Practical realisation and elimination of an ECC-related software bug attack

Billy Brumley, Manuel Barbosa, Dan Page, Frederik Vercauteren

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    21 Citations (Scopus)


    We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via 633 adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.

    Original languageEnglish
    Title of host publicationTopics in Cryptology, CT-RSA 2012 - The Cryptographers' Track at the RSA Conference 2012, Proceedings
    Number of pages16
    Volume7178 LNCS
    Publication statusPublished - 2012
    Publication typeA4 Article in conference proceedings
    Event12th Cryptographers' Track at the RSA Conference, CT-RSA 2012 - San Francisco, CA, United States
    Duration: 27 Feb 20122 Mar 2012

    Publication series

    NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
    Volume7178 LNCS
    ISSN (Print)03029743
    ISSN (Electronic)16113349


    Conference12th Cryptographers' Track at the RSA Conference, CT-RSA 2012
    Country/TerritoryUnited States
    CitySan Francisco, CA


    • bug attack
    • Elliptic curve
    • fault attack
    • NIST
    • OpenSSL

    ASJC Scopus subject areas

    • Theoretical Computer Science
    • Computer Science(all)


    Dive into the research topics of 'Practical realisation and elimination of an ECC-related software bug attack'. Together they form a unique fingerprint.

    Cite this