Paper 2013/734

Elliptic Curve Cryptography in Practice

Joppe W. Bos, J. Alex Halderman, Nadia Heninger, Jonathan Moore, Michael Naehrig, and Eric Wustrow

Abstract

In this paper, we perform a review of elliptic curve cryptography (ECC), as it is used in practice today, in order to reveal unique mistakes and vulnerabilities that arise in implementations of ECC. We study four popular protocols that make use of this type of public-key cryptography: Bitcoin, secure shell (SSH), transport layer security (TLS), and the Austrian e-ID card. We are pleased to observe that about 1 in 10 systems support ECC across the TLS and SSH protocols. However, we find that despite the high stakes of money, access and resources protected by ECC, implementations suffer from vulnerabilities similar to those that plague previous cryptographic systems.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. Minor revision.
Contact author(s)
jbos @ microsoft com
History
2013-12-02: revised
2013-11-14: received
See all versions
Short URL
https://ia.cr/2013/734
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/734,
      author = {Joppe W.  Bos and J.  Alex Halderman and Nadia Heninger and Jonathan Moore and Michael Naehrig and Eric Wustrow},
      title = {Elliptic Curve Cryptography in Practice},
      howpublished = {Cryptology ePrint Archive, Paper 2013/734},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/734}},
      url = {https://eprint.iacr.org/2013/734}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.