Information on ECDSA signature generation

An academic team shared knowledge on a side-channel attack leading to the possible recovery of long-term private keys used to generate Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. This technique exploits the differences in the execution time between thousands of ECDSA signatures to retrieve the private key.

Further to Ethical Hacking, the academic team informed ST that certain of ST TPM products were vulnerable to this attack.

Although this vulnerability may be thwarted or mitigated by system countermeasures, ST released TPM firmware updates for impacted products. 


Certified TPM firmware updates

Further to the timely and effective support of the academic team, the Common Criteria Evaluation Laboratory and the French Certification body, ST's TPM updates were successfully evaluated.

Please visit the Common Criteria website to know more about for the certification status.