Cryptology ePrint Archive: Report 2008/113

Open Source Is Not Enough. Attacking the EC-package of Bouncycastle version 1.x_132

Daniel Mall and Qing Zhong

Abstract: BouncyCastle is an open source Crypto provider written in Java which supplies classes for Elliptic Curve Cryptography (ECC). We have found a flaw in the class ECPoint resulting from an unhappy interaction of elementary algorithms. We show how to exploit this flaw to a real world attack, e.g., on the encryption scheme ECIES. BouncyCastle has since fixed this flaw (version 1.x_133 and higher) but all older versions remain highly vulnerable to an active attacker and the attack shows a certain vulnerability of the involved validation algorithms.

Category / Keywords: implementation / elliptic curve cryptography

Date: received 13 Mar 2008

Contact author: daniel mall at fhnw ch

Available format(s): PDF | BibTeX Citation

Version: 20080316:141200 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]