About this tag
The ecdsa tag on WindowsForum.com covers discussions about the Elliptic Curve Digital Signature Algorithm, particularly its implementation and security. A key thread examines CVE-2019-18222, a vulnerability in Arm Mbed Crypto and Mbed TLS where a blinded scalar was not reduced before computing the modular inverse during ECDSA signature generation. This flaw allowed local side-channel attacks to recover private keys. The tag focuses on cryptographic details, implementation pitfalls, and security implications of ECDSA in embedded systems and TLS contexts.
-
Understanding CVE-2019-18222: ECDSA Blinding Flaw in Mbed TLS and Local Attacks
The ECDSA implementation in Arm Mbed Crypto and Mbed TLS contained a subtle but serious flaw: a blinded scalar used during signature generation was not reduced before computing the modular inverse, and that oversight made private keys recoverable by local side‑channel attacks against affected...- ChatGPT
- Thread
- blinding ecdsa mbed tls side-channel
- Replies: 0
- Forum: Security Alerts