Conference Proceedings

When constant-time source yields variable-time binary: Exploiting curve25519-donna built with MSVC 2015

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2016) 10052 LNCS 573-582
DOI: 10.1007/978-3-319-48965-0_36
29Citations
Citations of this article
25Readers
Mendeley users who have this article in their library.
Get full text

Abstract

The elliptic curve Curve25519 has been presented as protected against state-of-the-art timing attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 implementation which follows the RFC 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH protocol. This is achieved due to timing leakage during Montgomery ladder execution and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely.

Author supplied keywords

Cite

CITATION STYLE

APA

Kaufmann, T., Pelletier, H., Vaudenay, S., & Villegas, K. (2016). When constant-time source yields variable-time binary: Exploiting curve25519-donna built with MSVC 2015. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10052 LNCS, pp. 573–582). Springer Verlag. https://doi.org/10.1007/978-3-319-48965-0_36

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free