June 21, 2019
Joost Renes from the Digital security group is defending his PhD thesis (at 14:30 in the Aula of Radboud University). Before this event we have organized a short seminar featuring three talks as follows.
10:00-10:45 Nadia Heninger, UCSD, US: Lattice Attacks against Weak ECDSA Signatures in Cryptocurrencies
We compute hundreds of Bitcoin private keys and dozens of Ethereum, Ripple, SSH, and HTTPS private keys by carrying out cryptanalytic attacks against digital signatures contained in public blockchains and Internet-wide scans. The ECDSA signature algorithm requires the generation of a per-message secret nonce. This nonce must be generated perfectly uniformly, or else an attacker can exploit the nonce biases to compute the long-term signing key. We use a lattice-based algorithm for solving the hidden number problem to efficiently compute private ECDSA keys that were used with biased signature nonces due to multiple apparent implementation vulnerabilities. Joint work with Joachim Breitner.
11:00-11:45 Yuval Yarom, University of Adelaide, Australia: It's all nice, but can we trust the hardware?
Advances in hardware design over the last decades have opened a gap between the abstract model programmers use when reasoning about program execution and its concrete instantiation in modern computers. In this talk I will present two recent results that highlight the security implications of this discrepancy. The first, Fallout, continues a series of vulnerabilities that exploit side effects of out-of-order execution. Specifically, Fallout builds on incorrect forwarding of values from stores to subsequent loads, leaking the stored values. The second, RAMBleed, exploits the Rowhammer effect that can flip bits in memory. RAMBleed shows that the Rowhammer effect, so far considered as a threat to integrity, can also breach confidentiality.
Joint work with Daniel Genkin, Daniel Gruss, Andrew Kwong, Moritz Lipp, Marina Minkin, Daniel Moghimi, Frank Piessens, Michael Schwarz, Berk Sunar, and Jo Van Bulck
11:45-12:15 Louiza Papachristodoulou, NavInfo Europe, Eindhoven: Security evaluation of RNS scalar multiplication
The Residue Number System (RNS) arithmetic is gaining grounds in public key cryptography, because it offers fast, efficient and secure implementations over large prime fields or rings of integers. In this presentation, we show a thorough and analytic evaluation approach for protected scalar multiplications with RNS and traditional Side Channel Attack (SCA) countermeasures in an effort to assess the SCA resistance of RNS implementations. Four different countermeasures, namely scalar and point randomization, random base permutations and random moduli operation sequence, are implemented and evaluated using the Test Vector Leakage Assessment (TVLA) and template attacks on an ARM Cortex A8 processor. We show experimentally and theoretically that new bounds should be put forward when TVLA evaluations on public key algorithms are performed. On the security of RNS, our data and location dependent template attacks show that even protected implementations are vulnerable to these attacks. A combination of RNS-based countermeasures is the best way to protect against side-channel leakage.
Digital security seminar on July 1st, Radboud University, Mercator 1, 10:00-12:15 (Room 00.028)