Difference between revisions of "ECDSA"

From MgmtWiki
Jump to: navigation, search
(Context)
 
Line 3: Line 3:
  
 
==Context==
 
==Context==
One of the weaknesses of ECDSA is a fault attack. In the fault attack in ECDSA we only require two signatures. One is produced without a fault (r,s), and the other has a fault (rf,sf). From these, we can generate the private key [1,2].
+
One of the weaknesses of ECDSA is a fault attack. In the fault attack in ECDSA we only require two signatures. One is produced without a fault (r,s), and the other has a fault (rf,sf). From these, we can generate the private key.<ref>Sullivan, G. A., Sippe, J., Heninger, N., & Wustrow, E. (2022). Open to a fault: On the passive compromise of {TLS} keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 233-250)</ref><ref>Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., & Rösler, P. (2018, April). Attacking deterministic signature schemes using fault attacks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 338-352). IEEE.</ref>
  
 
* [https://asecuritysite.com/sage/sage_ecdsa_crack_fault Here is the Sage code for this]
 
* [https://asecuritysite.com/sage/sage_ecdsa_crack_fault Here is the Sage code for this]
  
 
[1] Sullivan, G. A., Sippe, J., Heninger, N., & Wustrow, E. (2022). Open to a fault: On the passive compromise of {TLS} keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 233-250).
 
[2] Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., & Rösler, P. (2018, April). Attacking deterministic signature schemes using fault attacks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 338-352). IEEE.
 
  
 
==References==
 
==References==
  
 
[[Category: Cryptography]]
 
[[Category: Cryptography]]

Latest revision as of 17:21, 10 November 2024

Full Title

Elliptic Curves with DSA

Context

One of the weaknesses of ECDSA is a fault attack. In the fault attack in ECDSA we only require two signatures. One is produced without a fault (r,s), and the other has a fault (rf,sf). From these, we can generate the private key.[1][2]


References

  1. Sullivan, G. A., Sippe, J., Heninger, N., & Wustrow, E. (2022). Open to a fault: On the passive compromise of {TLS} keys via transient errors. In 31st USENIX Security Symposium (USENIX Security 22) (pp. 233-250)
  2. Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., & Rösler, P. (2018, April). Attacking deterministic signature schemes using fault attacks. In 2018 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 338-352). IEEE.
Retrieved from "http://tcwiki.azurewebsites.net/index.php?title=ECDSA&oldid=22350"