基于比特币曲线的椭圆曲线密码系统在SECP256k1、NIST256p、NIST521p和ll上的实现

Q3 Decision Sciences
Mohammed Mujeer Ulla;Preethi;Md. Sameeruddin Khan;Deepak S. Sakkari
{"title":"基于比特币曲线的椭圆曲线密码系统在SECP256k1、NIST256p、NIST521p和ll上的实现","authors":"Mohammed Mujeer Ulla;Preethi;Md. Sameeruddin Khan;Deepak S. Sakkari","doi":"10.13052/jicts2245-800X.1141","DOIUrl":null,"url":null,"abstract":"Very recent attacks like ladder leaks demonstrated the feasibility of recovering private keys with side-channel attacks using just one bit of secret nonce. ECDSA nonce bias can be exploited in many ways. Some attacks on ECDSA involve complicated Fourier analysis and lattice mathematics. This paper will enable cryptographers to identify efficient ways in which ECDSA can be cracked on curves NIST256p, SECP256k1, NIST521p, and weak nonce, kind of attacks that can crack ECDSA and how to protect yourself. Initially, we begin with an ECDSA signature to sign a message using the private key and validate the generated signature using the shared public key. Then we use a nonce or a random value to randomize the generated signature. Every time we sign, a new verifiable random nonce value is created, and a way in which the intruder can discover the private key if the signer leaks any one of the nonce values. Then we use Lenstra-Lenstra-Lovasz (LLL) method as a black box, we will try to attack signatures generated from bad nonce or bad random number generator (RAG) on NIST256p, SECP256k1 curves. The combination of nonce generation, post-message signing, and validation in ECDSA helps achieve Uniqueness, Authentication, Integrity, and Non-Repudiation. The analysis is performed by considering all three curves for the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). The comparative analysis for each of the selected curves in terms of computational time is done with the leak of nonce and with the Lenstra-Lenstra-Lovasz method to crack ECDSA. The average computational costs to break ECDSA with curves NIST256p, NIST521p, and SECP256k1 are 0.016, 0.34,0.46 respectively which is almost zero depicting the strength of the algorithm. The average computational costs to break ECDSA with curves SECP256K1 and NIST256p using LLL are 2.9 and 3.4 respectively","PeriodicalId":36697,"journal":{"name":"Journal of ICT Standardization","volume":"11 4","pages":"329-353"},"PeriodicalIF":0.0000,"publicationDate":"2023-11-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10326102","citationCount":"0","resultStr":"{\"title\":\"Implementation of Elliptic Curve Cryptosystem with Bitcoin Curves on SECP256k1, NIST256p, NIST521p, and LLL\",\"authors\":\"Mohammed Mujeer Ulla;Preethi;Md. Sameeruddin Khan;Deepak S. Sakkari\",\"doi\":\"10.13052/jicts2245-800X.1141\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Very recent attacks like ladder leaks demonstrated the feasibility of recovering private keys with side-channel attacks using just one bit of secret nonce. ECDSA nonce bias can be exploited in many ways. Some attacks on ECDSA involve complicated Fourier analysis and lattice mathematics. This paper will enable cryptographers to identify efficient ways in which ECDSA can be cracked on curves NIST256p, SECP256k1, NIST521p, and weak nonce, kind of attacks that can crack ECDSA and how to protect yourself. Initially, we begin with an ECDSA signature to sign a message using the private key and validate the generated signature using the shared public key. Then we use a nonce or a random value to randomize the generated signature. Every time we sign, a new verifiable random nonce value is created, and a way in which the intruder can discover the private key if the signer leaks any one of the nonce values. Then we use Lenstra-Lenstra-Lovasz (LLL) method as a black box, we will try to attack signatures generated from bad nonce or bad random number generator (RAG) on NIST256p, SECP256k1 curves. The combination of nonce generation, post-message signing, and validation in ECDSA helps achieve Uniqueness, Authentication, Integrity, and Non-Repudiation. The analysis is performed by considering all three curves for the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). The comparative analysis for each of the selected curves in terms of computational time is done with the leak of nonce and with the Lenstra-Lenstra-Lovasz method to crack ECDSA. The average computational costs to break ECDSA with curves NIST256p, NIST521p, and SECP256k1 are 0.016, 0.34,0.46 respectively which is almost zero depicting the strength of the algorithm. The average computational costs to break ECDSA with curves SECP256K1 and NIST256p using LLL are 2.9 and 3.4 respectively\",\"PeriodicalId\":36697,\"journal\":{\"name\":\"Journal of ICT Standardization\",\"volume\":\"11 4\",\"pages\":\"329-353\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-11-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10326102\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of ICT Standardization\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10326102/\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"Decision Sciences\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of ICT Standardization","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10326102/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Decision Sciences","Score":null,"Total":0}
引用次数: 0

摘要

最近的攻击,如阶梯泄漏,证明了利用侧通道攻击恢复私钥的可行性。ECDSA nonce偏差可以在许多方面被利用。对ECDSA的一些攻击涉及复杂的傅里叶分析和格数学。本文将使密码学家能够识别在曲线NIST256p, SECP256k1, NIST521p和弱nonce上破解ECDSA的有效方法,可以破解ECDSA的攻击类型以及如何保护自己。首先,我们从ECDSA签名开始,使用私钥对消息进行签名,并使用共享公钥验证生成的签名。然后我们使用随机数或随机值来随机化生成的签名。每次我们签名时,都会创建一个新的可验证的随机nonce值,并且如果签名者泄露任何一个nonce值,入侵者可以通过这种方式发现私钥。然后我们使用Lenstra-Lenstra-Lovasz (LLL)方法作为黑盒,我们将尝试攻击由NIST256p, SECP256k1曲线上的坏随机数生成器(RAG)或坏随机数生成器(RAG)生成的签名。ECDSA中nonce生成、消息后签名和验证的组合有助于实现唯一性、身份验证、完整性和不可否认性。通过考虑实现椭圆曲线数字签名算法(ECDSA)的所有三条曲线来进行分析。利用nonce泄漏和Lenstra-Lenstra-Lovasz方法对所选曲线的计算时间进行了比较分析。利用曲线NIST256p、NIST521p和SECP256k1破坏ECDSA的平均计算成本分别为0.016、0.34和0.46,几乎为零,说明了算法的强度。使用LLL破坏SECP256K1和NIST256p曲线的ECDSA的平均计算成本分别为2.9和3.4
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Implementation of Elliptic Curve Cryptosystem with Bitcoin Curves on SECP256k1, NIST256p, NIST521p, and LLL
Very recent attacks like ladder leaks demonstrated the feasibility of recovering private keys with side-channel attacks using just one bit of secret nonce. ECDSA nonce bias can be exploited in many ways. Some attacks on ECDSA involve complicated Fourier analysis and lattice mathematics. This paper will enable cryptographers to identify efficient ways in which ECDSA can be cracked on curves NIST256p, SECP256k1, NIST521p, and weak nonce, kind of attacks that can crack ECDSA and how to protect yourself. Initially, we begin with an ECDSA signature to sign a message using the private key and validate the generated signature using the shared public key. Then we use a nonce or a random value to randomize the generated signature. Every time we sign, a new verifiable random nonce value is created, and a way in which the intruder can discover the private key if the signer leaks any one of the nonce values. Then we use Lenstra-Lenstra-Lovasz (LLL) method as a black box, we will try to attack signatures generated from bad nonce or bad random number generator (RAG) on NIST256p, SECP256k1 curves. The combination of nonce generation, post-message signing, and validation in ECDSA helps achieve Uniqueness, Authentication, Integrity, and Non-Repudiation. The analysis is performed by considering all three curves for the implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA). The comparative analysis for each of the selected curves in terms of computational time is done with the leak of nonce and with the Lenstra-Lenstra-Lovasz method to crack ECDSA. The average computational costs to break ECDSA with curves NIST256p, NIST521p, and SECP256k1 are 0.016, 0.34,0.46 respectively which is almost zero depicting the strength of the algorithm. The average computational costs to break ECDSA with curves SECP256K1 and NIST256p using LLL are 2.9 and 3.4 respectively
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Journal of ICT Standardization
Journal of ICT Standardization Computer Science-Information Systems
CiteScore
2.20
自引率
0.00%
发文量
18
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信