How to manipulate curve standards: a white paper for the black hat

Daniel J. Bernstein, Tony Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Eran Lambooij, Tanja Lange, Ruben Niederhagen, Christine Van Vredendaal

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

6 Citations (Scopus)
3 Downloads (Pure)

Abstract

This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends heavily upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable. This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a onein- a-million vulnerability and that plausible models of the “Microsoft NUMS criteria” allow the attacker to target a one-in-a-hundred-thousand vulnerability.

Original languageEnglish
Title of host publicationSecurity Standardisation Research
Subtitle of host publicationSecond International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings
EditorsL. Chen, S. Matsuo
Place of PublicationBerlin
PublisherSpringer
Pages109-139
Number of pages31
ISBN (Print)9783319271514
DOIs
Publication statusPublished - 2015
Event2nd International Conference on Security Standardisation Research (SSR 2015), December 15-16, 2015, Tokyo, Japan - Tokyo, Japan
Duration: 15 Dec 201516 Dec 2015
http://ssr2015.com/

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9497
ISSN (Print)03029743
ISSN (Electronic)16113349

Conference

Conference2nd International Conference on Security Standardisation Research (SSR 2015), December 15-16, 2015, Tokyo, Japan
Abbreviated titleSSR 2015
CountryJapan
CityTokyo
Period15/12/1516/12/15
Internet address

Keywords

  • ANSI X9
  • Brainpool
  • Elliptic-curve cryptography
  • Microsoft NUMS
  • Minimal curves
  • NIST
  • Nothing-up-mysleeve numbers
  • SECG
  • Verifiably pseudorandom curves
  • Verifiably random curves

Fingerprint Dive into the research topics of 'How to manipulate curve standards: a white paper for the black hat'. Together they form a unique fingerprint.

  • Cite this

    Bernstein, D. J., Chou, T., Chuengsatiansup, C., Hülsing, A., Lambooij, E., Lange, T., Niederhagen, R., & Van Vredendaal, C. (2015). How to manipulate curve standards: a white paper for the black hat. In L. Chen, & S. Matsuo (Eds.), Security Standardisation Research: Second International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings (pp. 109-139). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9497). Springer. https://doi.org/10.1007/978-3-319-27152-1_6