Security on SM2 and GOST signatures against related key attacks

Handong Cui; Xianrui Qin; Cailing Cai; Tsz Hon Yuen

doi:10.1109/TrustCom53373.2021.00038

Security on SM2 and GOST signatures against related key attacks

Handong Cui
, Xianrui Qin
, Cailing Cai
, Tsz Hon Yuen

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

1 Citation (Scopus)

Abstract

The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks.

Original language	English
Title of host publication	Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021
Editors	Liang Zhao, Neeraj Kumar, Robert C. Hsu, Deqing Zou
Place of Publication	Piscataway NJ USA
Publisher	IEEE, Institute of Electrical and Electronics Engineers
Pages	155-163
Number of pages	9
ISBN (Electronic)	9781665416580
ISBN (Print)	9781665416597
DOIs	https://doi.org/10.1109/TrustCom53373.2021.00038
Publication status	Published - 2021
Externally published	Yes
Event	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2021 - Shenyang, China Duration: 20 Oct 2021 → 22 Oct 2021 Conference number: 20th

Conference

Conference	IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2021
Abbreviated title	TrustCom 2021
Country/Territory	China
City	Shenyang
Period	20/10/21 → 22/10/21

Keywords

GOST
related-key attack
SM2
strong known related key attack

Access to Document

10.1109/TrustCom53373.2021.00038

Cite this

Cui, H., Qin, X., Cai, C., & Yuen, T. H. (2021). Security on SM2 and GOST signatures against related key attacks. In L. Zhao, N. Kumar, R. C. Hsu, & D. Zou (Eds.), Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021 (pp. 155-163). IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/TrustCom53373.2021.00038

Cui, Handong ; Qin, Xianrui ; Cai, Cailing et al. / Security on SM2 and GOST signatures against related key attacks. Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021. editor / Liang Zhao ; Neeraj Kumar ; Robert C. Hsu ; Deqing Zou. Piscataway NJ USA : IEEE, Institute of Electrical and Electronics Engineers, 2021. pp. 155-163

@inproceedings{1561cd010221468cbad4c434a416815c,

title = "Security on SM2 and GOST signatures against related key attacks",

abstract = "The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks.",

keywords = "GOST, related-key attack, SM2, strong known related key attack",

author = "Handong Cui and Xianrui Qin and Cailing Cai and Yuen, \{Tsz Hon\}",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2021, TrustCom 2021 ; Conference date: 20-10-2021 Through 22-10-2021",

year = "2021",

doi = "10.1109/TrustCom53373.2021.00038",

language = "English",

isbn = "9781665416597",

pages = "155--163",

editor = "Liang Zhao and Neeraj Kumar and Hsu, \{Robert C.\} and Deqing Zou",

booktitle = "Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021",

publisher = "IEEE, Institute of Electrical and Electronics Engineers",

address = "United States of America",

}

Cui, H, Qin, X, Cai, C & Yuen, TH 2021, Security on SM2 and GOST signatures against related key attacks. in L Zhao, N Kumar, RC Hsu & D Zou (eds), Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021. IEEE, Institute of Electrical and Electronics Engineers, Piscataway NJ USA, pp. 155-163, IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2021, Shenyang, China, 20/10/21. https://doi.org/10.1109/TrustCom53373.2021.00038

Security on SM2 and GOST signatures against related key attacks. / Cui, Handong; Qin, Xianrui; Cai, Cailing et al.
Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021. ed. / Liang Zhao; Neeraj Kumar; Robert C. Hsu; Deqing Zou. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers, 2021. p. 155-163.

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Security on SM2 and GOST signatures against related key attacks

AU - Cui, Handong

AU - Qin, Xianrui

AU - Cai, Cailing

AU - Yuen, Tsz Hon

N1 - Conference code: 20th

PY - 2021

Y1 - 2021

N2 - The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks.

AB - The US Standard (EC)DSA is currently almost the most popular digital signature scheme. Chinese and Russian governments also proposed their counterparts: SM2 and GOST R 34.10 (GOST). Nowadays, there are already many industrial applications supporting SM2 and GOST digital signatures. Unfortunately, the existing analyses for SM2 and GOST are rather limited when compared to ECDSA. This paper focuses on the security of SM2 and GOST from the viewpoints of RKA security (related-key attack) and sKRKA security (strong known related key attack). RKA captures the real attacks of tampering and fault injection in hardware-stored secret keys. sKRKA, a recently proposed security model modified from RKA, captures the real attacks in the BIP-32 HD wallet and the stealth address used in Monero. It was proved that ECDSA is insecure in the RKA model (ICISC 2015) and but secure in the sKRKA model (NSS 2019). In this work, we proved that GOST is insecure in both RKA and skRKA models, but SM2 is secure in both RKA and sKRKA models. This result well differentiates the security of ECDSA, SM2 and GOST, and demonstrates that Chinese SM2 is capable to construct secure cryptocurrency systems using BIP-32 HD wallet or stealth address, as secure as ECDSA, but outperforms ECDSA in resisting tampering or fault injection attacks.

KW - GOST

KW - related-key attack

KW - SM2

KW - strong known related key attack

UR - https://www.scopus.com/pages/publications/85127414420

U2 - 10.1109/TrustCom53373.2021.00038

DO - 10.1109/TrustCom53373.2021.00038

M3 - Conference Paper

AN - SCOPUS:85127414420

SN - 9781665416597

SP - 155

EP - 163

BT - Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021

A2 - Zhao, Liang

A2 - Kumar, Neeraj

A2 - Hsu, Robert C.

A2 - Zou, Deqing

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Piscataway NJ USA

T2 - IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2021

Y2 - 20 October 2021 through 22 October 2021

ER -

Cui H, Qin X, Cai C, Yuen TH. Security on SM2 and GOST signatures against related key attacks. In Zhao L, Kumar N, Hsu RC, Zou D, editors, Proceedings - 2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2021. Piscataway NJ USA: IEEE, Institute of Electrical and Electronics Engineers. 2021. p. 155-163 doi: 10.1109/TrustCom53373.2021.00038

Security on SM2 and GOST signatures against related key attacks

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this