When Constant-time Source Yields Variable-time Binary: Exploiting Curve25519-donna Built with MSVC 2015 Thierry Kaufmann 1 , Herv´ e Pelletier 1 , Serge Vaudenay 2 , and Karine Villegas 3 1 Kudelski Security, Cheseaux, Switzerland, {thierry.kaufmann, herve.pelletier}@kudelskisecurity.com 2 EPFL, Lausanne, Switzerland, serge.vaudenay@epfl.ch 3 Nagravision, Cheseaux, Switzerland, karine.villegas@nagra.com Abstract. The elliptic curve Curve25519 has been presented as pro- tected against state-of-the-art timing-attacks [2]. This paper shows that a timing attack is still achievable against a particular X25519 imple- mentation which follows the RFC 4 7748 requirements [10]. The attack allows the retrieval of the complete private key used in the ECDH pro- tocol. This is achieved due to timing leakage during Montgomery ladder execution and relies on a conditional branch in the Windows runtime library 2015. The attack can be applied remotely. Keywords: Side-channel, timing attack, ECC, RFC 7748, X25519 1 Introduction Side-channel attacks are a proven practical means of attack against crypto- graphic implementations [5]. They make use of physical quantities, e.g., electro- magnetic emanations, power consumption, photon emissions, timing variations, etc., to retrieve some sensitive information such as a secret key. Timing attacks were first presented in 1996 by Kocher [8]. They have been shown to be very ef- fective while easily performed. In particular side-channel timing attacks are not intrusive and do not require high-end equipment nor necessarily physical access to the targeted system. Thus they can be applied remotely. Elliptic curves are increasingly used in cryptography. The asymmetric keys of an ECC implementation are smaller than those required for an RSA implemen- tation with the same cryptographic security. RFC 7748 [10] presents an ECC design that uses regular operations and is thus supposed to be resistant to side- channel timing attacks. The RFC is intended to prevent use of curves which have inherent side-channel leakage weaknesses. Classical side-channel attacks against such poor ECC implementations are published regularly, e.g., [1] and [6]. 4 Requests for Comments : document series containing technical and organizational notes about the Internet