SM2 is a public key cryptography suite originating from Chinese standards, including digital signatures and public key encryption. Ahead of schedule, code for this functionality was recently mainlined in OpenSSL, marked for the upcoming 1.1.1 release. We perform a security review of this implementation, uncovering various deficiencies ranging from traditional software quality issues to side-channel risks. To assess the latter, we carry out a side-channel security evaluation and discover that the implementation hits every pitfall seen for OpenSSL's ECDSA code in the past decade. We carry out remote timings, cache timings, and EM analysis, with accompanying empirical data to demonstrate secret information leakage during execution of both digi...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
Interference between processes executing on shared hardware can be used to mount performance-degrada...
We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack agai...
SM2 is a public key cryptography suite originating from Chinese standards, including digital signatu...
Electromagnetic (EM) side-channel traces of elliptic curve point multiplication during SM2 decryptio...
As side-channel attacks reached general purpose PCs and started to be more practical for attackers t...
SM2 digital signature scheme, which is part of the Chinese public key cryptosystem standard SM2 issu...
The EM side channel analysis is a very effective technique to attack cryptographic systems due to it...
Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously ...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
Side-channel analysis is an important concern for the security of cryptographic implementations, and...
We provide further evidence that implementing software countermeasures against timing attacks is a n...
Side channels have long been recognized as a threat to the security of cryptographic applications. I...
Cache side-channel attacks exhibit severe threats to software security and privacy, especially for c...
We take advantage of a recently published open source implementation of the AES protected with a mix...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
Interference between processes executing on shared hardware can be used to mount performance-degrada...
We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack agai...
SM2 is a public key cryptography suite originating from Chinese standards, including digital signatu...
Electromagnetic (EM) side-channel traces of elliptic curve point multiplication during SM2 decryptio...
As side-channel attacks reached general purpose PCs and started to be more practical for attackers t...
SM2 digital signature scheme, which is part of the Chinese public key cryptosystem standard SM2 issu...
The EM side channel analysis is a very effective technique to attack cryptographic systems due to it...
Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously ...
During the last decade, constant-time cryptographic software has quickly transitioned from an academ...
Side-channel analysis is an important concern for the security of cryptographic implementations, and...
We provide further evidence that implementing software countermeasures against timing attacks is a n...
Side channels have long been recognized as a threat to the security of cryptographic applications. I...
Cache side-channel attacks exhibit severe threats to software security and privacy, especially for c...
We take advantage of a recently published open source implementation of the AES protected with a mix...
TLS and SSH are two of the most commonly used proto- cols for securing Internet traffic. Many of the...
Interference between processes executing on shared hardware can be used to mount performance-degrada...
We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack agai...