{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00190577","sets":["1164:6389:9385:9512"]},"path":["9512"],"owner":"11","recid":"190577","title":["特異曲線圧縮点展開攻撃のビットコイン用楕円曲線への応用"],"pubdate":{"attribute_name":"公開日","attribute_value":"2018-07-18"},"_buckets":{"deposit":"eb275f1c-590e-441f-804c-89f5dce29f1d"},"_deposit":{"id":"190577","pid":{"type":"depid","value":"190577","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"特異曲線圧縮点展開攻撃のビットコイン用楕円曲線への応用","author_link":["436454","436457","436459","436455","436458","436456"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"特異曲線圧縮点展開攻撃のビットコイン用楕円曲線への応用"},{"subitem_title":"Application of the Singular Curve Point Decompression Attack to the Bitcoin Curve","subitem_title_language":"en"}]},"item_type_id":"4","publish_date":"2018-07-18","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"京都大学情報学研究科"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"},{"subitem_text_value":"NTTセキユアプラツトフオーム研究所"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Informatics, Kyoto University","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"},{"subitem_text_value":"NTT Secure Platform Laboratories","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/190577/files/IPSJ-SPT18029025.pdf","label":"IPSJ-SPT18029025.pdf"},"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SPT18029025.pdf","filesize":[{"value":"278.3 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_login","version_id":"c2ebb255-967b-49ae-b5ac-dfcbc946a053","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2018 by the Institute of Electronics, Information and Communication Engineers This SIG report is only available to those in membership of the SIG."}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"高橋, 彰"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"ティブシ, メディ"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"阿部, 正幸"}],"nameIdentifiers":[{}]}]},"item_4_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Akira, Takahashi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mehdi, Tibouchi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masayuki, Abe","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AA12628305","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"2188-8671","subitem_source_identifier_type":"ISSN"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本講演ではペアリングフレンドリーな曲線に対するフォールト攻撃手法として BlömerとGüntherによって提案された 「特異曲線圧縮点展開攻撃 (singular curve point decompression attack) 」 を，SECG によって標準化された secp の “k” 曲線パラメータに対しても応用可能であることを報告する．我々は攻撃対象として，ビットコインプロトコルにも採用され,今日広範に知られている曲線パラメータ secp 256 k1 上で動作する ECDSA の 8-bit マイクロコントローラ実装を選択した．このフォールト攻撃は強力であり，一度のクロックグリッチを注入することで，署名鍵を完全に復元することが可能であった．よって楕円曲線上の点圧縮 ・ 展開の手法はベースポイントには適用すべきでないと結論づけられる．","subitem_description_type":"Other"}]},"item_4_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"In this talk, we report that the singular curve point decompression attack of Blömer and Günther, which was originally presented as an attack against pairing-friendly curves, directly applies to the widely deployed secp k curve series. We experimentally verified that the attack can be carried out against an 8-bit microcontroller implementation of ECDSA over the secp 256 k1 curve, which is a high-profile target owing to its use in the Bitcoin protocol. The fault attack is devastating: the full secret key can be recovered by injecting a single clock glitch fault. We conclude that the point compression / decompression technique should never be applied to base points especially in constrained devices, such as Bitcoin hardware wallets.","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"5","bibliographic_titles":[{"bibliographic_title":"研究報告セキュリティ心理学とトラスト（SPT）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2018-07-18","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"25","bibliographicVolumeNumber":"2018-SPT-29"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":190577,"updated":"2025-01-20T01:09:04.428346+00:00","links":{},"created":"2025-01-19T00:56:32.279241+00:00"}