Experimental test of ECDSA digital signature robustness from timing-lattice attack

Abstract

An experimental test of robustness to timing attack is reported for the widely used public-key cryptographic algorithm in IoT transducers, the Elliptic Curve Digital Signature Algorithm (ECDSA). To this aim, a timing-lattice attack is addressed on ECDSA of the firmware Library MbedTLS for ARM microcontrollers. Timing is assessed by measuring the execution time of ecdsa_write_signature of MbedTLS library implemented on an ARM Cortex-M4 microcontroller. The time intervals required to sign the messages, the messages themselves, and the signatures, are used to mount a lattice attack in order to discover ECDSA private key. Experimental results highlight the security of ECDSA function in MbedTLS library to the implemented attack.