[Cryptography] "How to manipulate curve standards: a white paper for the black hat"
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jul 25 09:31:24 EDT 2014
http://eprint.iacr.org/2014/571
How to manipulate curve standards: a white paper for the black hat
Daniel J. Bernstein and Tung Chou and Chitchanok Chuengsatiansup and Andreas
H\"ulsing and Tanja Lange and Ruben Niederhagen and Christine van Vredendaal
Abstract: This paper analyzes the cost of breaking ECC under the following
assumptions: (1) ECC is using a standardized elliptic curve that was
actually chosen by an attacker; (2) the attacker is aware of a vulnerability
in some curves that are not publicly known to be vulnerable.
This cost includes the cost of exploiting the vulnerability, but also the
initial cost of computing a curve suitable for sabotaging the standard. This
initial cost depends upon the acceptability criteria used by the public to
decide whether to allow a curve as a standard, and (in most cases) also upon
the chance of a curve being vulnerable.
This paper shows the importance of accurately modeling the actual
acceptability criteria: i.e., figuring out what the public can be fooled
into accepting. For example, this paper shows that plausible models of the
âBrainpool acceptability criteriaâ allow the attacker to target a one-in-a-
million vulnerability.
Peter.
More information about the cryptography
mailing list