Paper 2020/384

A ”Final” Security Bug

Nguyen Thoi Minh Quan

Abstract

This article discusses a fixed critical security bug in Google Tink's Ed25519 Java implementation. The bug allows remote attackers to extract the private key with only two Ed25519 signatures. The vulnerability comes from the misunderstanding of what "final" in Java programming language means. The bug was discovered during security review before Google Tink was officially released. It reinforces the challenge in writing safe cryptographic code and the importance of the security review process even for the code written by professional cryptographers.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
Ed25519security bugsremote attackers
Contact author(s)
msuntmquan @ gmail com
History
2020-04-09: received
Short URL
https://ia.cr/2020/384
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/384,
      author = {Nguyen Thoi Minh Quan},
      title = {A ”Final” Security Bug},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/384},
      year = {2020},
      url = {https://eprint.iacr.org/2020/384}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.