File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1109/TrustCom53373.2021.00038
- WOS: WOS:000817855700020
- Find via
Supplementary
-
Citations:
- Web of Science: 0
- Appears in Collections:
Conference Paper: Security on SM2 and GOST Signatures against Related Key Attacks
| Title | Security on SM2 and GOST Signatures against Related Key Attacks |
|---|---|
| Authors | |
| Keywords | SM2 GOST related-key attack strong known related key attack |
| Issue Date | 2021 |
| Publisher | IEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome/1800729/all-proceedings |
| Citation | 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China, 20-22 October 2021, p. 155-163 How to Cite? |
| Abstract | The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks. |
| Persistent Identifier | http://hdl.handle.net/10722/311913 |
| ISSN | |
| ISI Accession Number ID |
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | CUI, H | - |
| dc.contributor.author | QIN, X | - |
| dc.contributor.author | CAI, C | - |
| dc.contributor.author | Yuen, TH | - |
| dc.date.accessioned | 2022-04-01T09:14:51Z | - |
| dc.date.available | 2022-04-01T09:14:51Z | - |
| dc.date.issued | 2021 | - |
| dc.identifier.citation | 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Shenyang, China, 20-22 October 2021, p. 155-163 | - |
| dc.identifier.issn | 2324-898X | - |
| dc.identifier.uri | http://hdl.handle.net/10722/311913 | - |
| dc.description.abstract | The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks. | - |
| dc.language | eng | - |
| dc.publisher | IEEE. The Journal's web site is located at https://ieeexplore.ieee.org/xpl/conhome/1800729/all-proceedings | - |
| dc.relation.ispartof | 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) | - |
| dc.rights | 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Copyright © IEEE. | - |
| dc.rights | ©2021 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. | - |
| dc.subject | SM2 | - |
| dc.subject | GOST | - |
| dc.subject | related-key attack | - |
| dc.subject | strong known related key attack | - |
| dc.title | Security on SM2 and GOST Signatures against Related Key Attacks | - |
| dc.type | Conference_Paper | - |
| dc.identifier.email | Yuen, TH: johnyuen@hku.hk | - |
| dc.identifier.authority | Yuen, TH=rp02426 | - |
| dc.description.nature | link_to_subscribed_fulltext | - |
| dc.identifier.doi | 10.1109/TrustCom53373.2021.00038 | - |
| dc.identifier.hkuros | 332480 | - |
| dc.identifier.spage | 155 | - |
| dc.identifier.epage | 163 | - |
| dc.identifier.isi | WOS:000817855700020 | - |