponding traces. Furthermore, we also show that all entries in the pre-computation table can be recovered using the recovered private key and a sufficient number of digital signatures based on the collision information. As case studies, we find that fixed-base comb and T_SM scalar multiplication are vulnerable to our attack. Finally, we verify that our attack is a real threat by conducting an experiment with power consumption traces acquired during T_SM scalar multiplication operations on an ARM Cortex-M based microcontroller. We also provide the details for validation process.

scholarly journals Minerva: The curse of ECDSA nonces

2020 ◽  
pp. 281-308
Author(s):  
Jan Jancar ◽  
Vladimir Sedlacek ◽  
Petr Svenda ◽  
Marek Sys
Keyword(s):  
Real World ◽  
Scalar Multiplication ◽  
Side Channel ◽  
Key Recovery ◽  
Private Key ◽  
New Methods ◽  
Successful Attack ◽  
Benchmark Datasets ◽  
Recovery Methods

We present our discovery of a group of side-channel vulnerabilities in implementations of the ECDSA signature algorithm in a widely used Atmel AT90SC FIPS 140-2 certified smartcard chip and five cryptographic libraries (libgcrypt, wolfSSL, MatrixSSL, SunEC/OpenJDK/Oracle JDK, Crypto++). Vulnerable implementations leak the bit-length of the scalar used in scalar multiplication via timing. Using leaked bit-length, we mount a lattice attack on a 256-bit curve, after observing enough signing operations. We propose two new methods to recover the full private key requiring just 500 signatures for simulated leakage data, 1200 for real cryptographic library data, and 2100 for smartcard data. The number of signatures needed for a successful attack depends on the chosen method and its parameters as well as on the noise profile, influenced by the type of leakage and used computation platform. We use the set of vulnerabilities reported in this paper, together with the recently published TPM-FAIL vulnerability [MSE+20] as a basis for real-world benchmark datasets to systematically compare our newly proposed methods and all previously published applicable lattice-based key recovery methods. The resulting exhaustive comparison highlights the methods’ sensitivity to its proper parametrization and demonstrates that our methods are more efficient in most cases. For the TPM-FAIL dataset, we decreased the number of required signatures from approximately 40 000 to mere 900.

scholarly journals Cold Boot Attacks on the Supersingular Isogeny Key Encapsulation (SIKE) Mechanism

2020 ◽  
Vol 11 (1) ◽  
pp. 193
Author(s):  
Ricardo Villanueva-Polanco ◽  
Eduardo Angulo-Madrid
Keyword(s):  
Success Rates ◽  
Secret Key ◽  
Enumeration Algorithm ◽  
Key Recovery ◽  
Recovery Algorithm ◽  
Key Encapsulation Mechanism ◽  
Standardization Process ◽  
Overall Performance ◽  
Post Quantum Cryptography ◽  
First Time

This research paper evaluates the feasibility of cold boot attacks on the Supersingular Isogeny Key Encapsulation (SIKE) mechanism. This key encapsulation mechanism has been included in the list of alternate candidates of the third round of the National Institute of Standards and Technology (NIST) Post-Quantum Cryptography Standardization Process. To the best of our knowledge, this is the first time this scheme is assessed in the cold boot attacks setting. In particular, our evaluation is focused on the reference implementation of this scheme. Furthermore, we present a dedicated key-recovery algorithm for SIKE in this setting and show that the key recovery algorithm works for all the parameter sets recommended for this scheme. Moreover, we compute the success rates of our key recovery algorithm through simulations and show the key recovery algorithm may reconstruct the SIKE secret key for any SIKE parameters for a fixed and small α=0.001 (the probability of a 0 to 1 bit-flipping) and varying values for β (the probability of a 1 to 0 bit-flipping) in the set {0.001,0.01,…,0.1}. Additionally, we show how to integrate a quantum key enumeration algorithm with our key-recovery algorithm to improve its overall performance.

Sign in / Sign up

Export Citation Format

Share Document