How to manipulate curve standards: A white paper for the black hat

Daniel J. Bernstein, Tung Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Eran Lambooij, Tanja Lange, Ruben Niederhagen, Christine Van Vredendaal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends heavily upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable. This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a onein- a-million vulnerability and that plausible models of the “Microsoft NUMS criteria” allow the attacker to target a one-in-a-hundred-thousand vulnerability.

Original languageEnglish
Title of host publicationSecurity Standardisation Research - 2nd International Conference, SSR 2015, Proceedings
EditorsLiqun Chen, Shin’ichiro Matsuo
PublisherSpringer Verlag
Pages109-139
Number of pages31
ISBN (Print)9783319271514
DOIs
StatePublished - 2015
Event2nd International Conference on Security Standardisation Research, SSR 2015 - Tokyo, Japan
Duration: 15 Dec 201516 Dec 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9497
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference2nd International Conference on Security Standardisation Research, SSR 2015
Country/TerritoryJapan
CityTokyo
Period15/12/1516/12/15

Bibliographical note

Publisher Copyright:
© Springer International Publishing Switzerland 2015.

Keywords

  • ANSI X9
  • Brainpool
  • Elliptic-curve cryptography
  • Microsoft NUMS
  • Minimal curves
  • NIST
  • Nothing-up-mysleeve numbers
  • SECG
  • Verifiably pseudorandom curves
  • Verifiably random curves

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'How to manipulate curve standards: A white paper for the black hat'. Together they form a unique fingerprint.

Cite this