Atomic secable

hardware fault attacks FCSC 2025 solved on

star star star

Description

Mr. Performances is looking for an efficient algorithm to evaluate multiplication on an elliptic curve while protecting against physical attacks.

He has chosen to implement the addition law on the curve while adhering to the principle of atomicity. This principle relies on a unique sequence of operations for computing either point doubling or the addition of two distinct points, ensuring strong protection against timing analysis attacks and even side-channel attacks based on leakage traces. This protection is crucial because distinguishing between a doubling or an addition operation can reveal information about the bits of the scalar, which is supposed to remain secret.

By adding dummy operations, it is relatively easy to obtain two identical sequences for evaluating point doubling and addition, but this comes at the cost of performance.

True to his name, Mr. Performances has designed a sequence that maintains efficiency! His sequence is optimized for curves of the form y^2 = x^3 + b and requires only 9 modular multiplications. He challenges you to break his implementation for the secp192k1 standard curve (which has the correct form) using a fault attack. However, he has implemented countermeasures to limit such attacks:

  • The bits of the scalar are read twice (and compared) before starting a sequence.
  • The final coordinates (x, y) must form a valid point on the curve.

To help, he provides his commented assembly code for evaluating multiplication with the curve’s generator. In this challenge, the code runs in a virtual machine, and you can specify which instructions to corrupt. There is no limit on the number of instructions you can perturb, but the fault model consists solely of assigning a random value to the destination register of an operation. For example, to inject faults into the first three instructions, you would enter 0 1 2 (separated by spaces) after the prompt.

Files

  • docker-compose.yml
  • assembly.py
    20.84 KiB – db186ab7dfb5f5e7f4790f1afc951deda349a8a9565a57b6328da2ba89965525
  • atomic-secable.py
    2.15 KiB – cd9a4fb4c8a96f26ab124caf62f1af2c1ea1389b5c88b8515a9017094f9d3fd2
  • crypto_accelerator.py
    5.14 KiB – 4c1f070435b6e4eace3fa19e5a4b661800ec8ad61895e378dab5d892aa89e2a7
  • ecdsa_keygen.asm
    7.65 KiB – 21c9ee1a66c1f8cc81db939a5269e411c3f2694288e9070e2d3553a957cf8848
  • machine_faulted.py
    381 B – fff04c758a8017e0ef27e19c5264435d081446779d52acb3d0e01724c7e5d34c
  • machine.py
    19.93 KiB – 434c28dbb07383d2c756dbd55e7560b2c51eae1f982cd251a97287b61c7ac0cb
  • vm.md
    27.75 KiB – 0d241df97205c1ea035561b006926949e768e749d997f43f50569e416ee11cdc

Author

Neige

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2025-hardware-atomic-secable/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Then, in another console, access the challenge with Netcat:
    nc localhost 4000
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.