Attacking ECDSA Of SM2

Elliptic Curve Cryptography(ECC)was proposed by Neal Koblitz and Vic-tor Miller in 1985.It can be seen as the use of elliptic curve to simulate the previous cryptosystem based on discrete logarithm problem(DLP),and select a special point group on the elliptic curve to perform confidential ope.ration.Due to the intractabilit,y of the elliptic curve discrete logarithm problem(ECDLP),the security of the cryptosystem is guaranteed.Due to the special structure of the elliptic curve,under the same security standard,it has a smaller key size than the conventional cryptosystem based on the ordinary finite number group.Elliptic curve digital signature(ECDSA)is the simulation of digital signature algorithm DSA using elliptic curve.ECDSA was first proposed by Scott Vanstone in 1992 in response to NIST's Digital Signature Standard(DSS)requirements.A digital signature is a digital string that can only be generated by the sender of the information and cannot be forged by others.It is an effective proof of the authenticity of the information and the sender.Security is also based on the intractability of the elliptic curve discrete logarithm problem(ECDLP).Due to various calculations in the signature process,it is very difficult to direct-ly use the signature information.Kocher proposed a channel measurement attack that bypasses the processing of difficult problems in mathematics and directly an-alyzes the actual operation of the signature.The attacker can obtain part of the internal data in the signature process through the channel measurement attack.Assuming that the attacker obtained multiple sets of signatures,theoretically,the attacker obtained more information than only one set of signatures.How to use more information to recover the signer's privatekey becomes a new problem.The attacker uses the hidden number problem(HNP)to process the obtained information,convert the recovered key to solve the hidden number problem,and further solve the hidden number problem through the grid.In 2016,Fan Shuqin proposed this method of circumventing the difficulty of mathematics and attack-ing the elliptic curve digital signature to recover the signer's private key through side channel attacks and other inevitable software vulnerabilities.In this paper,this method is used to analyze the SM2 digital signature system.This article first introduces the problems related to the elliptic curve digi-tal signature algorithm,and also introduces the(hidden number)HNP problem and its variant multivariate HNP problem and(extended hidden number)EHNP problem,and briefly introduces the side channel attack Flush+we use Reload attack.The attack on the SM2 digital signature is divided into the following steps:the first step is to analyze the SM2 digital signature system,we find the relationship between the temporary key and the user's private key;the second step is to obtain the signature through a side channel attack Part of the informa-tion of the temporary key;in the third step,we sort out the obtained information through the relationship between the temporary key we obtained and the user's private key,and convert the problem of solving the user's private key into the solution of the EHNP problem;in the fourth step,we use the grid Method to solve the EHNP problem.The result of this attack is related to the window size of the wNAF used during signing.If the window size is 3,then it is possible for us to recover the key using 3 signature information.The key is recovered with a probability of ninety.The dimension of the matrix we generated when solving the EHNP problem is D=d+1+L,where d is the number of signature information used,L is related to the result of the side channel attack,and as the number of samples involved in the calculation increases,the matrix The number of dimen-sions is also increasing significantly.Each additional signature information will increase the dimension of the 53-dimensional generator matrix on average,which will make the difficulty of solving the CVP problem significantly increase.