Stealing Keys From Hardware Wallets: A Single Trace Side-Channel Attack on Elliptic Curve Scalar Multiplication Without Profiling

Dongjun Park, Minsig Choi, Gyusang Kim, Daehyeon Bae, Heeseok Kim, Seokhie Hong

    Research output: Contribution to journalArticlepeer-review

    4 Citations (Scopus)

    Abstract

    Over the past decade, decentralized cryptocurrencies have received attention in industry and academia. Hardware wallets are dedicated devices that manage cryptocurrencies safely without entrusting cryptographic keys to a third party. Side-channel attacks have been widely studied in cryptanalysis and have already been proven threatening, but analysis on hardware wallets still needs to be researched. Although the previous work demonstrated several side-channel vulnerabilities, their attacks require a finely controlled environment or a learning phase of target devices' physical properties before the attacks. This paper proposes a side-channel attack on hardware wallets extracting private keys. The proposed attack needs a single power trace measured when wallets process elliptic curve scalar multiplication with private keys. Our attack is reasonable since we do not damage the device under attack and do not target a specific device but an algorithm; it is widely applicable to wallets using that algorithm or analogous ones. It also presents the attack results conducted with three datasets: simulation, ChipWhisperer, and actual dataset collected from the Trezor Model One, the first and representative hardware wallets which comply with the de facto standard of hardware wallets.

    Original languageEnglish
    Pages (from-to)44578-44589
    Number of pages12
    JournalIEEE Access
    Volume11
    DOIs
    Publication statusPublished - 2023

    Bibliographical note

    Publisher Copyright:
    © 2013 IEEE.

    Keywords

    • Cryptocurrency
    • hardware security
    • power analysis
    • side-channel attack

    ASJC Scopus subject areas

    • General Computer Science
    • General Materials Science
    • General Engineering

    Fingerprint

    Dive into the research topics of 'Stealing Keys From Hardware Wallets: A Single Trace Side-Channel Attack on Elliptic Curve Scalar Multiplication Without Profiling'. Together they form a unique fingerprint.

    Cite this