Difference between revisions of "ECDSA"

Latest revision as of 16:50, 20 April 2025

Full Title

Elliptic Curves with DSA

Context

One of the weaknesses of ECDSA is a fault attack. In the fault attack in ECDSA we only require two signatures. One is produced without a fault (r,s), and the other has a fault (rf,sf). From these, we can generate the private key.^[1]^[2]

Here is the Sage code for this

Another attack is possible if a nonce between two signature is related. Breaking ECDSA with Two Affinely Related Nonces

References

↑ Sullivan, G. A., Sippe, J., Heninger, N., & Wustrow, E. (2022). Open to a fault: On the passive compromise of {TLS} keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 233-250)
↑ Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., & Rösler, P. (2018, April). Attacking deterministic signature schemes using fault attacks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 338-352). IEEE.

[1] Sullivan, G. A., Sippe, J., Heninger, N., & Wustrow, E. (2022). Open to a fault: On the passive compromise of {TLS} keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 233-250)

[2] Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., & Rösler, P. (2018, April). Attacking deterministic signature schemes using fault attacks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 338-352). IEEE.

[1]

[2]

@@ Line 7: / Line 7: @@
 * [https://asecuritysite.com/sage/sage_ecdsa_crack_fault Here is the Sage code for this]
+Another attack is possible if a nonce between two signature is related.  [https://eprint.iacr.org/2025/705 Breaking ECDSA with Two Affinely Related Nonces]
 ==References==
 [[Category: Cryptography]]

Difference between revisions of "ECDSA"

Latest revision as of 16:50, 20 April 2025

Full Title

Context

References

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools

Sidebar Links