Zobrazit v EDS

随机数泄露位置与模数对 ECDSA 安全性的影响.

Uloženo v:
Podrobná bibliografie
Název: 随机数泄露位置与模数对 ECDSA 安全性的影响. (Chinese)
Alternate Title: Impact of Nonces Leakage Location and Modulus on ECDSA Security. (English)
Autoři: 周呈景, 王 更, 谷大武
Zdroj: Journal of Cryptologic Research (2097-4116); Apr2025, Vol. 12 Issue 2, p337-352, 16p
Témata: ELLIPTIC curves, RANDOM numbers, DIGITAL signatures, SAMPLE size (Statistics), LEAKAGE
Abstract (English): Currently, the practical security analysis of elliptic curve digital signature algorithm (ECDSA) mostly involves constructing hidden number problems using random number information obtained through side channel attacks and then solving them. However, in theoretical research, the diversity of elliptic curve parameters and the uncertainty of obtaining random number information are often not taken into account, which may lead to inconsistent theoretical analysis results and actual solving effects for hidden number problems. This study conuducts experiments on the nonces leakage problem of ECDSA under different elliptic curve parameters and provides theoretical analysis based on Gaussian heuristic. It provides the usage method of recentering technique under different random number bit leakage conditions and proves that the success rate of solving the highest/middle bit leakage of random numbers is affected by modulus: the smaller the modulus, the lower the success rate of solving. Under the condition of a sample size of 70, highest/middle 4-bit nonce leakage, the success rate of solving is 90% compared to using sm2p256v1 or secp256k1 elliptic curves, and 0% when using brainpoolp256r1 elliptic curves. [ABSTRACT FROM AUTHOR]
Abstract (Chinese): 当前对椭圆曲线数字签名算法 (ECDSA) 的实际安全分析工作, 多是利用侧信道攻击获取的随机 数信息构造隐藏数问题再进行求解. 然而在理论研究中, 往往并未考虑到椭圆曲线参数的多样性以及获取 随机数信息的不确定性, 且可能导致隐藏数问题的理论分析结果与实际求解效果不一致. 本文针对不同椭 圆曲线参数下 ECDSA 随机数比特泄露问题进行实验, 并基于高斯启发给出理论分析, 给出了中心化技术 在不同随机数比特泄露条件下的使用方法, 并证明了随机数最高/中间比特泄露时的求解成功率受到模数 影响, 模数越小求解成功率越小: 在 70 样本量、随机数最高/中间 4 比特泄露条件下, 较使用 sm2p256 v 1 或 secp256k1 椭圆曲线时 90% 的求解成功率, 使用 brainpoolp256r1 椭圆曲线时为 0%. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Cryptologic Research (2097-4116) is the property of Editorial Board of Journal of Cryptologic Research and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Databáze: Complementary Index
Popis
Abstrakt:Currently, the practical security analysis of elliptic curve digital signature algorithm (ECDSA) mostly involves constructing hidden number problems using random number information obtained through side channel attacks and then solving them. However, in theoretical research, the diversity of elliptic curve parameters and the uncertainty of obtaining random number information are often not taken into account, which may lead to inconsistent theoretical analysis results and actual solving effects for hidden number problems. This study conuducts experiments on the nonces leakage problem of ECDSA under different elliptic curve parameters and provides theoretical analysis based on Gaussian heuristic. It provides the usage method of recentering technique under different random number bit leakage conditions and proves that the success rate of solving the highest/middle bit leakage of random numbers is affected by modulus: the smaller the modulus, the lower the success rate of solving. Under the condition of a sample size of 70, highest/middle 4-bit nonce leakage, the success rate of solving is 90% compared to using sm2p256v1 or secp256k1 elliptic curves, and 0% when using brainpoolp256r1 elliptic curves. [ABSTRACT FROM AUTHOR]
ISSN:20974116
DOI:10.13868/j.cnki.jcr.000766