International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 31 August 2015

David Wong
ePrint Report ePrint Report
In 2011, B.B.Brumley and N.Tuveri found a remote timing attack on OpenSSL\'s ECDSA implementation for binary curves. We will study if the title of their paper was indeed relevant (Remote Timing Attacks are Still Practical). We improved on their lattice attack using the Embedding Strategy that reduces the Closest Vector Problem to the Shortest Vector Problem so as to avoid using Babai\'s procedures to solve the CVP and rely on the better experimental results of LLL. We will detail (along with publishing the source code of the tools we used) our attempts to reproduce their experiments from a remote machine located on the same network with the server, and see that such attacks are not trivial and far from being practical. Finally we will see other attacks and countermeasures.

Expand

Additional news items may be found on the IACR news page.