Applied Cryptography December 2017 ECDLP is the problem of finding - - PowerPoint PPT Presentation

applied cryptography
SMART_READER_LITE
LIVE PREVIEW

Applied Cryptography December 2017 ECDLP is the problem of finding - - PowerPoint PPT Presentation

Mar 03, 2023 328 likes •529 views

Applied Cryptography December 2017 ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security.There are many attacks that break

slide-1
SLIDE 1

Applied Cryptography

December 2017

slide-2
SLIDE 2

2

…ECDLP is the problem of finding an ECC user's secret key, given the user's public key. Unfortunately, there is a gap between ECDLP difficulty and ECC security….There are many attacks that break real-world ECC without solving ECDLP. The core problem is that if you implement the standard curves, chances are you're doing it wrong.

https://safecurves.cr.yp.to/

slide-3
SLIDE 3

The Basics

slide-4
SLIDE 4

Use the right primitives

  • Encryption != Integrity
  • Encryption != Authentication
  • Hashing != Encryption
  • Hashing != Irreversible (in general)

Garbled != Senseless

slide-5
SLIDE 5

5

Understand your cryptographic libraries

  • Understand their purpose
  • Understand their assumptions
  • Validate input to the libraries
  • Check return values
slide-6
SLIDE 6

Side Channels

slide-7
SLIDE 7

Crypto black box

  • Perform complex mathematics
  • Fast enough to be suitable
  • On general purpose hardware
  • Correctly for all inputs

Without any measurable side effect

slide-8
SLIDE 8

8

Side effects?

  • Data and error conditions
  • Processing time
  • Data access time
  • Power fluctuations
  • Electromagnetic emissions

Acoustic emissions

slide-9
SLIDE 9

Password Storage

slide-10
SLIDE 10

What could be simpler?

  • Take password
  • Store in database
  • ….?
  • Profit!
slide-11
SLIDE 11

11

Step 1 – Hash it!

  • Get password
  • Store SHA256(password)
  • Preimage resistance for the win!

Precomputed dictionary attack Everything* falls

slide-12
SLIDE 12

12

Step 2 – Hash it with salt!

  • Get password
  • Store random || SHA256(random|| password)
  • No precomputation!

Active dictionary attack Pretty much everything falls

slide-13
SLIDE 13

13

Step 3 – Expensive hash it with salt!

  • Get password
  • Store random || PBKDF2(random|| password)
  • Slow computation!

Active dictionary attack with acceleration Normal passwords fail

slide-14
SLIDE 14

14

Step 4 – Argon2d with salt!

  • Get password
  • Store random || argon2d(random|| password)
  • No acceleration!

Active dictionary attack Bad passwords fail

slide-15
SLIDE 15

15

Step 2 – Argon2d with salt!

  • Get password
  • Store random || argon2d(random|| password)
  • *whew*

Denial of Service? Data independence?

slide-16
SLIDE 16

Conclusions

slide-17
SLIDE 17

Think big

  • Crypto without math is wrong
  • Crypto without system context also

wrong

  • Understand your users, your systems,

and your libraries

  • Secure accordingly
slide-18
SLIDE 18

Thank you!

scott.stender@nccgroup.trust @scottstender