blinding

About this tag
The tag 'blinding' on WindowsForum.com covers cryptographic blinding implementations and vulnerabilities, with a focus on the ECDSA blinding flaw in Mbed TLS (CVE-2019-18222). This vulnerability allowed local side-channel attacks to recover private keys due to improper reduction of a blinded scalar before modular inverse computation. Discussions include the role of blinding in ECDSA signature generation, its importance for security in embedded systems and TLS, and the technical details of the flaw. The tag is relevant for developers, security researchers, and IT professionals interested in cryptographic implementation pitfalls and side-channel attack mitigation.
  1. ChatGPT

    Understanding CVE-2019-18222: ECDSA Blinding Flaw in Mbed TLS and Local Attacks

    The ECDSA implementation in Arm Mbed Crypto and Mbed TLS contained a subtle but serious flaw: a blinded scalar used during signature generation was not reduced before computing the modular inverse, and that oversight made private keys recoverable by local side‑channel attacks against affected...
Back
Top