Dataset Open Access
This dataset and software tool are for reproducing the research results related to CVE-2020-10932 and CVE-2020-11735, resulting from the article "From A to Z: Projective coordinates leakage in the wild" (to appear at CHES 2020). The data was used to carry out the attack in Section 6 of the article.
[int].txt files contain an encoded page-fault trace prefixed by
A trace represents the sequence of tracked memory pages that were executed during the generation of an ECDSA signature. The trace is encoded using ASCII characters for better visualization.
The encoding follows this table:
| Functions | Symbol | Page offset | | ---------------------- |:------:|:-------:| | _gcry_ecc_ecdsa_sign | T | 0xa1000 | | _gcry_mpi_invm | . | 0xcf000 | | _gcry_mpi_set | S | 0xd5000 | | _gcry_mpi_add | A | 0xcd000 | | _gcry_mpih_sub_n | - | 0xd8000 | | _gcry_mpih_rshift | - | 0xd8000 |
_gcry_ecc_ecdsa_sign is the highest level function tracked in the attack. This allows to differentiate different calls to the
_gcry_mpi_invm function which contains an insecure version of a Binary Extended Euclidean Algorithm (BEEA).
Using these pages it is possible to locate the execution of
_gcry_mpi_invm corresponding to the computation of
Z mod p during projective to affine coordinates conversion (see
It can be seen, that
_gcry_mpih_rshift shares a page. However, they can be differentiated using mainly the caller memory page. This sharing, instead of being a drawback, allows a straightforward recovery of BEEA execution flow (see
extract_Xi functions in
The format of the
[int].dat files is as follows.
# X [hex]: Ground truth projective output of scalar multiplication, before affine conversion
# Y [hex]: Ground truth projective output of scalar multiplication, before affine conversion
# Z [hex]: Ground truth projective output of scalar multiplication, before affine conversion
# curve_name [str]: The curve (P256)
# h [hex]: Hash of the message to be signed
# k [hex]: Ground truth ECDSA nonce
# q [hex]: Curve order
# r [hex]: First component of the ECDSA signature
# s [hex]: Second component of the ECDSA signature
# x [hex]: Ground truth ECDSA private key
# y [hex] [hex]: Public key coordinates
# leak_pad [int],[int],[int]: Leakage recovered during backtracking. Example:
0,4,15 => 0 = k % 2**4 = k & 15
Unpack the data:
tar xf traces.tar.gz
Run the tooling on trace index 123:
$ python2 recover_z.py 123 INFO:recovered Z:65b9b7006bc7b030218bef1b6e569f9f7acaee059b53d669388c6b860f67e213 INFO: real Z:65b9b7006bc7b030218bef1b6e569f9f7acaee059b53d669388c6b860f67e213
The output demonstrates the recovered Z coordinate is correct, i.e. matches the ground truth.
This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 804476).
This project is distributed under MIT license.