how to textbook key exchange manipulate curve standards
play

How to Textbook key exchange manipulate curve standards: - PowerPoint PPT Presentation

Feb 23, 2024 •49 likes •779 views

How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alices Bobs Daniel J. Bernstein secret key a secret key b Tung

  1. � � � � � How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Daniel J. Bernstein secret key a secret key b Tung Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s public key public key Eran Lambooij aP bP ▲ Tanja Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Ruben Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s Christine van Vredendaal shared secret shared secret abP baP bada55.cr.yp.to

  2. � � � � � How to Textbook key exchange manipulate curve standards: using standard point P a white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Daniel J. Bernstein secret key a secret key b Tung Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s public key public key Eran Lambooij aP bP ▲ Tanja Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Ruben Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s Christine van Vredendaal shared secret shared secret abP baP bada55.cr.yp.to Security depends on choice of E .

  3. � � � � � � � to Textbook key exchange Our manipulate curve standards: using standard point P white paper for the black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s J. Bernstein secret key a secret key b secret Chou Chitchanok Chuengsatiansup Andreas H¨ ulsing Alice’s Bob’s Alice’s public key public key public Lambooij aP bP aP ▲ Lange � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob Christine van Vredendaal shared secret shared secret shared abP baP abP bada55.cr.yp.to Security depends on choice of E .

  4. � � � � � � � � Textbook key exchange Our partner choice of curve standards: using standard point P r the black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s Bernstein secret key a secret key b secret key a Chuengsatiansup Alice’s Bob’s Alice’s public key public key public key aP bP aP ▲ ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ � rrrrr ▲ ▲ ▲ ▲ ▲ Niederhagen { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s redendaal = shared secret shared secret shared secret abP baP abP bada55.cr.yp.to Security depends on choice of E .

  5. � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P rds: using standard point P black hat on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret k Chuengsatiansup Alice’s Bob’s Alice’s Bob’s public key public key public key public aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice shared secret shared secret shared secret shared sec abP baP abP baP Security depends on choice of E .

  6. � � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P using standard point P on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret shared secret abP baP abP baP Security depends on choice of E .

  7. � � � � � � � � � � � � Textbook key exchange Our partner Jerry’s choice of E; P using standard point P on a standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret shared secret abP baP abP baP Security depends on choice of E . Can we exploit this picture?

  8. � � � � � � � � � � � ok key exchange Our partner Jerry’s Exploitabilit choice of E; P standard point P public criteria standard elliptic curve E : Alice’s Bob’s Alice’s Bob’s secret key a secret key b secret key a secret key b Alice’s Bob’s Alice’s Bob’s public key public key public key public key aP bP aP bP ▲ ▲ � rrrrrrr ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ; Bob } ’s = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s red secret shared secret shared secret shared secret bP baP abP baP Security depends on choice of E . Can we exploit this picture?

  9. � � � � � � � � � � exchange Our partner Jerry’s Exploitability depends choice of E; P oint P public criteria for accepting elliptic curve E : Bob’s Alice’s Bob’s secret key b secret key a secret key b Bob’s Alice’s Bob’s public key public key public key bP aP bP ▲ rrrr � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ ▲ = { Bob ; Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret shared secret baP abP baP ends on choice of E . Can we exploit this picture?

  10. � � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E curve E : Bob’s Alice’s Bob’s key b secret key a secret key b Bob’s Alice’s Bob’s public key public key public key P aP bP ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ Alice } ’s { Alice ; Bob } ’s = { Bob ; Alice } ’s secret shared secret shared secret aP abP baP choice of E . Can we exploit this picture?

  11. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Alice’s Bob’s secret key a secret key b Alice’s Bob’s public key public key aP bP ▲ � rrrrrrr ▲ ▲ ▲ ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret abP baP Can we exploit this picture?

  12. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s shared secret shared secret abP baP Can we exploit this picture?

  13. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out shared secret shared secret how to break another curve E . abP baP Can we exploit this picture?

  14. � � � � � � � Our partner Jerry’s Exploitability depends on choice of E; P public criteria for accepting E; P . Extensive ECC literature: Alice’s Bob’s Pollard rho breaks small E , secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ { Alice ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out shared secret shared secret how to break another curve E . abP baP Jerry standardizes this curve. Can we exploit this picture? Alice and Bob use it.

  15. � � � � � � Our partner Jerry’s Exploitability depends on Is first assumption choice of E; P public criteria for accepting E; P . Would the Extensive ECC literature: any curve Alice’s Bob’s Pollard rho breaks small E , that survives secret key a secret key b Pohlig–Hellman breaks most E , MOV/FR breaks some E , SmartASS breaks some E , etc. Alice’s Bob’s public key public key Assume that public will accept aP bP ▲ � rrrrrrr ▲ ▲ ▲ any E not publicly broken. ▲ ▲ ▲ ; Bob } ’s = { Bob ; Alice } ’s Assume that we’ve figured out red secret shared secret how to break another curve E . bP baP Jerry standardizes this curve. e exploit this picture? Alice and Bob use it.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung

How to manipulate curve standards: a white paper for the black hat Daniel J. Bernstein Tung Chou Chitchanok Chuengsatiansup Andreas H ulsing Eran Lambooij Tanja Lange Ruben Niederhagen Christine van Vredendaal bada55.cr.yp.to

585 views • 32 slides
How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided as is, without warranty of any kind, whether expressed

961 views • 68 slides
Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet

Now How to handle complexity: 3 more strategies + 1 previous How? Week 5: Manipulate, Facet, Reduce Encode Manipulate Facet Encode Manipulate Facet Manipulate Reduce Manipulate Facet Reduce Map Derive Arrange Change Juxtapose

73 views • 3 slides
Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation

Overview Using Curve Implementation Lessons Curve Curve Ninjas December 19, 2012 Curve Ninjas Curve Overview Using Curve Implementation Lessons Ninjas Shinobi Kun An John Chan David Mauskop Wisdom Omuya Zitong Wang Curve Ninjas

360 views • 17 slides
Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago &

1 Standardization for the black hat Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven 1 bada55.cr.yp.to BADA55 Crypto including How to manipulate curve standards: a white paper for the

879 views • 45 slides
Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate

Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate

How to handle complexity: 1 previous strategy + 3 more Manipulate How? Encode Manipulate Facet Week 5: Encode Manipulate Facet Reduce Manipulate Facet Reduce Change over Time Navigate Map Derive Arrange Change Juxtapose Filter

327 views • 5 slides
Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the

Failures in NISTs ECC standards Daniel J. Bernstein, Tanja Lange 2015.12.15 Review of the (prime-field) NIST curves I Presented by NIST in 1999 Curve names: P-192, P-224, P-256, P-384, P-521 Curve is defined over F p where p has

250 views • 22 slides
Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for

Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for

Pottsgrove School District Math Common Core Textbook Adoption Common Core State Standards for Mathematics More rigorous and demanding for students Greater focus on learning for understanding Requires application of math in

640 views • 24 slides
Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July

Elliptic-curve cryptography Tanja Lange Technische Univesiteit Eindhoven The Netherlands July 23, 2014 1 / 12 Elliptic-curve cryptography: signatures and key exchange Given: some elliptic curve E , point P on E of known order . Key

885 views • 16 slides
What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate

What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate

SQL is a standard language for storing, manipulating and retrieving data in databases. What is SQL? SQL stands for Structured Query Language SQL lets you access and manipulate databases SQL became a standard of the American National Standards

1.45k views • 101 slides
Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims

Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims

Genomic Knowledge Standards (GKS) genomicsandhealth.org Genomic Knowledge Standards GKS aims to develop, adopt, and adapt standards to enable the exchange of genomic knowledge Establish framework of standards that lower barriers to

223 views • 4 slides
Lectures 3&4: from categorical and ordered Express Separate attributes Change

Lectures 3&4: from categorical and ordered Express Separate attributes Change

How to handle complexity: 1 previous strategy + 3 more Facet How? Encode Manipulate Facet Encode Manipulate Facet Reduce Juxtapose Manipulate Facet Reduce Map Derive Arrange Change Juxtapose Filter Lectures 3&4: from

62 views • 3 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Tanja Lange

318 views • 29 slides
Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1

Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1

Ahead Ahead of the of the Curve Curve A N N U A L S H A R E H O L D E R S M E E T I N G 2 0 1 7 Forward Looking Statements And Non GAAP Financial Measures To the extent that statements in this PowerPoint presentation relate to future

775 views • 28 slides
3 t ,t >. The graph of EXAMPLE 3: Consider the curve r t = <5sin the curve is shown

3 t ,t >. The graph of EXAMPLE 3: Consider the curve r t = <5sin the curve is shown

SMOOTH AND UNSMOOTH CURVES Def. A curve C is smooth if it is traced out by a vector-valued function r ( t ), where r '( t ) is continuous and r '( t ) 0 for all values of t . t 2 > 3 EXAMPLE 1 : r t = < t , r ' t =

209 views • 3 slides
Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve

Hyper-and-elliptic-curve cryptography (which is not the same as: hyperelliptic-curve cryptography and elliptic-curve cryptography) Daniel J. Bernstein Through our inefficient use of University of Illinois at Chicago & energy (gas

1.07k views • 76 slides
Functional Equations & Neural Networks for Time Series Interpolation Lars Kindermann, AWI

Functional Equations & Neural Networks for Time Series Interpolation Lars Kindermann, AWI

Functional Equations & Neural Networks for Time Series Interpolation Lars Kindermann, AWI Achim Lewandowski, OEFAI An old experiment v 0 v 1 Drop an object with different speeds and measure the speed at the ground Data v 0 x 0 v 1 free

652 views • 20 slides
= + + f( f( ) a ) a D m , c e 1 ij new 0 ij expt jk k

= + + f( f( ) a ) a D m , c e 1 ij new 0 ij expt jk k

MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-05044 1 MOL2NET, International Conference Series on Multidisciplinary Sciences MDPI http://sciforum.net/conference/mol2net-03 FRAMA 1.0: Framework for Moving Average Operators Calculation in Data

762 views • 3 slides
Engineering, Georgia Tech Chaos & non-linear forecasting Reference: [ Deepay Chakrabarti

Engineering, Georgia Tech Chaos & non-linear forecasting Reference: [ Deepay Chakrabarti

Class Website CX4242: Time Series Non-linear Forecasting Mahdi Roozbahani Lecturer, Computational Science and Engineering, Georgia Tech Chaos & non-linear forecasting Reference: [ Deepay Chakrabarti and Christos Faloutsos F4:

533 views • 38 slides
Biospecimen Assessment Michelle Danaher University of Maryland, Baltimore County and Eunice

Biospecimen Assessment Michelle Danaher University of Maryland, Baltimore County and Eunice

Biospecimen Assessment Michelle Danaher University of Maryland, Baltimore County and Eunice Kennedy Shriver National Institute of Child Health and Human Development 1/60 Outline Biospecimen Assessment Chapter 1: Background Pooling variables

715 views • 67 slides
5. Parametric curves We have already seen that one way to represent lines in R 3 is to think of

5. Parametric curves We have already seen that one way to represent lines in R 3 is to think of

5. Parametric curves We have already seen that one way to represent lines in R 3 is to think of them as being the intersection of two planes. Another approach is to parametrise the line. Pick two points Q 0 = (1 , 2 , 4) and Q 1 = (3 , 1 ,

508 views • 4 slides
Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire

Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire

Scalar decomposition on elliptic curves GLV, GLS, and beyond Benjamin Smith Laboratoire dInformatique de l Ecole polytechnique (LIX) and INRIA Saclay Ile-de-France BAC May 24, 2013 Smith (INRIA/LIX) Scalar decomposition on

1.92k views • 23 slides
COMBINATORICS OF MODULI SPACES OF CURVES LUCIA CAPORASO- UNIVERSIT` A ROMA TRE DOBBIACO WINTER

COMBINATORICS OF MODULI SPACES OF CURVES LUCIA CAPORASO- UNIVERSIT` A ROMA TRE DOBBIACO WINTER

COMBINATORICS OF MODULI SPACES OF CURVES LUCIA CAPORASO- UNIVERSIT` A ROMA TRE DOBBIACO WINTER SCHOOL Contents 1. Lecture 1 2 2. Lecture 2. 10 3. Lecture 3. 14 4. Lecture 4, 22 5. Lecture 5. 31 References 40 Date : February 28,

592 views • 41 slides
Symmetry Breaking in Quantum Curves & Super Chern-Simons Matrix Models Sanefumi Moriyama

Symmetry Breaking in Quantum Curves & Super Chern-Simons Matrix Models Sanefumi Moriyama

YITP Workshop 19/08/20 Symmetry Breaking in Quantum Curves & Super Chern-Simons Matrix Models Sanefumi Moriyama (Osaka City Univ/NITEP) Main References: S.M., S.Nakayama, T.Nosaka, JHEP, 2017; S.M., T.Nosaka, T.Yano, JHEP, 2017; N.Kubo,

745 views • 36 slides

More recommend