A Side Journey To Titan
Illustration made by Romain Flamand
We discovered a side-channel vulnerability in the Google Titan Security Key. More precisely, we were able to extract the full long term ECDSA secret key linked to a FIDO U2F account from the Google Titan Security Key. Furthermore our side journey showed that the vulnerability also applies on other products. Find more details and the full write-up of our work here .
We are happy to share our last research work Side-channel Attacks on Blinded Scalar Multiplications Revisited, which has been presented at the conference CARDIS 2019 in November 11-13 2019 in Prague, Czech Republic. The preprint version of the article is available on the Cryptology ePrint Archive.
Ledger Challenge 2018
NinjaLab participated and won the Ledger challenge 2018. More precisely, we found a side-channel vulnerability in the ECC public-key generation operation of the cryptographic library of the Ledger Nano S, allowing us to extract the full long term ECC secret key linked to a Bitcoin account. More details are available here.