Field Programmable Gate Arrays (FPGA) are proving to be very useful in mounting attacks against modern cryptographic schemes. By allowing fast computation of discrete logarithms researchers have shown that elliptic curves are coming into range of vulnerability.
A paper now out in the public domain, has demonstrated how to accelerate these computations. Entitled "Faster discrete logarithms on FPGAs" the acceleration was sufficient to be used in an attack against the SECG standard curve sect113r2. But before you panic this was removed from the standard in 2010 although it was not disabled in OpenSSL until June 2015. Although you shouldn't panic, neither should you relax, and you certainly shouldn't ignore this research.
Whilst this latest implementation has set a new record for various parts of the computation it is not necessarily that which will draw attention. What is important is the way they have been able to use fewer Look Up Tables (LUT). This reduces the cost not just of this attack but also holds the promise of significantly reduced cost for mounting attacks against larger curves.
Showing posts with label elliptic curve encryption. Show all posts
Showing posts with label elliptic curve encryption. Show all posts
Friday, 22 April 2016
Monday, 15 February 2016
Crypto Key Recovery: Through Walls In Seconds
A group of researchers from the Department of Computer Science at Tel Aviv University have had increasing success in revisiting an old technique but with a new twist. They have been using electromagnetic radiation from laptops to recover encryption keys. The hardware required (software defined radio: SDR) is very cheap - you can buy a SDR dongle for less than £30. The knowledge of how to exploit it has been published in a series of papers, the latest of which has just been issued and is due to be presented at cryptographers track at the RSA conference on 3rd March.
Without wishing to seem facetious, many years ago governments recognised that computers contains electrons that were accelerating around the equipment, and basic physics tells you that any time an electron moves it radiates electromagnetic waves. When this was first mooted as a possible way to recover information remotely from computers many thought those discussing it were, frankly, bonkers. Imagine their surprise when it was demonstrated that the contents of an old-style cathode ray tube (CRT) screen could be displayed some distance away. It was at that point that NATO countries developed a standard called TEMPEST. And even that wasn't completely new as Bell Labs had noted in World War II that 75% of plaintext could be recovered from teleprinters from over 20 metres away.
The TEMPEST standards are still used today. It has continued to evolve, no longer simply looking at electromagnetic emanations from equipment but also increasingly considering other forms of side channel attack such as sensors in smartphones being used to infer keystrokes.
Without wishing to seem facetious, many years ago governments recognised that computers contains electrons that were accelerating around the equipment, and basic physics tells you that any time an electron moves it radiates electromagnetic waves. When this was first mooted as a possible way to recover information remotely from computers many thought those discussing it were, frankly, bonkers. Imagine their surprise when it was demonstrated that the contents of an old-style cathode ray tube (CRT) screen could be displayed some distance away. It was at that point that NATO countries developed a standard called TEMPEST. And even that wasn't completely new as Bell Labs had noted in World War II that 75% of plaintext could be recovered from teleprinters from over 20 metres away.
The TEMPEST standards are still used today. It has continued to evolve, no longer simply looking at electromagnetic emanations from equipment but also increasingly considering other forms of side channel attack such as sensors in smartphones being used to infer keystrokes.
Subscribe to:
Posts (Atom)