International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Attacks Against White-Box ECDSA and Discussion of Countermeasures: A Report on the WhibOx Contest 2021

Authors:
Sven Bauer , Giesecke+Devrient Mobile Security GmbH, Munich, Germany
Hermann Drexler , Giesecke+Devrient Mobile Security GmbH, Munich, Germany
Max Gebhardt , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Dominik Klein , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Friederike Laus , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Johannes Mittmann , Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany
Download:
DOI: 10.46586/tches.v2022.i4.25-55
URL: https://tches.iacr.org/index.php/TCHES/article/view/9812
Search ePrint
Search Google
Presentation: Slides
Abstract: This paper deals with white-box implementations of the Elliptic Curve Digital Signature Algorithm (ECDSA): First, we consider attack paths to break such implementations. In particular, we provide a systematic overview of various fault attacks, to which ECDSA white-box implementations are especially susceptible. Then, we propose different mathematical countermeasures, mainly based on masking/blinding of sensitive variables, in order to prevent or at least make such attacks more difficult. We also briefly mention some typical implementational countermeasures and their challenges in the ECDSA white-box scenario. Our work has been initiated by the CHES challenge WhibOx Contest 2021, which consisted of designing and breaking white-box ECDSA implementations, so called challenges. We illustrate our results and findings by means of the submitted challenges and provide a comprehensive overview which challenge could be solved in which way. Furthermore, we analyze selected challenges in more details.
BibTeX
@article{tches-2022-32355,
  title={Attacks Against White-Box ECDSA and Discussion of Countermeasures: A Report on the WhibOx Contest 2021},
  journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
  publisher={Ruhr-Universität Bochum},
  volume={2022, Issue 4},
  pages={25-55},
  url={https://tches.iacr.org/index.php/TCHES/article/view/9812},
  doi={10.46586/tches.v2022.i4.25-55},
  author={Sven Bauer and Hermann Drexler and Max Gebhardt and Dominik Klein and Friederike Laus and Johannes Mittmann},
  year=2022
}