Completed
Side channel attacks in scalar multiplication
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
LadderLeak
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 ECDSA and Schnorr Signatures
- 3 Risk of Biased/Leaky Randomness
- 4 Randomness Failure in the Real World
- 5 Contributions
- 6 ECDSA signing
- 7 Side channel attacks in scalar multiplication
- 8 Experimental setup
- 9 Cache-timing attacks on prime curves
- 10 Cache-timing attacks on binary curves
- 11 Software countermeasures
- 12 Main takeaways
- 13 The problem we tackle: 1-bit of nonce leakage
- 14 The problem we tackle: less than 1-bit of nonce leakage
- 15 How to attack the HNP
- 16 New attack records for the HNP!
- 17 The Fourier analysis-based attack?
- 18 Bleichenbacher's Attack High-level Overview
- 19 Step 1. Bias Function (Essentially DFT)
- 20 Handy Form of the Bias Function
- 21 Modeling Erroneous Input
- 22 Step 2. Detecting the Bias Peak (Naive Approach)
- 23 Problem: Naive Approach is inefficient!
- 24 Solution: Collision Search to Broaden the Peak
- 25 Collision Search Problem in Bleichenbacher's Framework
- 26 K-list Sum Algorithm for GBP (eg, X = 4)
- 27 Applying Howgrave-Graham and Joux's K-list Sum Algorithm
- 28 Unified Time Memory Data Tradeoffs
- 29 Tradeoff Graphs for 1-bit Bias
- 30 Experimental Results on Full Key Recovery
- 31 Conclusion