How to manipulate curve standards: a white paper for the black hat

Daniel J. Bernstein, Tony Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Eran Lambooij, Tanja Lange, Ruben Niederhagen, Christine Van Vredendaal

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

8 Citaten (Scopus)
3 Downloads (Pure)

Samenvatting

This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends heavily upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable. This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a onein- a-million vulnerability and that plausible models of the “Microsoft NUMS criteria” allow the attacker to target a one-in-a-hundred-thousand vulnerability.

Originele taal-2Engels
TitelSecurity Standardisation Research
SubtitelSecond International Conference, SSR 2015, Tokyo, Japan, December 15-16, 2015, Proceedings
RedacteurenL. Chen, S. Matsuo
Plaats van productieBerlin
UitgeverijSpringer
Pagina's109-139
Aantal pagina's31
ISBN van geprinte versie9783319271514
DOI's
StatusGepubliceerd - 2015
Evenement2nd International Conference on Security Standardisation Research (SSR 2015), December 15-16, 2015, Tokyo, Japan - Tokyo, Japan
Duur: 15 dec 201516 dec 2015
http://ssr2015.com/

Publicatie series

NaamLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9497
ISSN van geprinte versie03029743
ISSN van elektronische versie16113349

Congres

Congres2nd International Conference on Security Standardisation Research (SSR 2015), December 15-16, 2015, Tokyo, Japan
Verkorte titelSSR 2015
Land/RegioJapan
StadTokyo
Periode15/12/1516/12/15
Internet adres

Vingerafdruk

Duik in de onderzoeksthema's van 'How to manipulate curve standards: a white paper for the black hat'. Samen vormen ze een unieke vingerafdruk.

Citeer dit