Paper 2008/113

Open Source Is Not Enough. Attacking the EC-package of Bouncycastle version 1.x_132

Daniel Mall and Qing Zhong

Abstract

BouncyCastle is an open source Crypto provider written in Java which supplies classes for Elliptic Curve Cryptography (ECC). We have found a flaw in the class ECPoint resulting from an unhappy interaction of elementary algorithms. We show how to exploit this flaw to a real world attack, e.g., on the encryption scheme ECIES. BouncyCastle has since fixed this flaw (version 1.x_133 and higher) but all older versions remain highly vulnerable to an active attacker and the attack shows a certain vulnerability of the involved validation algorithms.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
elliptic curve cryptography
Contact author(s)
daniel mall @ fhnw ch
History
2008-03-16: received
Short URL
https://ia.cr/2008/113
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/113,
      author = {Daniel Mall and Qing Zhong},
      title = {Open Source Is Not Enough.  Attacking the {EC}-package of Bouncycastle version 1.x_132},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/113},
      year = {2008},
      url = {https://eprint.iacr.org/2008/113}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.