Paper 2014/571
How to manipulate curve standards: a white paper for the black hat
Daniel J. Bernstein, Tung Chou, Chitchanok Chuengsatiansup, Andreas Hülsing, Tanja Lange, Ruben Niederhagen, and Christine van Vredendaal
Abstract
This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable. This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable. This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a one-in-a-million vulnerability.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Elliptic-curve cryptographyverifiably random curvesverifiably pseudorandom curvesnothing- up-my-sleeve numberssabotaging standardsfighting terrorismprotecting the children.
- Contact author(s)
- authorcontact-bada55 @ box cr yp to
- History
- 2015-09-27: revised
- 2014-07-24: received
- See all versions
- Short URL
- https://ia.cr/2014/571
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2014/571,
author = {Daniel J. Bernstein and Tung Chou and Chitchanok Chuengsatiansup and Andreas Hülsing and Tanja Lange and Ruben Niederhagen and Christine van Vredendaal},
title = {How to manipulate curve standards: a white paper for the black hat},
howpublished = {Cryptology {ePrint} Archive, Paper 2014/571},
year = {2014},
url = {https://eprint.iacr.org/2014/571}
}
