From A to Z: Projective coordinates leakage in the wild: research data and tooling

Description

This dataset and software tool are for reproducing the research results related to CVE-2020-10932 and CVE-2020-11735, resulting from the article "From A to Z: Projective coordinates leakage in the wild" (to appear at CHES 2020). The data was used to carry out the attack in Section 6 of the article.

Data format

txt files

The [int].txt files contain an encoded page-fault trace prefixed by trace:.

A trace represents the sequence of tracked memory pages that were executed during the generation of an ECDSA signature. The trace is encoded using ASCII characters for better visualization.

The encoding follows this table:

| Functions              | Symbol | Page offset |
| ---------------------- |:------:|:-------:|
| _gcry_ecc_ecdsa_sign   |    T   | 0xa1000 |
| _gcry_mpi_invm         |    .   | 0xcf000 |
| _gcry_mpi_set          |    S   | 0xd5000 |
| _gcry_mpi_add          |    A   | 0xcd000 |
| _gcry_mpih_sub_n       |    -   | 0xd8000 |
| _gcry_mpih_rshift      |    -   | 0xd8000 |

_gcry_ecc_ecdsa_sign is the highest level function tracked in the attack. This allows to differentiate different calls to the _gcry_mpi_invm function which contains an insecure version of a Binary Extended Euclidean Algorithm (BEEA).

Using these pages it is possible to locate the execution of _gcry_mpi_invm corresponding to the computation of Z mod p during projective to affine coordinates conversion (see preprocess_trace function).

It can be seen, that _gcry_mpih_sub_n and _gcry_mpih_rshift shares a page. However, they can be differentiated using mainly the caller memory page. This sharing, instead of being a drawback, allows a straightforward recovery of BEEA execution flow (see extract_Zi and extract_Xi functions in recover_z.py).

dat files

The format of the [int].dat files is as follows.

• # X [hex]: Ground truth projective output of scalar multiplication, before affine conversion
• # Y [hex]: Ground truth projective output of scalar multiplication, before affine conversion
• # Z [hex]: Ground truth projective output of scalar multiplication, before affine conversion
• # curve_name [str]: The curve (P256)
• # h [hex]: Hash of the message to be signed
• # k [hex]: Ground truth ECDSA nonce
• # q [hex]: Curve order
• # r [hex]: First component of the ECDSA signature
• # s [hex]: Second component of the ECDSA signature
• # x [hex]: Ground truth ECDSA private key
• # y [hex] [hex]: Public key coordinates
• # leak_pad [int],[int],[int]: Leakage recovered during backtracking. Example: 0,4,15 => 0 = k % 2**4 = k & 15

Tooling

The recover_z.py script

• Loads a trace.
• Recovers the corresponding Z coordinate from the trace data.
• verifies the recovered Z matches the ground truth Z.

Example

Unpack the data:

tar xf traces.tar.gz

Run the tooling on trace index 123:

$ python2 recover_z.py 123
INFO:recovered Z:65b9b7006bc7b030218bef1b6e569f9f7acaee059b53d669388c6b860f67e213
INFO:     real Z:65b9b7006bc7b030218bef1b6e569f9f7acaee059b53d669388c6b860f67e213

The output demonstrates the recovered Z coordinate is correct, i.e. matches the ground truth.

Credits

Authors

• Alejandro Cabrera Aldaya (Tampere University, Tampere, Finland)
• Cesar Pereida García (Tampere University, Tampere, Finland)
• Billy Bob Brumley (Tampere University, Tampere, Finland)

Funding

This project has received funding from the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 804476).

License

This project is distributed under MIT license.