Trapping ECC with Invalid Curve Bug Attacks
نویسنده
چکیده
In this paper we describe how to use a secret bug as a trapdoor to design trapped ellliptic curve E(Fp). This trapdoor can be used to mount an invalid curve attack on E(Fp). E(Fp) is designed to respect all ECC security criteria (prime order, high twist order, etc.) but for a secret exponent the point is projected on another unsecure curve. We show how to use this trap with a particular type of time/memory tradeoff to break the ECKCDSA verification process for any public key of the trapped curve. The process is highly undetectable : the chosen defender effort is quadratic in the saboter computational effort. This work provides a concrete hardly detectable and easily deniable example of cryptographic sabotage. While this proof of concept is very narrow, it highlights the necessity of the Full Verifiable Randomness of ECC. keywords:Bug Attacks, Fault Attacks, ECC, Invalid Curve Attack, ECKCDSA, Kleptography, NSA, Paranoia, Verifiable Randomness, Sabotage-resilient Cryptography.
منابع مشابه
Practical Invalid Curve Attacks on TLS-ECDH
Elliptic Curve Cryptography (ECC) is based on cyclic groups, where group elements are represented as points in a finite plane. All ECC cryptosystems implicitly assume that only valid group elements will be processed by the different cryptographic algorithms. It is well-known that a check for group membership of given points in the plane should be performed before processing. However, in several...
متن کاملAn ECC-Based Mutual Authentication Scheme with One Time Signature (OTS) in Advanced Metering Infrastructure
Advanced metering infrastructure (AMI) is a key part of the smart grid; thus, one of the most important concerns is to offer a secure mutual authentication. This study focuses on communication between a smart meter and a server on the utility side. Hence, a mutual authentication mechanism in AMI is presented based on the elliptic curve cryptography (ECC) and one time signature (OTS) consists o...
متن کاملDegenerate Curve Attacks - Extending Invalid Curve Attacks to Edwards Curves and Other Models
Invalid curve attacks are a well-known class of attacks against implementations of elliptic curve cryptosystems, in which an adversary tricks the cryptographic device into carrying out scalar multiplication not on the expected secure curve, but on some other, weaker elliptic curve of his choosing. In their original form, however, these attacks only affect elliptic curve implementations using ad...
متن کاملProgrammable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security
Elliptic Curve Cryptography implementations are known to be vulnerable to various side-channel attacks and fault injection attacks, and many countermeasures have been proposed. However, selecting and integrating a set of countermeasures targeting multiple attacks into an ECC design is far from trivial. Security, performance and cost need to be considered together. In this paper, we describe a g...
متن کاملPower Analysis Attacks on ECC: A Major Security
Wireless sensor networks (WSNs) are largely deployed in different sectors and applications, and Elliptic Curve Cryptography (ECC) is proven to be the most feasible PKC for WSN security. ECC is believed to provide same level of security such as RSA with a much shorter key length, and thus they seem to be ideal for applications with small resources such a sensor network, smartcard, RFID, etc. How...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017