[Resource Topic] 2018/651: Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Welcome to the resource topic for 2018/651

Title:
Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

Authors: Nicola Tuveri, Sohaib ul Hassan, Cesar Pereida García, Billy Brumley

Abstract:

SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL’s ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.

ePrint: https://eprint.iacr.org/2018/651

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .