pith. sign in

arxiv: 2512.07292 · v2 · submitted 2025-12-08 · 💻 cs.CR

Breaking ECDSA with Electromagnetic Side-Channel Attacks: Challenges and Practicality on Modern Smartphones

Felix Oberhansl , Marc Schink , Nisha Jacob Kabakci , Michael Gruber , Dominik Klein , Sven Freud , Tobias Damm , Michael Hartmeier
show 4 more authors
Ivan Gavrilan Silvan Streit Jonas Stappenbeck Andreas Zankl
This is my paper

Pith reviewed 2026-05-17 01:11 UTC · model grok-4.3

classification 💻 cs.CR
keywords ECDSAelectromagnetic side-channelnonce leakagesmartphone SoCOpenSSLlibgcryptsecure elementphysical attacks
0
0 comments X p. Extension

The pith

Electromagnetic leakage lets attackers recover ECDSA secrets from OpenSSL on modern smartphone chips despite added complexity.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that electromagnetic side-channel analysis remains practical on current smartphone system-on-chips even after years of hardware evolution toward heterogeneous clusters, sub-10 nm processes, and clock speeds above 2 GHz. The authors adapt attack techniques to these platforms and apply the Nonce@Once method to extract ECDSA signing secrets from OpenSSL on both a Raspberry Pi 4 and a Fairphone 4. They further show that a known countermeasure in libgcrypt does not stop the leakage. Readers care because smartphones now handle payments, messaging, and upcoming digital-identity wallets, so any persistent physical attack surface directly affects real-world security assumptions.

Core claim

Using attack methodologies tailored to modern SoCs, the work recovers ECDSA secrets from OpenSSL by mounting the Nonce@Once attack and demonstrates that the libgcrypt countermeasure does not fully mitigate the leakage on tested devices.

What carries the argument

Nonce@Once attack, which extracts the private key by combining partial nonce leakage observed through electromagnetic emanations during ECDSA signing.

If this is right

  • Software libraries such as OpenSSL on Android require additional side-channel protections for ECDSA.
  • The libgcrypt countermeasure must be strengthened or replaced to address the demonstrated leakage.
  • Smartphone threat models for digital-identity and payment applications must account for physical EM access.
  • Hardware vendors should evaluate whether current SoC designs sufficiently suppress exploitable emanations.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the attack scales, regulatory requirements for the European Digital Identity wallet would need to mandate certified secure elements rather than relying on main SoC software crypto.
  • Similar leakage might affect other elliptic-curve implementations or even post-quantum algorithms on the same platforms.
  • Device-specific case studies suggest that attack success varies with exact OS version and power-management settings, pointing to a need for per-model testing.

Load-bearing premise

Electromagnetic leakage from the processor remains detectable and usable for key recovery on heterogeneous high-frequency sub-10 nm chips.

What would settle it

Observing no usable electromagnetic leakage patterns during repeated ECDSA signing operations on a Snapdragon 750G or similar SoC would falsify the feasibility result.

Figures

Figures reproduced from arXiv: 2512.07292 by Andreas Zankl, Dominik Klein, Felix Oberhansl, Ivan Gavrilan, Jonas Stappenbeck, Marc Schink, Michael Gruber, Michael Hartmeier, Nisha Jacob Kabakci, Silvan Streit, Sven Freud, Tobias Damm.

Figure 1
Figure 1. Figure 1: EM traces for a single Montgomery ladder [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Leakage assessment results depicting t-values [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 4
Figure 4. Figure 4: Single step on the Montgomery ladder on one of [PITH_FULL_IMAGE:figures/full_fig_p009_4.png] view at source ↗
Figure 5
Figure 5. Figure 5: Single step on the Montgomery ladder on one of [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: STFT for a single step on the Montgomery [PITH_FULL_IMAGE:figures/full_fig_p010_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: Measurement setup for EM SCA of the Fair [PITH_FULL_IMAGE:figures/full_fig_p010_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Trace of the scalar-by-point multiplication [PITH_FULL_IMAGE:figures/full_fig_p012_8.png] view at source ↗
Figure 9
Figure 9. Figure 9: Success rates for key recovery by lattice re [PITH_FULL_IMAGE:figures/full_fig_p012_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Raspberry Pi 4 Model B Target of two), which are comparatively short. The operations can be clearly mapped to the 5-2-1-2-3-1-3-3 pattern of blocks in the bandpass-filtered signal and adjacent peaks in the bandpass + absolute + sliding-median filtered signal of [PITH_FULL_IMAGE:figures/full_fig_p018_10.png] view at source ↗
Figure 13
Figure 13. Figure 13: shows that the CNN’s average probability value is around 90 % for correct and 75 % for incorrect guesses. The probability’s standard deviation of incorrect correct, cond = 0 correct, cond = 1 false, cond = 0, guessed = 1 false, cond = 1, guessed = 0 Prediction Result 0.5 0.6 0.7 0.8 0.9 1.0 Probability the CNN estimates for its prediction [PITH_FULL_IMAGE:figures/full_fig_p019_13.png] view at source ↗
read the original abstract

Smartphones handle sensitive tasks such as messaging and payment and may soon support critical electronic identification through initiatives such as the European Digital Identity (EUDI) wallet, currently under development. Yet the susceptibility of modern smartphones to physical side-channel analysis (SCA) is underexplored, with recent work limited to pre-2019 hardware. Since then, smartphone system on chip (SoC) platforms have grown more complex, with heterogeneous processor clusters, sub 10 nm nodes, and frequencies over 2 GHz, potentially complicating SCA. In this paper, we assess the feasibility of electromagnetic (EM) SCA on a Raspberry Pi 4, featuring a Broadcom BCM2711 SoC and a Fairphone 4 featuring a Snapdragon 750G 5G SoC. Using new attack methodologies tailored to modern SoCs, we recover ECDSA secrets from OpenSSL by mounting the Nonce@Once attack of Alam et al. (Euro S&P 2021) and show that the libgcrypt countermeasure does not fully mitigate it. We present case studies illustrating how hardware and software stacks impact EM SCA feasibility. Motivated by use cases such as the EUDI wallet, we survey Android cryptographic implementations and define representative threat models to assess the attack. Our findings show weaknesses in ECDSA software implementations and underscore the need for independently certified secure elements (SEs) in all smartphones.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript assesses the feasibility of electromagnetic side-channel attacks on ECDSA implementations within OpenSSL on modern smartphone SoCs, using a Raspberry Pi 4 (Broadcom BCM2711) and Fairphone 4 (Snapdragon 750G). It adapts the Nonce@Once attack from Alam et al. (Euro S&P 2021) with tailored methodologies for heterogeneous, high-frequency (>2 GHz) processors, reports secret recovery, demonstrates that the libgcrypt countermeasure is not fully effective, includes hardware/software case studies, surveys Android cryptographic libraries, and defines threat models motivated by applications such as the EUDI wallet.

Significance. If the experimental claims are substantiated with quantitative metrics, the work would meaningfully extend side-channel analysis to post-2019 smartphone hardware, showing that EM leakage remains exploitable despite sub-10 nm nodes and complex SoC architectures. The practical validation of Nonce@Once on these platforms and the countermeasure analysis provide concrete evidence relevant to mobile security standards and the push for certified secure elements.

major comments (2)
  1. [§5.3] §5.3 (Fairphone 4 / Snapdragon 750G experiments): The manuscript reports successful nonce recovery via the adapted Nonce@Once attack but supplies no quantitative metrics such as leakage amplitude, SNR values, trace quality comparisons to the Raspberry Pi 4, or per-bit error rates. This information is load-bearing for the central claim that tailored EM methods suffice on heterogeneous >2 GHz sub-10 nm SoCs; without it, the feasibility conclusion rests on qualitative success statements alone.
  2. [§6] §6 (libgcrypt countermeasure evaluation): The assertion that the countermeasure does not fully mitigate the attack requires explicit success-rate figures or residual leakage observations after its application. The current presentation leaves unclear whether the attack still recovers sufficient nonce bits for key extraction or merely shows partial leakage, which directly affects the strength of the mitigation-failure conclusion.
minor comments (2)
  1. [Abstract] The abstract states that 'new attack methodologies' are used but does not provide even a one-sentence characterization of the adaptations (e.g., probe positioning, filtering, or synchronization changes), which would improve immediate readability.
  2. [Figures] Figure captions in the experimental sections would benefit from explicit mention of the frequency bands or probe models employed, to allow readers to assess reproducibility of the EM capture setup.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed feedback on our manuscript. We address each major comment below and have revised the manuscript to incorporate additional quantitative data where this strengthens the presentation of our results.

read point-by-point responses

  1. Referee: [§5.3] §5.3 (Fairphone 4 / Snapdragon 750G experiments): The manuscript reports successful nonce recovery via the adapted Nonce@Once attack but supplies no quantitative metrics such as leakage amplitude, SNR values, trace quality comparisons to the Raspberry Pi 4, or per-bit error rates. This information is load-bearing for the central claim that tailored EM methods suffice on heterogeneous >2 GHz sub-10 nm SoCs; without it, the feasibility conclusion rests on qualitative success statements alone.

    Authors: We agree that quantitative metrics are necessary to fully substantiate the feasibility claims on modern heterogeneous SoCs. In the revised manuscript we have added SNR measurements, leakage amplitude values, trace quality comparisons between the Broadcom BCM2711 and Snapdragon 750G platforms, and per-bit error rates for nonce recovery in Section 5.3. These additions confirm that the adapted attack extracts usable leakage despite the higher clock frequencies and complex SoC architecture. revision: yes

  2. Referee: [§6] §6 (libgcrypt countermeasure evaluation): The assertion that the countermeasure does not fully mitigate the attack requires explicit success-rate figures or residual leakage observations after its application. The current presentation leaves unclear whether the attack still recovers sufficient nonce bits for key extraction or merely shows partial leakage, which directly affects the strength of the mitigation-failure conclusion.

    Authors: We acknowledge that explicit success-rate figures are required to clarify the strength of the mitigation-failure claim. The revised Section 6 now reports success rates for recovering a sufficient number of nonce bits both with and without the libgcrypt countermeasure, together with observations of residual leakage after countermeasure activation. The updated results show that enough bits remain recoverable for key extraction under the evaluated threat model. revision: yes

Circularity Check

0 steps flagged

No circularity: empirical validation of external attack on new hardware

full rationale

The paper mounts the Nonce@Once attack from the external citation Alam et al. (Euro S&P 2021) and reports new experimental results on modern SoCs (Raspberry Pi 4 and Snapdragon 750G in Fairphone 4). No equations, fitted parameters, or self-referential definitions appear in the provided text; the central claim is an empirical demonstration of feasibility with tailored methodologies rather than a derivation that reduces to its own inputs by construction. Self-citations are absent from the load-bearing steps, and the work remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

This is an experimental security paper with no mathematical derivations or new theoretical constructs; it applies existing side-channel techniques to new hardware targets.

axioms (1)
  • domain assumption ECDSA implementations in OpenSSL and libgcrypt leak sufficient electromagnetic information for nonce recovery under physical access.
    Invoked when claiming successful key recovery on the tested SoCs.

pith-pipeline@v0.9.0 · 5595 in / 1221 out tokens · 30752 ms · 2026-05-17T01:11:14.391159+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

83 extracted references · 83 canonical work pages

  1. [1]

    [Online]

    Council of the European Union, “Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework,” Online, 2024. [Online]. Available: http://data.europa.eu/eli/reg/2024/1183/oj

    work page 2024

  2. [2]

    Operation Triangulation: iOS devices targeted with previously unknown malware,

    I. Kuznetsov, V . Pashkov, L. Bezvershenko, and G. Kucherin, “Operation Triangulation: iOS devices targeted with previously unknown malware,” Online,

    work page

  3. [3]

    Available: https://securelist.com/ operation-triangulation/109842

    [Online]. Available: https://securelist.com/ operation-triangulation/109842

    work page

  4. [4]

    Sponge Examples: Energy-Latency Attacks on Neural Networks

    M. Alam, B. B. Yilmaz, F. Werner, N. Samwel, A. G. Zajic, D. Genkin, Y . Yarom, and M. Prvulovic, “Nonce@Once: A single-trace EM side channel attack on several constant- time elliptic curve implementations in mobile platforms,” in2021 IEEE European Sympo- sium on Security and Privacy (EuroS&P). IEEE, 2021, pp. 507–522. [Online]. Available: https://doi.org...

    work page doi:10.1109/eurosp51992.2021.00041 2021

  5. [5]

    One&done: A single-decryption EM-based attack on OpenSSL’s constant-time blinded RSA,

    M. Alam, H. A. Khan, M. Dey, N. Sinha, R. L. Callan, A. G. Zajic, and M. Prvulovic, “One&done: A single-decryption EM-based attack on OpenSSL’s constant-time blinded RSA,” in27th USENIX Security Symposium (USENIX Security 2018). USENIX Association, 2018, pp. 585–

    work page 2018

  6. [6]

    Available: https://www.usenix.org/ conference/usenixsecurity18/presentation/alam

    [Online]. Available: https://www.usenix.org/ conference/usenixsecurity18/presentation/alam

    work page

  7. [7]

    ECDSA key extraction from mobile devices via nonintrusive physical side channels,

    D. Genkin, L. Pachmanov, I. Pipman, E. Tromer, and Y . Yarom, “ECDSA key extraction from mobile devices via nonintrusive physical side channels,” inACM SIGSAC Conference on Computer and Communications Security (CCS) 2016. ACM, 2016, pp. 1626–1638. [Online]. Available: https: //doi.org/10.1145/2976749.2978353

    work page doi:10.1145/2976749.2978353 2016

  8. [8]

    Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smart- phones,

    P. Belgarric, P.-A. Fouque, G. Macario-Rat, and M. Tibouchi, “Side-Channel Analysis of Weierstrass and Koblitz Curve ECDSA on Android Smart- phones,” inTopics in Cryptology - CT-RSA 2016. Springer, 2016, pp. 236–252. [Online]. Available: https://doi.org/10.1007/978-3-319-29485-8 14

    work page doi:10.1007/978-3-319-29485-8 2016

  9. [9]

    Let’s Take it Offline: Boosting Brute-Force Attacks on iPhone’s User Authentication through SCA,

    O. Lisovets, D. Knichel, T. Moos, and A. Moradi, “Let’s Take it Offline: Boosting Brute-Force Attacks on iPhone’s User Authentication through SCA,” IACR Trans. Cryptogr. Hardw. Embed. Syst., vol. 2021, no. 3, pp. 496–519, 2021. [Online]. Available: https://doi.org/10.46586/tches.v2021.i3.496-519

    work page doi:10.46586/tches.v2021.i3.496-519 2021

  10. [10]

    Breaking Mobile Firmware Encryption through Near-Field Side-Channel Analysis,

    A. Vasselle, P. Maurine, and M. Cozzi, “Breaking Mobile Firmware Encryption through Near-Field Side-Channel Analysis,” inASHES@CCS 2019. ACM, 2019, pp. 23–32. [Online]. Available: https: //doi.org/10.1145/3338508.3359571

    work page doi:10.1145/3338508.3359571 2019

  11. [11]

    Apple vs. EMA: electromagnetic side channel attacks on Apple CoreCrypto,

    G. Haas and A. Aysu, “Apple vs. EMA: electromagnetic side channel attacks on Apple CoreCrypto,” in59th ACM/IEEE Design Automation Conference (DAC). Association for Computing Machinery, 2022, pp. 247–252. [Online]. Available: https://doi.org/10.1145/3489517.3530437

    work page doi:10.1145/3489517.3530437 2022

  12. [12]

    Reality Check on Side-Channels: Lessons learnt from breaking AES on an ARM Cortex A processor,

    S. Bhasin, H. Boyapally, and D. Jap, “Reality Check on Side-Channels: Lessons learnt from breaking AES on an ARM Cortex A processor,” Cryptology ePrint Archive, Paper 2024/1381, 2024. [Online]. Available: https://eprint.iacr.org/2024/1381

    work page 2024

  13. [13]

    SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip,

    J. Longo, E. D. Mulder, D. Page, and M. Tunstall, “SoC It to EM: ElectroMagnetic Side-Channel Attacks on a Complex System-on-Chip,” inCrypto- graphic Hardware and Embedded Systems (CHES) 2015, ser. Lecture Notes in Computer Science, vol

    work page 2015

  14. [15]

    Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment,

    G. Goller and G. Sigl, “Side Channel Attacks on Smartphones and Embedded Devices Using Standard Radio Equipment,” inCOSADE 2015, ser. Lecture Notes in Computer Science, vol. 9064. Springer, 2015, pp. 255–270. [Online]. Available: https://doi.org/10.1007/978-3-319-21476-4 17

    work page doi:10.1007/978-3-319-21476-4 2015

  15. [16]

    Physical fault injection and side- channel attacks on mobile devices: A comprehensive analysis,

    C. Shepherd, K. Markantonakis, N. van Heijningen, D. Aboulkassimi, C. Gaine, T. Heckmann, and D. Naccache, “Physical fault injection and side- channel attacks on mobile devices: A comprehensive analysis,”Computers & Security, vol. 111, p. 102471, 2021. [Online]. Available: https://doi.org/ 10.1016/j.cose.2021.102471

    work page doi:10.1016/j.cose.2021.102471 2021

  16. [17]

    Charger-Surfing: Exploiting a Power Line Side- Channel for Smartphone Information Leakage,

    P. Cronin, X. Gao, C. Yang, and H. Wang, “Charger-Surfing: Exploiting a Power Line Side- Channel for Smartphone Information Leakage,” in30th USENIX Security Symposium (USENIX Security 2021). USENIX Association, 2021, pp. 681–698. [Online]. Available: https://www.usenix. org/conference/usenixsecurity21/presentation/cronin

    work page 2021

  17. [18]

    Forensic Insights From Smartphones Through Electro- magnetic Side-Channel Analysis,

    A. P. Sayakkara and N.-A. Le-Khac, “Forensic Insights From Smartphones Through Electro- magnetic Side-Channel Analysis,”IEEE Access, vol. 9, pp. 13 237–13 247, 2021. [Online]. Available: https://doi.org/10.1109/ACCESS.2021.3051921

    work page doi:10.1109/access.2021.3051921 2021

  18. [19]

    Impact of Multiple CPU Cores to the Forensic Insights Acquisition From Mobile Devices Using Electromagnetic Side-Channel Analysis,

    L. Navanesan, K. de Zoysa, and A. P. Sayakkara, “Impact of Multiple CPU Cores to the Forensic Insights Acquisition From Mobile Devices Using Electromagnetic Side-Channel Analysis,”IEEE Ac- cess, vol. 13, pp. 94 953–94 969, 2025

    work page 2025

  19. [20]

    Pixnapping: Bringing pixel stealing out of the stone age,

    A. Wang, P. Gopalkrishnan, Y . Wang, C. W. Fletcher, H. Shacham, D. Kohlbrenner, and R. Paccagnella, “Pixnapping: Bringing pixel stealing out of the stone age,” inProceedings of the ACM Conference on Computer and Communications Security (CCS), 2025

    work page 2025

  20. [21]

    Attacking Embedded ECC Implemen- tations Through cmov Side Channels,

    E. Nascimento, Ł. Chmielewski, D. Oswald, and P. Schwabe, “Attacking Embedded ECC Implemen- tations Through cmov Side Channels,” inSelected Areas in Cryptography – SAC 2016. Springer, 2017, pp. 99–119

    work page 2016

  21. [22]

    Applying Hor- izontal Clustering Side-Channel Attacks on Embed- ded ECC Implementations,

    E. Nascimento and Ł. Chmielewski, “Applying Hor- izontal Clustering Side-Channel Attacks on Embed- ded ECC Implementations,” inSmart Card Research and Advanced Applications. Springer, 2018, pp. 213–231

    work page 2018

  22. [23]

    Timing Attacks on Implementa- tions of Diffie-Hellman, RSA, DSS, and Other Sys- tems,

    P. C. Kocher, “Timing Attacks on Implementa- tions of Diffie-Hellman, RSA, DSS, and Other Sys- tems,” inAdvances in Cryptology — CRYPTO ’96. Springer, 1996, pp. 104–113

    work page 1996

  23. [24]

    Introduction to Differential Power Analysis,

    P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, “Introduction to Differential Power Analysis,” Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5–27, 2011. [Online]. Available: https://doi.org/10.1007/s13389-011-0006-y

    work page doi:10.1007/s13389-011-0006-y 2011

  24. [25]

    The EM Side—Channel(s),

    D. Agrawal, B. Archambeault, J. R. Rao, and P. Ro- hatgi, “The EM Side—Channel(s),” inCHES 2002. Springer, 2003, pp. 29–45

    work page 2002

  25. [26]

    Spec- tre Attacks: Exploiting Speculative Execution,

    P. Kocher, J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, M. Schwarz, and Y . Yarom, “Spec- tre Attacks: Exploiting Speculative Execution,” in IEEE Symposium on Security and Privacy (SP) 2019, 2019, pp. 1–19

    work page 2019

  26. [27]

    ECDH key-extraction via low-bandwidth electro- magnetic attacks on PCs,

    D. Genkin, L. Pachmanov, I. Pipman, and E. Tromer, “ECDH key-extraction via low-bandwidth electro- magnetic attacks on PCs,” inTopics in Cryptology - CT-RSA 2016. Springer, 2016, pp. 219–235

    work page 2016

  27. [28]

    On the Security of Smartphone Unlock PINs,

    P. Markert, D. V . Bailey, M. Golla, M. D ¨urmuth, and A. J. Aviv, “On the Security of Smartphone Unlock PINs,”ACM Transactions on Privacy and Security, vol. 24, no. 4, pp. 1–36, 2021. [Online]. Available: https://doi.org/10.1145/3473040

    work page doi:10.1145/3473040 2021

  28. [29]

    Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns,

    S. Uellenbeck, M. D ¨urmuth, C. Wolf, and T. Holz, “Quantifying the Security of Graphical Passwords: The Case of Android Unlock Patterns,” inACM SIGSAC Conference on Computer and Commu- nications Security (CCS) 2013. Association for Computing Machinery, 2013, pp. 161–172. [Online]. Available: https://doi.org/10.1145/2508859.2516700

    work page doi:10.1145/2508859.2516700 2013

  29. [30]

    Smudge attacks on smartphone touch screens,

    A. J. Aviv, K. Gibson, E. Mossop, M. Blaze, and J. M. Smith, “Smudge attacks on smartphone touch screens,” inUSENIX Workshop on Offensive Tech- nologies (WOOT) 2010. USENIX Association, 2010

    work page 2010

  30. [31]

    InfinityGauntlet: brute-force attack on smartphone fingerprint au- thentication,

    Y . Chen, Y . Yu, and L. Zhai, “InfinityGauntlet: brute-force attack on smartphone fingerprint au- thentication,” in32nd USENIX Security Symposium (USENIX Security ’23). USENIX Association, 2023

    work page 2023

  31. [32]

    Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?

    I. Goicoechea-Telleria, R. Sanchez-Reillo, J. Liu- Jimenez, and R. Blanco-Gonzalo, “Attack Potential Evaluation in Desktop and Smartphone Fingerprint Sensors: Can They Be Attacked by Anyone?” Wireless Communications and Mobile Computing, vol. 2018, no. 1, p. 5609195, 2018. [Online]. Available: https://onlinelibrary.wiley.com/doi/abs/10. 1155/2018/5609195

    work page 2018

  32. [33]

    Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel,

    T. Ni, X. Zhang, and Q. Zhao, “Recovering Fingerprints from In-Display Fingerprint Sensors via Electromagnetic Side Channel,” inACM SIGSAC Conference on Computer and Communications Security (CCS) 2023. Association for Computing Machinery, 2023, pp. 253–267. [Online]. Available: https://doi.org/10.1145/3576915.3623153

    work page doi:10.1145/3576915.3623153 2023

  33. [34]

    Spoofing Attacks and Anti-Spoofing Methods for Face Authentication Over Smartphones,

    Z. Zheng, Q. Wang, and C. Wang, “Spoofing Attacks and Anti-Spoofing Methods for Face Authentication Over Smartphones,”IEEE Communications Maga- zine, vol. 61, no. 12, pp. 213–219, 2023

    work page 2023

  34. [35]

    Google System Services Release Notes,

    Google, “Google System Services Release Notes,” Online, 2025, accessed: 2025-09-16. [Online]. Available: https://support.google.com/ product-documentation/answer/14343500

    work page arXiv 2025

  35. [36]

    Android Keystore Sys- tem,

    Android Developers, “Android Keystore Sys- tem,” Online, 2025, accessed: 2025-09-16. [Online]. Available: https://developer.android.com/ privacy-and-security/keystore

    work page 2025

  36. [37]

    A Data-Driven Evaluation of the Current Security State of Android Devices,

    E. Leierzopf, R. Mayrhofer, M. Roland, W. Studier, L. Dean, M. Seiffert, F. Putz, L. Becker, and D. R. Thomas, “A Data-Driven Evaluation of the Current Security State of Android Devices,” inIEEE Con- ference on Communications and Network Security (CNS) 2024, 2024, pp. 1–9

    work page 2024

  37. [38]

    Pixel security,

    Google, “Pixel security,” Online, 2025, ac- cessed: 2025-09-16. [Online]. Available: https: //safety.google/pixel/

    work page 2025

  38. [39]

    Draft implementing regulation on European Digital Identity Wallets certification,

    European Commission, “Draft implementing regulation on European Digital Identity Wallets certification,” European Commission, Tech. Rep. Ares(2024)5786790, 2024, initiative 14337. [Online]. Available: https://ec.europa.eu/ info/law/better-regulation/have-your-say/initiatives/ 14337-European-Digital-Identity-Wallets-certification en

    work page 2024

  39. [40]

    Common Criteria for Information Technol- ogy Security Evaluation, Part 5,

    “Common Criteria for Information Technol- ogy Security Evaluation, Part 5,” Common Criteria Development Board, CC:2022, Re- lease 1, 2022, accessed: 2025-09-11. [On- line]. Available: https://www.commoncriteriaportal. org/files/ccfiles/CC2022PART5R1.pdf

    work page 2022

  40. [41]

    Certificate: H1D3 secure microcontroller with crypto library v1.3.10,

    T. B.V ., “Certificate: H1D3 secure microcontroller with crypto library v1.3.10,” TrustCB B.V ., Tech. Rep., oct 2023. [Online]. Available: https://www.commoncriteriaportal.org/nfs/ccpfiles/ files/epfiles/NSCIB-CC-2300073-02-CR.pdf

    work page 2023

  41. [42]

    EUDI Architecture and Reference Framework,

    eu-digital-identity-wallet GitHub organization, “EUDI Architecture and Reference Framework,” GitHub release v2.4.0, 2025, accessed: 2025-09-05. [Online]. Available: https://github.com/eu-digital-identity-wallet/ eudi-doc-architecture-and-reference-framework/ releases/tag/v2.4.0

    work page 2025

  42. [43]

    Certification Report: Qualcomm ® Trusted Execution Environment (TEE) v5.8 on Qualcomm ® Snapdragon™ 865,

    D. Cater, “Certification Report: Qualcomm ® Trusted Execution Environment (TEE) v5.8 on Qualcomm ® Snapdragon™ 865,” T ¨UV Rheinland Nederland B.V ., Tech. Rep., aug 2021. [Online]. Available: https://www.commoncriteriaportal.org/nfs/ccpfiles/ files/epfiles/NSCIB-CC-0244671-CR-1.0.pdf

    work page 2021

  43. [44]

    Security Analysis of the Telegram IM,

    T. Su ˇs´anka and J. Koke ˇs, “Security Analysis of the Telegram IM,” inReversing and Offensive-Oriented Trends Symposium (ROOTS) 2017. Association for Computing Machinery, 2017. [Online]. Available: https://doi.org/10.1145/3150376.3150382

    work page doi:10.1145/3150376.3150382 2017

  44. [45]

    Recommendations for Dis- crete Logarithm-based Cryptography: Elliptic Curve Domain Parameters,

    L. Chen, D. Moody, A. Regenscheid, A. Robin- son, and K. Randall, “Recommendations for Dis- crete Logarithm-based Cryptography: Elliptic Curve Domain Parameters,” National Institute of Standards and Technology, Tech. Rep. NIST Special Publica- tion (SP) 800-186, 2023

    work page 2023

  45. [46]

    Speeding the Pollard and ellip- tic curve methods of factorization,

    P. L. Montgomery, “Speeding the Pollard and ellip- tic curve methods of factorization,”Mathematics of Computation, vol. 48, no. 177, pp. 243–264, 1987

    work page 1987

  46. [47]

    Online template attacks,

    L. Batina, Ł. Chmielewski, L. Papachristodoulou, P. Schwabe, and M. Tunstall, “Online template attacks,”Journal of Cryptographic Engineering, vol. 9, no. 1, pp. 21–36, 2019. [Online]. Available: https://doi.org/10.1007/s13389-017-0171-8

    work page doi:10.1007/s13389-017-0171-8 2019

  47. [48]

    Dismantling Real-World ECC with Horizontal and Vertical Tem- plate Attacks,

    M. Dugardin, L. Papachristodoulou, Z. Najm, L. Batina, J.-L. Danger, and S. Guilley, “Dismantling Real-World ECC with Horizontal and Vertical Tem- plate Attacks,” inConstructive Side-Channel Analy- sis and Secure Design. Springer, 2016, pp. 88–108

    work page 2016

  48. [49]

    Online Template Attack on ECDSA: Extracting Keys via the Other Side,

    N. Roelofs, N. Samwel, L. Batina, and J. Daemen, “Online Template Attack on ECDSA: Extracting Keys via the Other Side,” inAFRICACRYPT 2020. Springer, 2020, pp. 323–336. [Online]. Available: https://doi.org/10.1007/978-3-030-51938-4 16

    work page doi:10.1007/978-3-030-51938-4 2020

  49. [50]

    High-speed high-security Signatures,

    D. J. Bernstein, N. Duif, T. Lange, P. Schwabe, and B.-Y . Yang, “High-speed high-security Signatures,” inCHES 2011. Springer, 2011, pp. 124–142

    work page 2011

  50. [51]

    One Trace Is All It Takes: Machine Learning-Based Side- Channel Attack on EdDSA,

    L. Weissbart, S. Picek, and L. Batina, “One Trace Is All It Takes: Machine Learning-Based Side- Channel Attack on EdDSA,” inSPACE 2019, ser. Lecture Notes in Computer Science, vol. 11947. Springer, 2019, pp. 86–105. [Online]. Available: https://doi.org/10.1007/978-3-030-35869-3 8

    work page doi:10.1007/978-3-030-35869-3 2019

  51. [52]

    Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries,

    S. Jin, S. Lee, S. M. Cho, H. Kim, and S. Hong, “Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries,”IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2021, no. 4, pp. 1–26, 2021. [Online]. Available: https://tches.iacr.org/index.php/ TCHES/article/view/9058

    work page 2021

  52. [53]

    Template Attacks on ECDSA,

    M. Medwed and E. Oswald, “Template Attacks on ECDSA,” inInformation Security Applications. Springer, 2009, pp. 14–27

    work page 2009

  53. [54]

    A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks,

    T. Izu and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks,” inPublic Key Cryptography (PKC) 2002, ser. Lecture Notes in Computer Science, vol. 2274. Springer, 2002, pp. 280–296. [Online]. Available: https://doi.org/10.1007/3-540-45664-3 20

    work page doi:10.1007/3-540-45664-3 2002

  54. [55]

    A Pre-processing Composition for Secret Key Recov- ery on Android Smartphone,

    Y . Nakano, Y . Souissi, R. Nguyen, L. Sauvage, J.-L. Danger, S. Guilley, S. Kiyomoto, and Y . Miyake, “A Pre-processing Composition for Secret Key Recov- ery on Android Smartphone,” inIFIP WISTP 2014, ser. Lecture Notes in Computer Science, vol. 8501. Springer, 2014, pp. 76–91. [Online]. Available: https://doi.org/10.1007/978-3-662-43826-8 6

    work page doi:10.1007/978-3-662-43826-8 2014

  55. [56]

    FASE: finding amplitude-modulated side-channel emana- tions,

    R. Callan, A. Zaji ´c, and M. Prvulovic, “FASE: finding amplitude-modulated side-channel emana- tions,” inInternational Symposium on Computer Architecture (ISCA) 2015. Association for Computing Machinery, 2015, pp. 592–603. [Online]. Available: https://doi.org/10.1145/2749469.2750394

    work page doi:10.1145/2749469.2750394 2015

  56. [57]

    A Method for Finding Frequency-Modulated and Amplitude-Modulated Electromagnetic Emanations in Computer Systems,

    M. Prvulovic, A. Zaji ´c, R. L. Callan, and C. J. Wang, “A Method for Finding Frequency-Modulated and Amplitude-Modulated Electromagnetic Emanations in Computer Systems,”IEEE Transactions on Elec- tromagnetic Compatibility, vol. 59, no. 1, pp. 34–42, 2017

    work page 2017

  57. [58]

    An algorithm for finding carriers of amplitude- modulated electromagnetic emanations in computer systems,

    C. Wang, R. Callan, A. Zaji ´c, and M. Prvulovic, “An algorithm for finding carriers of amplitude- modulated electromagnetic emanations in computer systems,” in10th European Conference on Antennas and Propagation (EuCAP) 2016, 2016

    work page 2016

  58. [59]

    Capacity of the EM Covert/Side-Channel Created by the Execution of Instructions in a Pro- cessor,

    B. B. Yilmaz, R. L. Callan, M. Prvulovic, and A. Zaji ´c, “Capacity of the EM Covert/Side-Channel Created by the Execution of Instructions in a Pro- cessor,”IEEE Transactions on Information Forensics and Security, vol. 13, no. 3, pp. 605–620, 2018

    work page 2018

  59. [60]

    From Code to EM Signals: A Generative Approach to Side Channel Analysis-based Anomaly Detec- tion,

    K. A. Vedros, C. Kolias, D. Barbara, and R. C. Ivans, “From Code to EM Signals: A Generative Approach to Side Channel Analysis-based Anomaly Detec- tion,” inInternational Conference on Availability, Reliability and Security (ARES) 2024. Association for Computing Machinery, 2024. [Online]. Available: https://doi.org/10.1145/3664476.3664520

    work page doi:10.1145/3664476.3664520 2024

  60. [61]

    Leakage Assessment Methodology - A Clear Roadmap for Side- Channel Evaluations,

    T. Schneider and A. Moradi, “Leakage Assessment Methodology - A Clear Roadmap for Side- Channel Evaluations,” inCHES 2015, ser. Lecture Notes in Computer Science, vol. 9293. Springer, 2015, pp. 495–513. [Online]. Available: https: //doi.org/10.1007/978-3-662-48324-4 25

    work page doi:10.1007/978-3-662-48324-4 2015

  61. [62]

    Efficient Solutions of the CHES 2018 AES Challenge Using Deep Residual Neural Networks and Knowledge Distillation on Adversarial Examples,

    A. Gohr, S. Jacob, and W. Schindler, “Efficient Solutions of the CHES 2018 AES Challenge Using Deep Residual Neural Networks and Knowledge Distillation on Adversarial Examples,” IACR Cryptology ePrint Archive, 2020. [Online]. Available: https://eprint.iacr.org/2020/165

    work page 2018

  62. [63]

    SoK: Deep Learning-based Physical Side-channel Analysis,

    S. Picek, G. Perin, L. Mariot, L. Wu, and L. Batina, “SoK: Deep Learning-based Physical Side-channel Analysis,”ACM Computing Surveys, vol. 55, no. 11, pp. 227:1–227:35, 2023. [Online]. Available: https://doi.org/10.1145/3569577

    work page doi:10.1145/3569577 2023

  63. [64]

    Deep learning for side-channel analysis and introduction to ASCAD database,

    R. Benadjila, E. Prouff, R. Strullu, E. Cagli, and C. Dumas, “Deep learning for side-channel analysis and introduction to ASCAD database,”Journal of Cryptographic Engineering, vol. 10, 2020

    work page 2020

  64. [65]

    Qualcomm Snapdragon 750G 5G Mobile Platform Product Brief,

    “Qualcomm Snapdragon 750G 5G Mobile Platform Product Brief,” Qualcomm Technologies, Inc., Tech. Rep., 2020, accessed: 2025-08. [Online]. Available: https://www.qualcomm.com/content/dam/ qcomm-martech/dm-assets/documents/snapdragon 750g 5g mobile platform product brief 0.pdf

    work page 2020

  65. [66]

    Hardness of Com- puting the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes,

    D. Boneh and R. Venkatesan, “Hardness of Com- puting the Most Significant Bits of Secret Keys in Diffie-Hellman and Related Schemes,” inAdvances in Cryptology - CRYPTO ’96, ser. Lecture Notes in Computer Science, vol. 1109. Springer, 1996, pp. 129–142

    work page 1996

  66. [67]

    The Insecurity of the Digital Signature Algorithm with Partially Known Nonces,

    P. Q. Nguyen and I. E. Shparlinski, “The Insecurity of the Digital Signature Algorithm with Partially Known Nonces,”Journal of Cryptology, vol. 15, no. 3, pp. 151–176, 2002. [Online]. Available: https://doi.org/10.1007/s00145-002-0021-3

    work page doi:10.1007/s00145-002-0021-3 2002

  67. [68]

    On the generation of one-time keys in DL signature schemes,

    D. Bleichenbacher, “On the generation of one-time keys in DL signature schemes,” 2000, presentation at IEEE P1363 working group meeting

    work page 2000

  68. [69]

    LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage,

    D. F. Aranha, F. R. Novaes, A. Takahashi, M. Tibouchi, and Y . Yarom, “LadderLeak: Breaking ECDSA with Less than One Bit of Nonce Leakage,” inACM SIGSAC Conference on Computer and Com- munications Security (CCS) 2020. Association for Computing Machinery, 2020, pp. 225–242. [Online]. Available: https://doi.org/10.1145/3372297.3417268

    work page doi:10.1145/3372297.3417268 2020

  69. [70]

    Using Bleichenbacher’s Solution to the Hidden Number Problem to Attack Nonce Leaks in 384-Bit ECDSA,

    E. D. Mulder, M. Hutter, M. E. Marson, and P. Pearson, “Using Bleichenbacher’s Solution to the Hidden Number Problem to Attack Nonce Leaks in 384-Bit ECDSA,” inCHES 2013. Springer, 2013, pp. 435–452. [Online]. Available: https://doi.org/10.1007/978-3-642-40349-1 25

    work page doi:10.1007/978-3-642-40349-1 2013

  70. [71]

    Attacking ECDSA with Nonce Leakage by Lattice Sieving: Bridging the Gap with Fourier Analysis-Based Attacks,

    Y . Gao, J. Wang, H. Hu, and B. He, “Attacking ECDSA with Nonce Leakage by Lattice Sieving: Bridging the Gap with Fourier Analysis-Based Attacks,” inAdvances in Cryptology – ASIACRYPT

    work page

  71. [72]

    Springer, 2024, pp. 3–34. [Online]. Available: https://doi.org/10.1007/978-981-96-0944-4 1

    work page doi:10.1007/978-981-96-0944-4 2024

  72. [73]

    On Bounded Distance Decoding with Predicate: Breaking the “Lattice Barrier

    M. R. Albrecht and N. Heninger, “On Bounded Distance Decoding with Predicate: Breaking the “Lattice Barrier” for the Hidden Number Problem,” inAdvances in Cryptology – EUROCRYPT 2021. Springer, 2021, pp. 528–558. [Online]. Available: https://doi.org/10.1007/978-3-030-77870-5 19

    work page doi:10.1007/978-3-030-77870-5 2021

  73. [74]

    Guessing Bits: Improved Lattice Attacks on (EC)DSA with Nonce Leakage,

    C. Sun, T. Espitau, M. Tibouchi, and M. Abe, “Guessing Bits: Improved Lattice Attacks on (EC)DSA with Nonce Leakage,” IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2022, no. 1, pp. 391–413, 2021. [Online]. Available: https: //tosc.iacr.org/index.php/TCHES/article/view/9302

    work page 2022

  74. [75]

    Improved Attacks on (EC)DSA with Nonce Leakage by Lattice Sieving with Predicate,

    L. Xu, Z. Dai, B. Wu, and D. Lin, “Improved Attacks on (EC)DSA with Nonce Leakage by Lattice Sieving with Predicate,”IACR Transactions on Cryptographic Hardware and Embedded Systems, vol. 2023, no. 2, pp. 568–586, 2023. [Online]. Available: https://tches.iacr.org/index.php/ TCHES/article/view/10294

    work page 2023

  75. [76]

    SoK: SCA-secure ECC in Software - Mission Impossible?

    L. Batina, L. Chmielewski, B. Haase, N. Samwel, and P. Schwabe, “SoK: SCA-secure ECC in Software - Mission Impossible?”IACR Transactions on Cryp- tographic Hardware and Embedded Systems, vol. 2023, no. 1, pp. 557–589, 2023. [Online]. Available: https://doi.org/10.46586/tches.v2023.i1.557-589

    work page doi:10.46586/tches.v2023.i1.557-589 2023

  76. [77]

    A Practical Coun- termeasure against Address-Bit Differential Power Analysis,

    K. Itoh, T. Izu, and M. Takenaka, “A Practical Coun- termeasure against Address-Bit Differential Power Analysis,” inCHES 2003. Springer, 2003, pp. 382– 396

    work page 2003

  77. [78]

    Localized Electromagnetic Analysis of Cryptographic Implementations,

    J. Heyszl, S. Mangard, B. Heinz, F. Stumpf, and G. Sigl, “Localized Electromagnetic Analysis of Cryptographic Implementations,” inTopics in Cryp- tology – CT-RSA 2012. Springer, 2012, pp. 231– 244

    work page 2012

  78. [79]

    Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems,

    J.-S. Coron, “Resistance Against Differential Power Analysis For Elliptic Curve Cryptosystems,” in CHES 1999. Springer, 1999, pp. 292–302

    work page 1999

  79. [80]

    GPC SPE 230: Cryptographic Service Provider - Card Specification v2.3 - Amendment N,

    Global Platform, “GPC SPE 230: Cryptographic Service Provider - Card Specification v2.3 - Amendment N,” Online, 2025. [Online]. Available: https://globalplatform.org/wp-content/uploads/2025/ 05/GPC 2.3 N CryptographicServiceProvider v0. 0.0.40 PublicRvw.pdf

    work page 2025

  80. [81]

    Template Attacks,

    S. Chari, J. R. Rao, and P. Rohatgi, “Template Attacks,” inCHES 2002, ser. Lecture Notes in Computer Science, vol. 2523. Springer, 2002, pp. 13–28. [Online]. Available: https://doi.org/10.1007/ 3-540-36400-5 3

    work page 2002

Showing first 80 references.