Dataset Open Access

CVE-2019-18222: research data and tooling

Alejandro Cabrera Aldaya; Billy Bob Brumley


DCAT Export

<?xml version='1.0' encoding='utf-8'?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:adms="http://www.w3.org/ns/adms#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dct="http://purl.org/dc/terms/" xmlns:dctype="http://purl.org/dc/dcmitype/" xmlns:dcat="http://www.w3.org/ns/dcat#" xmlns:duv="http://www.w3.org/ns/duv#" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:frapo="http://purl.org/cerif/frapo/" xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#" xmlns:gsp="http://www.opengis.net/ont/geosparql#" xmlns:locn="http://www.w3.org/ns/locn#" xmlns:org="http://www.w3.org/ns/org#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:prov="http://www.w3.org/ns/prov#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:schema="http://schema.org/" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:vcard="http://www.w3.org/2006/vcard/ns#" xmlns:wdrs="http://www.w3.org/2007/05/powder-s#">
  <rdf:Description rdf:about="https://doi.org/10.5281/zenodo.3605805">
    <rdf:type rdf:resource="http://www.w3.org/ns/dcat#Dataset"/>
    <dct:type rdf:resource="http://purl.org/dc/dcmitype/Dataset"/>
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://doi.org/10.5281/zenodo.3605805</dct:identifier>
    <foaf:page rdf:resource="https://doi.org/10.5281/zenodo.3605805"/>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0002-1544-6772">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0002-1544-6772</dct:identifier>
        <foaf:name>Alejandro Cabrera Aldaya</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Tampere University</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:creator>
      <rdf:Description rdf:about="http://orcid.org/0000-0001-9160-0463">
        <rdf:type rdf:resource="http://xmlns.com/foaf/0.1/Agent"/>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">0000-0001-9160-0463</dct:identifier>
        <foaf:name>Billy Bob Brumley</foaf:name>
        <org:memberOf>
          <foaf:Organization>
            <foaf:name>Tampere University</foaf:name>
          </foaf:Organization>
        </org:memberOf>
      </rdf:Description>
    </dct:creator>
    <dct:title>CVE-2019-18222: research data and tooling</dct:title>
    <dct:publisher>
      <foaf:Agent>
        <foaf:name>Zenodo</foaf:name>
      </foaf:Agent>
    </dct:publisher>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#gYear">2020</dct:issued>
    <dcat:keyword>side-channel analysis</dcat:keyword>
    <dcat:keyword>ECDSA</dcat:keyword>
    <dcat:keyword>binary GCD</dcat:keyword>
    <dcat:keyword>modular inversion</dcat:keyword>
    <dcat:keyword>Intel SGX</dcat:keyword>
    <dcat:keyword>mbedTLS</dcat:keyword>
    <frapo:isFundedBy rdf:resource="info:eu-repo/grantAgreement/EC/H2020/804476/"/>
    <schema:funder>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </schema:funder>
    <dct:issued rdf:datatype="http://www.w3.org/2001/XMLSchema#date">2020-01-13</dct:issued>
    <dct:language rdf:resource="http://publications.europa.eu/resource/authority/language/ENG"/>
    <owl:sameAs rdf:resource="https://zenodo.org/record/3605805"/>
    <adms:identifier>
      <adms:Identifier>
        <skos:notation rdf:datatype="http://www.w3.org/2001/XMLSchema#anyURI">https://zenodo.org/record/3605805</skos:notation>
        <adms:schemeAgency>url</adms:schemeAgency>
      </adms:Identifier>
    </adms:identifier>
    <dct:relation rdf:resource="https://eprint.iacr.org/2020/055"/>
    <dct:isVersionOf rdf:resource="https://doi.org/10.5281/zenodo.3605804"/>
    <dct:description>&lt;p&gt;This dataset and software tool are for reproducing the research results related to CVE-2019-18222.&lt;/p&gt; &lt;p&gt;Description&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&lt;code&gt;enum&lt;/code&gt; contains the key enumeration tool.&lt;/li&gt; &lt;li&gt;&lt;code&gt;kt_candidates&lt;/code&gt; contains the JSON for blinded nonce candidates, indexed by trial number. JSON fields:&lt;/li&gt; &lt;/ul&gt; &lt;ol&gt; &lt;li&gt;&lt;code&gt;kt_candidates&lt;/code&gt;: list of nonce candidates.&lt;/li&gt; &lt;/ol&gt; &lt;ul&gt; &lt;li&gt;&lt;code&gt;sig_data&lt;/code&gt; contains the JSON for ECDSA signatures, index by trial number. JSON fields:&lt;/li&gt; &lt;/ul&gt; &lt;ol&gt; &lt;li&gt;&lt;code&gt;p&lt;/code&gt;: the prime the curve is defined over. (P-256 here.)&lt;/li&gt; &lt;li&gt;&lt;code&gt;Gx&lt;/code&gt;, &lt;code&gt;Gy&lt;/code&gt;: Generator coordinates.&lt;/li&gt; &lt;li&gt;&lt;code&gt;d&lt;/code&gt;: Ground truth ECDSA long term key.&lt;/li&gt; &lt;li&gt;&lt;code&gt;Px&lt;/code&gt;, &lt;code&gt;Py&lt;/code&gt;: Public key coordinates.&lt;/li&gt; &lt;li&gt;&lt;code&gt;h&lt;/code&gt;: SHA-256 digest to sign, encoded to the finite field.&lt;/li&gt; &lt;li&gt;&lt;code&gt;k&lt;/code&gt;: Ground truth ECDSA nonce.&lt;/li&gt; &lt;li&gt;&lt;code&gt;r&lt;/code&gt;, &lt;code&gt;s&lt;/code&gt;: ECDSA signature.&lt;/li&gt; &lt;/ol&gt; &lt;p&gt;Build&lt;/p&gt; &lt;pre&gt;&lt;code&gt;cd enum make clean make&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;Run&lt;/p&gt; &lt;p&gt;Start with &lt;code&gt;enum&lt;/code&gt; as the working directory.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;cd enum&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;Pull out a &lt;code&gt;kt&lt;/code&gt; candidate, in this example index 847.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ jq '.kt_candidates' ../kt_candidates/kt_candidates_847.json [ "0x48ad7217d10f6c7b1a3db836d38aa3972999115f38a6b3d176fc660941aa5c882d2528ec1fc27da7610e7ee3d7dd84367c380259e0386224c2c46aa2a5eb2a0" ]&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;Factor that candidate.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ time sage -c "print ecm.factor(0x48ad7217d10f6c7b1a3db836d38aa3972999115f38a6b3d176fc660941aa5c882d2528ec1fc27da7610e7ee3d7dd84367c380259e0386224c2c46aa2a5eb2a0)" [2, 2, 2, 2, 2, 3, 353, 193243, 1540830719, 9263081209, 103633959617085683, 151389566295160172521, 283135469779419532841, 572987990320782777757565685333349772719941819448953457732874126833] real 0m5.837s user 0m5.648s sys 0m0.214s&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;Now pull out the &lt;code&gt;r&lt;/code&gt; component of the ECDSA signature for that index, and convert it from hex to base 10.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ jq '.r' ../sig_data/sig_data_847.json "0x30e2ce20a8140177a31a66763d85f431acc9790dd050ffc22ed5d454cdfbbb67" $ python -c "print 0x30e2ce20a8140177a31a66763d85f431acc9790dd050ffc22ed5d454cdfbbb67" 22111746808803128586382711090186612204136854333384650261207856620766542674791&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;Now run the &lt;code&gt;enum&lt;/code&gt; tool to recover the nonce.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ ./enum Usage: ./enum &amp;lt;jobs_num&amp;gt; &amp;lt;jobs_id&amp;gt; &amp;lt;target_base_10&amp;gt; space delimited flat list of factors in base ten&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;The &lt;code&gt;&amp;lt;jobs_num&amp;gt;&lt;/code&gt; and &lt;code&gt;&amp;lt;jobs_id&amp;gt;&lt;/code&gt; arguments are to ease parallel execution; read the source code. But for a single core, pass them as &lt;code&gt;1 0&lt;/code&gt;.&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ ./enum 1 0 22111746808803128586382711090186612204136854333384650261207856620766542674791 2 2 2 2 2 3 353 193243 1540830719 9263081209 103633959617085683 151389566295160172521 2831354697794195 32841 572987990320782777757565685333349772719941819448953457732874126833 INFO:target:30E2CE20A8140177A31A66763D85F431ACC9790DD050FFC22ED5D454CDFBBB67 INFO:found:31A52C4960857E6D2F7AD82BAC7D55CE6CC9AD13B959F069002B6A949EA6A048 INFO:tests:7879&lt;/code&gt;&lt;/pre&gt; &lt;p&gt;where &lt;code&gt;221..791&lt;/code&gt; is the base-10 &lt;code&gt;r&lt;/code&gt; component of the ECDSA signature, and &lt;code&gt;2 2 .. 572..833&lt;/code&gt; is the full list of blinded nonce factors. In the output:&lt;/p&gt; &lt;ul&gt; &lt;li&gt;&lt;code&gt;INFO:target:&amp;lt;hex&amp;gt;&lt;/code&gt; is the hex form of base-10 target input (ECDSA &lt;code&gt;r&lt;/code&gt; component).&lt;/li&gt; &lt;li&gt;&lt;code&gt;INFO:found:&amp;lt;hex&amp;gt;&lt;/code&gt; is the hex form of the recovered ECDSA nonce.&lt;/li&gt; &lt;li&gt;&lt;code&gt;INFO:tests:&amp;lt;num&amp;gt;&lt;/code&gt; is the number of tested nonce candidates (scalar multiplications).&lt;/li&gt; &lt;/ul&gt; &lt;p&gt;We can see this successfully recovered the nonce (hence long term ECDSA private key) correctly:&lt;/p&gt; &lt;pre&gt;&lt;code&gt;$ jq '.k' ../sig_data/sig_data_847.json "0x31a52c4960857e6d2f7ad82bac7d55ce6cc9ad13b959f069002b6a949ea6a048"&lt;/code&gt;&lt;/pre&gt;</dct:description>
    <dct:accessRights rdf:resource="http://publications.europa.eu/resource/authority/access-right/PUBLIC"/>
    <dct:accessRights>
      <dct:RightsStatement rdf:about="info:eu-repo/semantics/openAccess">
        <rdfs:label>Open Access</rdfs:label>
      </dct:RightsStatement>
    </dct:accessRights>
    <dcat:distribution>
      <dcat:Distribution>
        <dct:rights>
          <dct:RightsStatement rdf:about="https://opensource.org/licenses/MIT">
            <rdfs:label>MIT License</rdfs:label>
          </dct:RightsStatement>
        </dct:rights>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3605805"/>
      </dcat:Distribution>
    </dcat:distribution>
    <dcat:distribution>
      <dcat:Distribution>
        <dcat:accessURL rdf:resource="https://doi.org/10.5281/zenodo.3605805">https://doi.org/10.5281/zenodo.3605805</dcat:accessURL>
        <dcat:byteSize>1295611</dcat:byteSize>
        <dcat:downloadURL rdf:resource="https://zenodo.org/record/3605805/files/research_data.zip">https://zenodo.org/record/3605805/files/research_data.zip</dcat:downloadURL>
        <dcat:mediaType>application/zip</dcat:mediaType>
      </dcat:Distribution>
    </dcat:distribution>
  </rdf:Description>
  <foaf:Project rdf:about="info:eu-repo/grantAgreement/EC/H2020/804476/">
    <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">804476</dct:identifier>
    <dct:title>Side-Channel Aware Engineering</dct:title>
    <frapo:isAwardedBy>
      <foaf:Organization>
        <dct:identifier rdf:datatype="http://www.w3.org/2001/XMLSchema#string">10.13039/501100000780</dct:identifier>
        <foaf:name>European Commission</foaf:name>
      </foaf:Organization>
    </frapo:isAwardedBy>
  </foaf:Project>
</rdf:RDF>
186
14
views
downloads
All versions This version
Views 186186
Downloads 1414
Data volume 18.1 MB18.1 MB
Unique views 164164
Unique downloads 1313

Share

Cite as