Skip to main content
SpringerLink
Log in

Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones

  • Conference paper
  • First Online:
Topics in Cryptology - CT-RSA 2016 (CT-RSA 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9610))

Included in the following conference series:

Abstract

In this paper, we study the side-channel resistance of the implementation of the ECDSA signature scheme in Android’s standard cryptographic library. We show that, for elliptic curves over prime fields, one can recover the secret key very efficiently on smartphones using electromagnetic side-channel and well-known lattice reduction techniques. We experimentally show that elliptic curve operations (doublings and additions) can be distinguished in a multi-core CPU clocking over the giga-hertz. We then extend the standard lattice attack on ECDSA over prime fields to binary Koblitz curves. This is the first time that such an attack is described on Koblitz curves. These curves, which are also available in Bouncy Castle, allow very efficient implementations using the Frobenius operation. This leads to signal processing challenges since the number of available points are reduced. We investigate practical side-channel, showing the concrete vulnerability of such implementations. In comparison to previous works targeting smartphones, the attacks presented in the paper take benefit from discernible architectural features, like specific instructions computations or memory accesses.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aboulkassimi, D., Agoyan, M., Freund, L., Fournier, J., Robisson, B., Tria, A.: ElectroMagnetic analysis (EMA) of software AES on Java mobile phones. In: WIFS (2011)

    Google Scholar 

  2. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). CHES (2002). LNCS, vol. 2523, pp. 29–45. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Aranha, D.F., Faz-Hernández, A., López, J., Rodríguez-Henríquez, F.: Faster implementation of scalar multiplication on koblitz curves. In: Hevia, A., Neven, G. (eds.) LatinCrypt 2012. LNCS, vol. 7533, pp. 177–193. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  4. ARM. The ARM architecture - with a focus on v7A and Cortex-A8. Presentation support

    Google Scholar 

  5. ARM. ARM Architecture Reference Manual - Thumb–2 supplement

    Google Scholar 

  6. Belgaric, P., Fouque, P.-A., Marcario-Rat, G., Tibouchi, M.: Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. Cryptology ePrint Archive (2015). Full version of this paper. http://eprint.iacr.org/

  7. Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah.. Just a Little Bit”: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014)

    Google Scholar 

  8. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: Research perspectives and challenges for bitcoin and cryptocurrencies. In: Security and Privacy (2015)

    Google Scholar 

  9. Gebotys, C.H., Ho, S., Tiu, C.C.: EM analysis of rijndael and ECC on a wireless java-based PDA. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 250–264. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Genkin, D., Pipman, I., Tromer, E.: Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 242–260. Springer, Heidelberg (2014)

    Google Scholar 

  11. Genkin, D., Shamir, A., Tromer, E.: RSA key extraction via low-bandwidth acoustic cryptanalysis. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 444–461. Springer, Heidelberg (2014)

    Google Scholar 

  12. Hankerson, D., Vanstone, S., Menezes, A.: Guide to Elliptic Curve Cryptography. Springer Professional Computing. Springer, New York (2004)

    MATH  Google Scholar 

  13. Howgrave-Graham, N., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Crypt. 23(3), 283–290 (2001)

    Article  MathSciNet  MATH  Google Scholar 

  14. Kenworthy, G., Rohatgi, P.: Mobile device security: The case for side-channel resistance. Technical report, Cryptography Research Inc. (2012)

    Google Scholar 

  15. Koblitz, N.: CM-curves with good cryptographic properties. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 279–287. Springer, Heidelberg (1992)

    Google Scholar 

  16. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  17. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  19. López, J., Dahab, R.: Improved algorithms for elliptic curve arithmetic in \({GF}(2^{\rm n})\). In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 201–212. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  20. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2009)

    Google Scholar 

  21. Nakano, Y., Souissi, Y., Nguyen, R., Sauvage, L., Danger, J.-L., Guilley, S., Kiyomoto, S., Miyake, Y.: A pre-processing composition for secret key recovery on android smartphone. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 76–91. Springer, Heidelberg (2014)

    Google Scholar 

  22. Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201–217 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  23. Nguyen, P.Q., Tibouchi, M.: Lattice-based fault attacks on signatures. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. Information Security and Cryptography. Springer, New York (2012)

    Google Scholar 

  24. NIST. Fips pub 186 - 3: Digital signature standard. Technical report, NIST, July 2013

    Google Scholar 

  25. Oliveira, T., López, J., Aranha, D.F., Rodríguez-Henríquez, F.: Lambda coordinates for binary elliptic curves. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 311–330. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  26. Solinas, J.A.: Efficient arithmetic on koblitz curves. Des. Codes Crypt. 19(2/3), 195–249 (2000)

    Article  MathSciNet  MATH  Google Scholar 

  27. Zajic, A., Prvulovic, M.: Experimental demonstration of electromagnetic information leakage from modern processor-memory systems. IEEE Trans. Electromagn. Compat. 56(4), 885–893 (2014)

    Article  Google Scholar 

  28. Zenger, C., Paar, C., Lemke-Rust, K., Kasper, T., Oswald, D.: Sema of rsa on a smartphone. Technical report, Ruhr-Universitat Bochum, October 2011

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Orange Labs, Issy-les-Moulineaux, France

    Pierre Belgarric & Gilles Macario-Rat

  2. Institut Universitaire de France, Université de Rennes 1, Rennes, France

    Pierre-Alain Fouque

  3. NTT Secure Platform Laboratories, Tokyo, Japan

    Mehdi Tibouchi

  4. HP Labs, HP Inc., Bristol, UK

    Pierre Belgarric

Authors
  1. Pierre Belgarric
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre-Alain Fouque
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gilles Macario-Rat
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mehdi Tibouchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pierre Belgarric .

Editor information

Editors and Affiliations

  1. NEC Cloud Systems Research Laboratories, Kawasaki, Japan

    Kazue Sako

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Belgarric, P., Fouque, PA., Macario-Rat, G., Tibouchi, M. (2016). Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smartphones. In: Sako, K. (eds) Topics in Cryptology - CT-RSA 2016. CT-RSA 2016. Lecture Notes in Computer Science(), vol 9610. Springer, Cham. https://doi.org/10.1007/978-3-319-29485-8_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-29485-8_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-29484-1

  • Online ISBN: 978-3-319-29485-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation