how to textbook key exchange manipulate curve standards
play

How to Textbook key exchange manipulate curve standards: - PowerPoint PPT Presentation

Feb 23, 2024 •49 likes •779 views

How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alices Bobs Daniel J. Bernstein secret key a secret key b Tung

  1. � � � � � How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Daniel J. Bernstein secret key a secret key b Tung Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s public key public key Eran Lambooij aP bP ▲ Tanja Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Ruben Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s Christine van Vredendaal shared secret shared secret abP baP bada55.cr.yp.to

  2. � � � � � How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Daniel J. Bernstein secret key a secret key b Tung Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s public key public key Eran Lambooij aP bP ▲ Tanja Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Ruben Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s Christine van Vredendaal shared secret shared secret abP baP bada55.cr.yp.to Security depends on choice of E .

  3. � � � � � � � to Textbook key exchange Our manipulate curve standards: using standard point P white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s J. Bernstein secret key a secret key b secret Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s Alice’s public key public key public Lambooij aP bP aP ▲ Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob Christine van Vredendaal shared secret shared secret shared abP baP abP bada55.cr.yp.to Security depends on choice of E .

  4. � � � � � � � � Textbook key exchange Our partner choice of curve standards: using standard point P r the black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s Bernstein secret key a secret key b secret key a Chuengsatiansup Alice’s Bob’s Alice’s public key public key public key aP bP aP ▲ ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ � rrrrr ▲ ▲ ▲ ▲ ▲ Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s redendaal = shared secret shared secret shared secret abP baP abP bada55.cr.yp.to Security depends on choice of E .

  5. � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P rds: using standard point P black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret k Chuengsatiansup Alice’s Bob’s Alice’s Bob’s public key public key public key public aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice shared secret shared secret shared secret shared sec abP baP abP baP Security depends on choice of E .

  6. � � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P using standard point P on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret shared secret abP baP abP baP Security depends on choice of E .

  7. � � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P using standard point P on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret shared secret abP baP abP baP Security depends on choice of E . Can we exploit this picture?

  8. � � � � � � � � � � � ok key exchange Our partner Jerry’s Exploitabilit choice of E; P standard point P public criteria standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s red secret shared secret shared secret shared secret bP baP abP baP Security depends on choice of E . Can we exploit this picture?

  9. � � � � � � � � � � exchange Our partner Jerry’s Exploitability depends choice of E; P oint P public criteria for accepting elliptic curve E : Bob’s Alice’s Bob’s secret key b secret key a secret key b Bob’s Alice’s Bob’s public key public key public key bP aP bP ▲ rrrr � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret baP abP baP ends on choice of E . Can we exploit this picture?

  10. � � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E curve E : Bob’s Alice’s Bob’s key b secret key a secret key b Bob’s Alice’s Bob’s public key public key public key P aP bP ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s secret shared secret shared secret aP abP baP choice of E . Can we exploit this picture?

  11. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Alice’s Bob’s secret key a secret key b Alice’s Bob’s public key public key aP bP ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret abP baP Can we exploit this picture?

  12. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret abP baP Can we exploit this picture?

  13. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out shared secret shared secret how to break another curve E . abP baP Can we exploit this picture?

  14. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out shared secret shared secret how to break another curve E . abP baP Jerry standardizes this curve. Can we exploit this picture? Alice and Bob use it.

  15. � � � � � � Our partner Jerry’s Exploitability depends on Is first assumption choice of E; P public criteria for accepting E; P . Would the Extensive ECC literature: any curve Alice’s Bob’s Pollard rho breaks small E , that survives secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out red secret shared secret how to break another curve E . bP baP Jerry standardizes this curve. e exploit this picture? Alice and Bob use it.

Recommend

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung Chou Chitchanok Chuengsatiansup Andreas H ulsing Eran Lambooij Tanja Lange Ruben Niederhagen Christine van Vredendaal bada55.cr.yp.to

585 views • 32 slides
How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided as is, without warranty of any kind, whether expressed

961 views • 68 slides
Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Now How to handle complexity: 3 more strategies + 1 previous How? Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet Manipulate Reduce Manipulate Facet Reduce Map Derive Arrange Change Juxtapose

73 views • 3 slides
Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Overview Using Curve Implementation Lessons Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation Lessons Ninjas Shinobi Kun An John Chan David Mauskop Wisdom Omuya Zitong Wang Curve Ninjas

360 views • 17 slides
Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

1 Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 1 bada55.cr.yp.to BADA55 Crypto including How to manipulate curve standards: a white paper for the

879 views • 45 slides
Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate

Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate

How to handle complexity: 1 previous strategy + 3 more Manipulate How? Encode Manipulate Facet Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate Map Derive Arrange Change Juxtapose Filter

327 views • 5 slides
Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the (prime-field) NIST curves I Presented by NIST in 1999 Curve names: P-192, P-224, P-256, P-384, P-521 Curve is defined over F p where p has

250 views • 22 slides
Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for

Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for

Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for Mathematics More rigorous and demanding for students Greater focus on learning for understanding Requires application of math in

640 views • 24 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate

What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate

SQL is a standard language for storing, manipulating and retrieving data in databases. What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate databases SQL became a standard of the American National Standards

1.45k views • 101 slides
Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims

Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims

Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims to develop, adopt, and adapt standards to enable the exchange of genomic knowledge Establish framework of standards that lower barriers to

223 views • 4 slides
Lectures 3&4: from categorical and ordered Express Separate attributes Change

Lectures 3&4: from categorical and ordered Express Separate attributes Change

How to handle complexity: 1 previous strategy + 3 more Facet How? Encode Manipulate Facet Encode Manipulate Facet Reduce Juxtapose Manipulate Facet Reduce Map Derive Arrange Change Juxtapose Filter Lectures 3&4: from

62 views • 3 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1

Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1

Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1 7 Forward Looking Statements And Non GAAP Financial Measures To the extent that statements in this PowerPoint presentation relate to future

775 views • 28 slides
3 t ,t >. The graph of EXAMPLE 3: Consider the curve r t = <5sin the curve is shown

3 t ,t >. The graph of EXAMPLE 3: Consider the curve r t = <5sin the curve is shown

SMOOTH AND UNSMOOTH CURVES Def. A curve C is smooth if it is traced out by a vector-valued function r ( t ), where r '( t ) is continuous and r '( t ) 0 for all values of t . t 2 > 3 EXAMPLE 1 : r t = < t , r ' t =

209 views • 3 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Hi everyone! Claus Mullie Two points Standards for data exchange during procurement for informed

Hi everyone! Claus Mullie Two points Standards for data exchange during procurement for informed

Hi everyone! Claus Mullie Two points Standards for data exchange during procurement for informed decision making. Open code for interoperability between technology and political systems. 2 My argument 3 My argument How do we include

434 views • 8 slides
External oligonucleotide standards enable cross laboratory and exchange of real-time PCR data Jo

External oligonucleotide standards enable cross laboratory and exchange of real-time PCR data Jo

External oligonucleotide standards enable cross laboratory and exchange of real-time PCR data Jo Vandesompele professor, Ghent University co-founder and CEO, Biogazelle Roche Molecular Biology Days Vilvoorde, 7 oktober, 2009 biomarker

202 views • 18 slides
The curve they fit to the data What ordinary people expected to see The curve they fit to the

The curve they fit to the data What ordinary people expected to see The curve they fit to the

The curve they fit to the data What ordinary people expected to see The curve they fit to the data The range of the data The curve they fit to the data . . . . . . the data! Changing everything at once: Student-centered learning, computerized

560 views • 35 slides
Stochastic Financial Mathematics Exchange Rates and Volatility Andrey Sarantsev Aleksey Eremenko

Stochastic Financial Mathematics Exchange Rates and Volatility Andrey Sarantsev Aleksey Eremenko

Stochastic Financial Mathematics Exchange Rates and Volatility Andrey Sarantsev Aleksey Eremenko Objective Use Sage to manipulate currency data Analyze results Five currencies used: Euro, UK Pound, Chinese Yuan, Japanese Yen,

358 views • 7 slides
Curve Sketching Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 10 Section 5.4 :: Curve

Curve Sketching Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 10 Section 5.4 :: Curve

Curve Sketching Michael Freeze MAT 151 UNC Wilmington Summer 2013 1 / 10 Section 5.4 :: Curve Sketching 2 / 10 Curve Sketching Make an accurate sketch of the graph the function. Identify any important features such as intercepts,

287 views • 10 slides
Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows programmatic buying of Facebook ad inventory through real-time bidding. Agencies, trading desks and direct marketers can buy Facebook ads using

343 views • 7 slides
Curve of intersection of the surfaces z = x 3 and y =sin x + z 2 The curve can be parametrized as

Curve of intersection of the surfaces z = x 3 and y =sin x + z 2 The curve can be parametrized as

Curve of intersection of the surfaces z = x 3 and y =sin x + z 2 The curve can be parametrized as r(t) = < t, sin t + t 6 , t 3 > Curve of intersection of the surfaces z = 3 x 2 + y 2 (elliptic paraboloid) and y = x 2 (parabolic cylinder)

459 views • 6 slides
Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Quick Review: Quadratic Residues Koblitzs Method We want to solve equations like: All of the

Elliptic Curves Suppose F is a field and a 1 , . . . , a 6 F . Elliptic Curve Cryptography Definition 1. An elliptic curve E over a field F is a curve given by an equation: Jim Royer Y 2 + a 1 XY + a 3 Y X 3 + a 2 X 2 + a 4 X + a 6 = (1)

337 views • 5 slides

More recommend