International Conference on Research in Security Standardisation

Security Standardisation Research pp 109-139

How to Manipulate Curve Standards: A White Paper for the Black Hat http://bada55.cr.yp.to

Conference paper

DOI: 10.1007/978-3-319-27152-1_6

Volume 9497 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Bernstein D.J. et al. (2015) How to Manipulate Curve Standards: A White Paper for the Black Hat http://bada55.cr.yp.to. In: Chen L., Matsuo S. (eds) Security Standardisation Research. Lecture Notes in Computer Science, vol 9497. Springer, Cham

Abstract

This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable.

This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends heavily upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable.

This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a one-in-a-million vulnerability and that plausible models of the “Microsoft NUMS criteria” allow the attacker to target a one-in-a-hundred-thousand vulnerability.

Keywords

Elliptic-curve cryptography Verifiably random curves  Verifiably pseudorandom curves Minimal curves Nothing-up-my-sleeve numbers ANSI X9 NIST SECG Brainpool Microsoft NUMS 

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands
  2. 2.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA