How to manipulate curve standards : a white paper for the black hat

D.J. Bernstein, T. Chou, C. Chuengsatiansup, A.T. Hülsing, T. Lange, R.F. Niederhagen, C. Vredendaal, van

Research output: Book/ReportReportAcademic

3 Downloads (Pure)

Abstract

This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable. This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the "Brainpool acceptability criteria" allow the attacker to target a one-in-a-million vulnerability. Keywords: Elliptic-curve cryptography, verifiably random curves, verifiably pseudorandom curves, nothing- up-my-sleeve numbers, sabotaging standards, fighting terrorism, protecting the children
Original languageEnglish
PublisherIACR
Number of pages18
Publication statusPublished - 2014

Publication series

NameCryptology ePrint Archive
Volume2014/571

Fingerprint Dive into the research topics of 'How to manipulate curve standards : a white paper for the black hat'. Together they form a unique fingerprint.

  • Cite this

    Bernstein, D. J., Chou, T., Chuengsatiansup, C., Hülsing, A. T., Lange, T., Niederhagen, R. F., & Vredendaal, van, C. (2014). How to manipulate curve standards : a white paper for the black hat. (Cryptology ePrint Archive; Vol. 2014/571). IACR.