Elliptic-curve signatures have become a highly used cryptographic primitive in secure messaging, TLS as well as in cryptocurrencies due to their high speed benefits over more traditional signature schemes. However, virtually all signature schemes are known to be susceptible to misuse, especially when information about the nonce is leaked to an attacker.

LadderLeak is a new attack that exploits side channels present in ECDSA, claiming to allow real-world breaking of ECDSA with less than a bit of nonce leakage. But what does “less than a bit” mean in this context? Is LadderLeak really that effective at breaking ECDSA, with so little information to go on? Joining us this episode are LadderLeak co-authors Akira Takahashi, Mehdi Tibouchi and Yuval Yarom to discuss these questions and more.

Links and papers discussed in the show:

• LadderLeak: Breaking ECDSA With Less Than One Bit Of Nonce Leakage

Music composed by Toby Fox and performed by Sean Schafianski.

Special Guests: Akira Takahashi, Mehdi Tibouchi, and Yuval Yarom.

Sponsored By:

• Symbolic Software: This episode is sponsored by Symbolic Software. Symbolic Software helps you bring in the experience and knowledge necessary to design, or prove secure, state-of-the-art cryptographic systems for new solutions. We've helped design and formally verify some of the world's most widely used cryptographic protocols.