Visible to the public Degenerate Fault Attacks on Elliptic Curve Parameters in OpenSSL

TitleDegenerate Fault Attacks on Elliptic Curve Parameters in OpenSSL
Publication TypeConference Paper
Year of Publication2019
AuthorsTakahashi, Akira, Tibouchi, Mehdi
Conference Name2019 IEEE European Symposium on Security and Privacy (EuroS P)
KeywordsBitcoin curve, command injection attacks, composability, Elliptic curve cryptography, elliptic curve parameters, Elliptic curves, embedded security, Encryption, Fault attack, Invalid curve attack, Loading, Metrics, Neves curve attack, OpenSSL, OpenSSL command line tools, pubcrawl, public key cryptography, Rapsberry Pi single board computer, Resiliency, Servers, Singular curve, singular curve point decompression attacks, Supersingular curve, Tibouchis degenerate curve attack
AbstractIn this paper, we describe several practically exploitable fault attacks against OpenSSL's implementation of elliptic curve cryptography, related to the singular curve point decompression attacks of Blomer and Gunther (FDTC2015) and the degenerate curve attacks of Neves and Tibouchi (PKC 2016). In particular, we show that OpenSSL allows to construct EC key files containing explicit curve parameters with a compressed base point. A simple single fault injection upon loading such a file yields a full key recovery attack when the key file is used for signing with ECDSA, and a complete recovery of the plaintext when the file is used for encryption using an algorithm like ECIES. The attack is especially devastating against curves with j-invariant equal to 0 such as the Bitcoin curve secp256k1, for which key recovery reduces to a single division in the base field. Additionally, we apply the present fault attack technique to OpenSSL's implementation of ECDH, by combining it with Neves and Tibouchi's degenerate curve attack. This version of the attack applies to usual named curve parameters with nonzero j-invariant, such as P192 and P256. Although it is typically more computationally expensive than the one against signatures and encryption, and requires multiple faulty outputs from the server, it can recover the entire static secret key of the server even in the presence of point validation. These various attacks can be mounted with only a single instruction skipping fault, and therefore can be easily injected using low-cost voltage glitches on embedded devices. We validated them in practice using concrete fault injection experiments on a Rapsberry Pi single board computer running the up to date OpenSSL command line tools-a setting where the threat of fault attacks is quite significant.
Citation Keytakahashi_degenerate_2019