特異曲線圧縮点展開攻撃のビットコイン用楕円曲線への応用

Presentation	2018-07-25 Application of the Singular Curve Point Decompression Attack to the Bitcoin Curve Akira Takahashi, Mehdi Tibouchi, Masayuki Abe,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	In this talk, we report that the singular curve point decompression attack of Bl?mer and G?nther, which was originally presented as an attack against pairing-friendly curves, directly applies to the widely deployed secp k curve series. We experimentally verified that the attack can be carried out against an 8-bit microcontroller implementation of ECDSA over the secp256k1 curve, which is a high-profile target owing to its use in the Bitcoin protocol. The fault attack is devastating: the full secret key can be recovered by injecting a single clock glitch fault. We conclude that the point compression/decompression technique should never be applied to base points especially in constrained devices, such as Bitcoin hardware wallets.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	ECDSA / secp256k1 / Fault attack / Singular Curve Point Decompression Attack
Paper #	ISEC2018-28,SITE2018-20,HWS2018-25,ICSS2018-31,EMM2018-27
Date of Issue	2018-07-18 (ISEC, SITE, HWS, ICSS, EMM)

Conference Information
Committee	HWS / ISEC / SITE / ICSS / EMM / IPSJ-CSEC / IPSJ-SPT
Conference Date	2018/7/25(2days)
Place (in Japanese)	(See Japanese page)
Place (in English)	Sapporo Convention Center
Topics (in Japanese)	(See Japanese page)
Topics (in English)	Security, etc.
Chair	Tsutomu Matsumoto(Yokohama National Univ.) / Atsushi Fujioka(Kanagawa Univ.) / Tetsuya Morizumi(Kanagawa Univ.) / Yoshiaki Shiraishi(Kobe Univ.) / Keiichi Iwamura(TUC)
Vice Chair	Shinichi Kawamura(Toshiba) / Makoto Ikeda(Univ. of Tokyo) / Shiho Moriai(NICT) / Shoichi Hirose(Univ. of Fukui) / Masaru Ogawa(Kobe Gakuin Univ.) / Takushi Otani(Kibi International Univ.) / Hiroki Takakura(NII) / Katsunari Yoshioka(Yokohama National Univ.) / Minoru Kuribayashi(Okayama Univ.) / Tetsuya Kojima(NIT,Tokyo College)
Secretary	Shinichi Kawamura(Kobe Univ.) / Makoto Ikeda(SECOM) / Shiho Moriai(Tokai Univ.) / Shoichi Hirose(NICT) / Masaru Ogawa(Tokyo Univ. of the Arts) / Takushi Otani(Toyo Eiwa Univ.) / Hiroki Takakura(NTT) / Katsunari Yoshioka(NICT) / Minoru Kuribayashi(NIT, Tokyo) / Tetsuya Kojima(Tyukyo Univ.)
Assistant	/ Kazunari Omote(Tsukuba Univ.) / Yuuji Suga(IIJ) / Hisanori Kato(KDDI Research) / Nobuyuki Yoshinaga(Yamaguchi Pref Univ.) / Daisuke Suzuki(Hokuriku Univ.) / Akira Yamada(KDDI labs.) / Keisuke Kito(Mitsubishi Electric) / Hiroko Akiyama(National Institute of Technology, Nagano College) / キタヒロカネダ(CANON)

Paper Information
Registration To	Technical Committee on Hardware Security / Technical Committee on Information Security / Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Information and Communication System Security / Technical Committee on Enriched MultiMedia / Special Interest Group on Computer Security / Special Interest Group on Security Psychology and Trust
Language	ENG-JTITLE
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Application of the Singular Curve Point Decompression Attack to the Bitcoin Curve
Sub Title (in English)
Keyword(1)	ECDSA
Keyword(2)	secp256k1
Keyword(3)	Fault attack
Keyword(4)	Singular Curve Point Decompression Attack
1st Author's Name	Akira Takahashi
1st Author's Affiliation	Kyoto University(Kyoto Univ.)
2nd Author's Name	Mehdi Tibouchi
2nd Author's Affiliation	NTT Secure Platform Laboratories(NTT)
3rd Author's Name	Masayuki Abe
3rd Author's Affiliation	NTT Secure Platform Laboratories(NTT)
Date	2018-07-25
Paper #	ISEC2018-28,SITE2018-20,HWS2018-25,ICSS2018-31,EMM2018-27
Volume (vol)	vol.118
Number (no)	ISEC-151,SITE-152,HWS-153,ICSS-154,EMM-155
Page	pp.pp.149-153(ISEC), pp.149-153(SITE), pp.149-153(HWS), pp.149-153(ICSS), pp.149-153(EMM),
#Pages	5
Date of Issue	2018-07-18 (ISEC, SITE, HWS, ICSS, EMM)