top | item 39051247

(no title)

Could someone enlighten me on how one goes about testing whether a particular crypto implementation is vulnerable to side-channel attacks?

In high school I implemented a basic ECDH key exchange algorithm, which I compiled to WASM, and it can be tested at the bottom of my blog: https://gredal.dev/projects/elliptic-curves

Using only the WASM blob, without looking at the source code for exploits, how would Alice find Bobs private key?

discuss

lifthrasiir|2 years ago

By changing one's system clock.

Your code shows that `random` is seeded with `time(nullptr)` which has a second precision, so you can guess the generated private key by knowing the exact second the wasm module was initialized and the number of `random` calls until the eventual key was derived. You can see this yourself by loading two identical windows around the same time and generate keypairs from both, resulting in the same keypairs.

Even the most generous assumption gives only ~30 bits of information entropy, so it is extremely unsafe. Forget side-channel attacks---you are not even prepared against direct attacks.

adrianN|2 years ago

I would recommend using the crypto implementation to secure a large amount of money. If it is vulnerable, the money will disappear eventually.