International Conference on Research in Security Standardisation

Security Standardisation Research pp 109-139

How to Manipulate Curve Standards: A White Paper for the Black Hat

Conference paper

DOI: 10.1007/978-3-319-27152-1_6

Part of the Lecture Notes in Computer Science book series (LNCS, volume 9497)
Cite this paper as:
Bernstein D.J. et al. (2015) How to Manipulate Curve Standards: A White Paper for the Black Hat In: Chen L., Matsuo S. (eds) Security Standardisation Research. Lecture Notes in Computer Science, vol 9497. Springer, Cham


This paper analyzes the cost of breaking ECC under the following assumptions: (1) ECC is using a standardized elliptic curve that was actually chosen by an attacker; (2) the attacker is aware of a vulnerability in some curves that are not publicly known to be vulnerable.

This cost includes the cost of exploiting the vulnerability, but also the initial cost of computing a curve suitable for sabotaging the standard. This initial cost depends heavily upon the acceptability criteria used by the public to decide whether to allow a curve as a standard, and (in most cases) also upon the chance of a curve being vulnerable.

This paper shows the importance of accurately modeling the actual acceptability criteria: i.e., figuring out what the public can be fooled into accepting. For example, this paper shows that plausible models of the “Brainpool acceptability criteria” allow the attacker to target a one-in-a-million vulnerability and that plausible models of the “Microsoft NUMS criteria” allow the attacker to target a one-in-a-hundred-thousand vulnerability.


Elliptic-curve cryptography Verifiably random curves  Verifiably pseudorandom curves Minimal curves Nothing-up-my-sleeve numbers ANSI X9 NIST SECG Brainpool Microsoft NUMS 

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenNetherlands
  2. 2.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA

Personalised recommendations