Paper 2017/554

Trapping ECC with Invalid Curve Bug Attacks

Renaud Dubois

Abstract

In this paper we describe how to use a secret bug as a trapdoor to design trapped ellliptic curve E(Fp). This trapdoor can be used to mount an invalid curve attack on E(Fp). E(Fp) is designed to respect all ECC security criteria (prime order,high twist order, etc.) but for a secret exponent the point is projected on another unsecure curve. We show how to use this trap with a particular type of time/memory tradeoff to break the ECKCDSA verication process for any public key of the trapped curve. The process is highly undetectable : the chosen defender eort is quadratic in the saboter computational eort. This work provides a concrete hardly detectable and easily deniable example of cryptographic sabotage. While this proof of concept is very narrow, it highlights the necessity of the Full Verifiable Randomness of ECC

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Bug AttacksFault AttacksECCInvalid Curve AttackECKCDSAKleptographyNSAParanoiaVerifiable RandomnessSabotage-resilient Cryptography
Contact author(s)
renaud dubois @ thalesgroup com
History
2017-06-08: received
Short URL
https://ia.cr/2017/554
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/554,
      author = {Renaud Dubois},
      title = {Trapping {ECC} with Invalid Curve Bug Attacks},
      howpublished = {Cryptology {ePrint} Archive, Paper 2017/554},
      year = {2017},
      url = {https://eprint.iacr.org/2017/554}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.