1. Technical Field
The present disclosure refers to digital data cryptography technology and in particular to a method for generating a digital signature for digital data.
2. Description of the Related Art
Nowadays, cryptography performs a fundamental role in the communication of digital data in order to ensure an adequate level of safety of the communication by satisfying requirements as, on the one hand, confidentiality or privacy of the digital data exchanged and, on the other hand, authenticity of the digital data exchanged or of the subjects involved in the communication of the digital data.
With regard to authenticity, in cryptography different so-called digital signature algorithms or methods have been developed that are used, for example, to sign and verify digital documents in order to verify their authenticity. Moreover, such digital signature algorithms or methods are used in systems with relative integrated software (better known by the term “embedded”) in order to verify that the software itself is genuine. Furthermore, digital signature algorithms or methods are widely used in the field of smart cards to authenticate digital documents. Moreover, such digital signature algorithms or methods are also adopted in different protocols in the field of communication networks in order to authenticate the identity of the subjects, such as the users or the electronic devices connected to a communication network, in a secure manner.
A known digital signature algorithm or method is the Elliptic Curve Digital Signature Algorithm (ECDSA) belonging to the more general family of Digital Signature Algorithms DSA.
The ECDSA digital signature algorithm is a cryptographic algorithm with a public key that, as known, is based on a non-invertible operation, i.e., an operation that involves a secret key, but through the use of which it is not possible to obtain the secret key used.
The ECDSA digital signature algorithm consists of an algorithm for generating a digital signature and an algorithm for verifying such a digital signature.
The implementation of such algorithms, respectively for generating and verifying a digital signature, involves the preliminary generation, during the step of set-up of the electronic device, of a secret key d and of a public key Y to be used, by the electronic device, in the authentication of the digital data.
The ECDSA algorithm or method for generating a digital signature generates the digital signature (r, s) of a message (M) based on the secret key (d) and on a random number (k) generated whenever the algorithm for generating a digital signature is executed.
In particular, the digital signature consists of determining a pair of elements, i.e.:
a first element (r) of the digital signature representative of the x coordinate of a point obtained from the scalar multiplication of the random number k by a point P of an elliptic curve whose coordinates are set by the NIST (National Institute of Standards and Technology) standard (r=xk·P);
a second element (s) of the digital signature obtained with the following mathematical relationship (1):s=(e+r·d)·k−1 mod n  (1)in which
e represents the hash function (per sé known) of the message M to be signed (e=h(M)),
r represents the first element of the digital signature,
d is the secret encryption key associated with the electronic device,
mod n represents the order module n (with n order of the elliptic curve) of the multiplication indicated above.
The ECDSA algorithm for verifying a digital signature carries out a test on the signature generated by the ECDSA algorithm for generating a digital signature based on the public key Y, on the hash function of the message M (e=h(M)), on the digital signature generated (r, s) in order to verify whether the digital signature tested is actually the digital signature generated by the electronic device configured to implement the ECDSA digital signature algorithm.
With particular reference to the ECDSA algorithm or method for generating a digital signature (or in general also an algorithm for generating a digital signature DSA) described above, it is based on a security model studied to be immune to the types of attack developed by crackers who continually try to infringe, from an electronic and/or information point of view, the pre-existing digital signature algorithms DSA in order to recover the secret key in an unauthorized manner and be able to authenticate the digital documents or messages or be able to authenticate themselves at the expense of the legitimate subjects authorized to do so.
Amongst the latest types of attack, it is certainly worth mentioning the types of attack defined as side channel attack.
A side channel attack is an attack by which the recovery of secret information (in particular, the secret key) is obtained by a cracker not by exploiting particular mathematical theory weaknesses but rather by exploiting problems linked to the implementation of the digital signature algorithm or method.
A side channel attack may involve the cracker monitoring the power consumption or electromagnetic radiation or else of injecting a fault (overvoltage or glitch, even undervoltage) into the electronic device configured to implement an algorithm for generating the digital signature DSA. From the comparison between the digital signature obtained from the electronic device in the case of injected fault and the digital signature obtained from the electronic device in normal operation (without perturbations from the cracker) or by monitoring power consumption, a cracker is able to obtain basic information to successfully recover the secret key used by the electronic device under attack.
However, the evolution that these and other types of attack have undergone in recent years has also made the algorithm for generating the digital signature ECDSA vulnerable to infringement with regard to the recovery of the secret key generated.