Patent Application
20190089543
This application claims priority from EP application number 17192193.5 filed on 20 Sep. 2017. All abovementioned applications are hereby incorporated by reference in their entireties.
The present disclosure relates to a computer-implemented method for obtaining a public-key digital signature for a data message based on an Edwards-curve Digital Signature Algorithm. The disclosure further relates to a data processing device, a computer program product and a computer-readable non-transitory storage medium.
A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents. A valid digital signature gives a recipient reason to believe that the message was created by a known sender (authentication), that the sender cannot deny having sent the message (non-repudiation), and that the message was not altered in transit (integrity). Digital signatures are a standard element of most cryptographic protocol suites, and are commonly used for software distribution, financial transactions, contract management software, and in other cases where it is important to detect forgery or tampering.
A digital signature scheme typically includes a key generation algorithm, a signing algorithm and a signature verifying algorithm. The key generation algorithm may select a private key uniformly at random from a set of possible private keys and outputs the private key and a corresponding public key. The signing algorithm may produce a digital signature for a data message based on the private key. The signature verifying algorithm may accept or reject a data message's claim to authenticity based on the data message, the public key and the signature.
It is known that Elliptic Curve Cryptography (ECC) can be used to build digital signature algorithms with a smaller key size than the Digital Signature Algorithm (DSA) with the same level of security. The security of such algorithms is generally based on the Discrete Logarithm Problem (DLP). Currently the best known algorithms to solve this DLP over elliptic curves are less efficient than ones over finite fields. This allowed the fast adoption of ECC to provide security in embedded ecosystems where resources are constrained.
EdDSA can be used to perfoiiii fast public-key digital signatures as a replacement for the Elliptic Curve Digital Signature Algorithm (ECDSA).
EdDSA is implemented in many products and libraries, such as OpenSSH. It was also recently defined in RFC 8032.
EdDSA is known to have higher performance compared to ECDSA notably because of its existing straightforward, secure implementations with neither branch nor lookup operations depending on the secret values being performed during a signature.
These properties thwart many side-channel attacks. Nevertheless, it has been found that a single-fault attack against EdDSA can recover enough private key material to forge valid signatures for any message. With a single fault, it is possible to retrieve the long term private key and then forge valid signatures for any message.
It is an aim of the disclosure to make the EdDSA signature algorithm and its implementations more resistant to fault attacks.
The disclosure provides a solution for making the EdDSA signature algorithm more resistant to fault attacks.
According to an aspect of the disclosure, a computer-implemented method is proposed for obtaining a public-key digital signature for a data message based on an EdDSA algorithm, wherein the public-key digital signature comprises a first data component and a second data component. The method can comprise receiving the first data component, a public key, a secret-integer, a secret-hash and the data message. The first data component can be an intermediate result of the EdDSA obtained from the secret-hash and the data message. The secret-integer can be derived from a part of a EdDSA private key. Typically, the derivation of the secret-integer uses a hash function and may further include clamping as defined in RFC8032.The secret-hash can be derived from a part of EdDSA private key and the data message. The method can further comprise computing a first hash based on the first data component, the public key and the data message. The method can further comprise computing a second hash based on the first data component, the public key and the data message. The method can further comprise computing the second data component based on the first hash, the second hash, the secret-integer, the secret-hash and a random value. The outcome of the computing of the second data component can be correct only if the first hash and the second hash are identical.
Advantageously, the calculation of the two hashes and computing the second data component of the signature based on these two hashes makes it very difficult to perform fault attacks on the EdDSA algorithm and obtain a valid signature.
In an embodiment, the computing of the first hash and the computing of the second hash can be implemented and/or coded differently using hardware and/or software means. Hence, it becomes increasingly difficult to perform fault attacks on the EdDSA algorithm, knowing that the computation results of the hashes should be the same for obtaining the second data component of the signature.
In an embodiment, the random value can change with each computation of the second data component. This randomizes each computation of the signature to increase the security of the EdDSA algorithm.
In an embodiment, the second data component can be computed using the following formula: S=(r+h1 +(a−ri).h1+(ri−1).h2) mod , wherein “S” is the second data component, “h1” is the first hash, “h2” is the second hash, “ri” is the random value, “a” is the secret-integer, “r” is the secret-hash, and “
” is the curve order of the Edwards-curve as defined in the EdDSA standard.
In an embodiment, one or more further hashes can be computed based on the first data component, the public key and the data message. In another embodiment, it is possible to add more than one random values, as long as the introduced randomness cancels itself in the subsequent computations.
The second data component can be computed further based on the one or more further hashes. The outcome of the computing of the second data component can be correct only if the first hash, the second hash and the one or more further hashes are identical.
According to an aspect of the disclosure, a data processing device is proposed. The device can comprise a processor that is configured to perform one or more of the steps of the above described method. It will be well understood that this is not a limited example, and an integrated circuit can for example be used to implement the method.
According to an aspect of the disclosure, a computer program product is proposed. The computer program product can be implemented on a computer-readable non-transitory storage medium. The computer program product can comprise computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the steps of the above described method.
According to an aspect of the disclosure, a computer-readable non-transitory storage medium is proposed, comprising computer executable instructions which, when executed by a processor, cause the processor to carry out one or more of the steps of the above described method.
The wording first, second, third and fourth as used in the claims is not intended to indicate any particular order. This wording is used to label different elements for distinguishing the elements.
Hereinafter, embodiments of the disclosure will be described in further detail. It should be appreciated, however, that these embodiments may not be construed as limiting the scope of protection for the present disclosure.
Embodiments will now be described, by way of example only, with reference to the accompanying schematic drawings in which corresponding reference symbols indicate corresponding parts, and in which:
The figures are meant for illustrative purposes only, and do not serve as restriction of the scope or the protection as laid down by the claims.
EdDSA is a public-key signature algorithm similar to ECDSA. In RFC 8032 EdDSA is defined for two twisted Edwards curves edwards25519 and edwards448; nevertheless EdDSA may be instantiated over other curves.
EdDSA uses a private key k that is b-bits long and a hash function H that produces a 2b-bits output. One common instance is to use SHA-512 for b=256 bits. The secret-integer a is determined from H(k)=(h0, h1, . . . , h2b-1) with:
a=2b−2+Σ3≤i≤b−32i hi
The public key A is then computed from the base point B≠(0, 1) of order , chosen as per the curve specifications or peers agreement, such that A=a·B. In practice the public key and the signatures may be output according to the encoding defined in RFC 8032.
The signature (R, S) of a message M is typically computed according to the following Algorithm 1 (where the notation R corresponds to the value (yR∥bit sign of xR) constructed from R coordinates).
Amongst its differences from ECDSA, the signature computation following Algorithm 1 is deteuiiinistic, i.e., for a given message M, if multiple signatures are computed they will all be identical.
A signature may be considered valid if from the parsing of R it can be checked that R is an element of E, S is an element of {0, 1, . . . , −1} and the following equation holds in E:
8S·B=8·R+8H(R, A, M)·A
Herein, verification without the cofactor 8 is a stronger way to verify a signature.
The principle of fault attacks is to disturb the normal behavior of a device making it output erroneous results or bypass certain operations. If the fault happens during the computation of sensitive operations, the erroneous outputs may be used to recover sensitive infoimation.
An attack can for example be based on faulting operation 5 of Algorithm 1 during the computation of the signature. As long as the output of the hash is faulted and changed to a value h′≠h then the faulty signature will be (R, S′), i.e. as soon as the second part of the signature is changed. The value of a can be then recovered with:
a=(S−S′)(h−h′)−1 mod
The value of h can be computed from R, A and M which are known, however, the value h′ has to be known or guessed. This limitation can be overcome if the fault model is characterized properly and the faulted value can be guessed in a post-processing phase. For example, if the fault model is a random byte e that is an element of {1, 2, . . . , 255} injected at a random offset i after the hash computation, i.e. h′=28ie⊕h. For example, i is an element of {0, 1, . . . , 31} for edwards25519 and i is an element of {0, 1, . . . , 57} for edwards448. In the first case, all the 255·32=8160 possibilities can be tested for h′ until the computation of a·B matches the public key value A.
Even if the secret-integer a is known, it remains impossible to compute the secret-hash r=H(hb, . . . , h2b−1, M) for a new message M since the values hb, . . . , h2b−1 are not known. However, by selecting the secret-hash r as a random number, and computing a new (R, S) similarly for any message M, we have:
8S·B=8(r+H(R, A, M).a)·B=8·R+8H(R, A, M).a·B=8·R+8H(R, A, M)·A
The verification equation still holds. Thus it is possible to forge valid signatures for any message, since a verifier does not know the secret-hash r.
To overcome the above weakness and sensitivity to fault attacks, in an embodiment, S may be computed in a way which would prevent faults located in both the hash and the message to allow the recovery of the secret-integer a.
Hereto, steps 5-7 of Algorithm 1 may be replaced by the following three steps.
Step 1) Compute h1=H(R, A, M) with a first implementation.
Step 2) Compute h2=H(R, A, M) with a second implementation.
Herein the first and second implementation are different implementations. The first implementation is for example a hardware implementation, while the second implementation is a software implementation. Alternatively, two different software implementations are used. The two operations may also be implemented with two different hardware implementations. Preferably the two implementations run in parallel, but it is possible to perform these implementations in series.
Step 3) Compute S=(r+h1+(a−ri).h1+(ri−1).h2) mod
Herein, ri is a random b-bit number, changed at each signature computation.
If h1=h2=h, the signature part S will be obtained as S=r+ah mod
If h1≠h2, and a fault occuned on h1, then the following is true:
Thus, the introduction of the random r1 hinders the recovery of a in case h1≠h2, and a fault occurred on h1.
If h1≠h2, and a fault occurred on h2, then the following is true:
Thus, there is no link with the secret-integer a at all in case h1≠h2, and a fault occurred on h2.
The replacement steps of Algorithm 1 prevent faults in h1 or h2 from outputting a value which leaks the actual value of a, except if two same faults are performed on both h1 and h2. The latter is considered very difficult if not impossible because of the two implementations wherein h1 and h2 are computed. This is especially true if both implementations differ.
101: Private key=k (b bits)
102: Hash=H(x) (2b bits)
103: Message=M
110: Left half=H[0:b-1] (b bits)
111: Clamp as per RFC8032
112: Secret-integer=a (b bits)
113: Basepoint multiplication and point encoding
114: Public key=A (b bits)
120: Right half=H[b:2b] (b bits)
121: Hash=H(x) (2b bits)
122: Secret-hash=r (2b bits)
123: Basepoint multiplication and point encoding
124: R part of the signature=R (b bits)
130: Final hash input=R, A, M
140: Compute h1=H(R, A, M)
141: Final hash=h1 (2b bits)
150: Compute h2=H(R, A, M)
151: Final hash=h2 (2b bits)
160: Compute S=(r+h1+(a+ri).h1+(ri−1).h2) mod
161: Random value=ri (at least b bits)
170: S part of the signature=S (b bits)
The variables and operations used in
In
Note that the other signature component R is an intermediate result of the EdDSA algorithm, as shown in
The resulting signature of the improved EdDSA algorithm is (R, S).
In an alternative embodiment, more than two hashes may be calculated in different implementations. The computation of the signature component S may then be based on these more than two hashes and produce a valid signature if all computed hashes are the same.
A message M may be input to the device 1, for which a public-key digital signature (R, S) is to be obtained. Output of the device 1 may be the obtained signature (R, S).
The computer executable instructions 20 form the improved EdDSA algorithm and includes a first implementation 21 for calculating the first hash h1 and a second implementation 22 for calculating the second hash h2. The resulting hashes are used to compute the second data component S of the signature. The first data component R of the signature is an intermediate result of the EdDSA algorithm, as shown in
One or more embodiments of the disclosure may be implemented as a computer program product for use with a computer system. The program(s) of the program product may define functions of the embodiments (including the methods described herein) and can be contained on a variety of computer-readable storage media. The computer-readable storage media may be non-transitory storage media. Illustrative computer-readable storage media include, but are not limited to: (i) non-writable storage media (e.g., read-only memory devices within a computer such as CD-ROM disks readable by a CD-ROM drive, ROM chips or any type of solid-state non-volatile semiconductor memory) on which information may be permanently stored; and (ii) writable storage media (e.g., hard disk drive or any type of solid-state random-access semiconductor memory, flash memory) on which alterable information may be stored.
| Number | Date | Country | Kind |
|---|---|---|---|
| 17192193.5 | Sep 2017 | EP | regional |
