Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study

    Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

    11 Citations (Scopus)
    59 Downloads (Pure)

    Abstract

    SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digital signature generation and public key decryption. Finally, we propose, implement, and empirically evaluate countermeasures.
    Original languageEnglish
    Title of host publicationACSAC '18 Proceedings of the 34th Annual Computer Security Applications Conference
    Place of PublicationNew York
    PublisherACM
    Pages147-160
    Number of pages14
    ISBN (Electronic)978-1-4503-6569-7
    DOIs
    Publication statusPublished - 3 Dec 2018
    Publication typeA4 Article in a conference publication
    EventAnnual Computer Security Applications Conference -
    Duration: 3 Dec 20187 Dec 2018

    Conference

    ConferenceAnnual Computer Security Applications Conference
    Period3/12/187/12/18

    Publication forum classification

    • Publication forum level 1

    Fingerprint

    Dive into the research topics of 'Side-Channel Analysis of SM2: A Late-Stage Featurization Case Study'. Together they form a unique fingerprint.

    Cite this