Elliptic Curve Cryptography in Practice

Bos, Joppe W.; Halderman, J. Alex; Heninger, Nadia; Moore, Jonathan D.; Naehrig, Michael; Wustrow, Eric

doi:10.1007/978-3-662-45472-5_11

Cited by 185 publications

(95 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Nowadays, roughly one out of ten systems on the publicly observable Internet offers cipher suites in the Secure Shell (SSH) and Transport Layer Security (TLS) protocols that contain elliptic-curve-based cryptographic algorithms [16]. Most elliptic curve standards recommend curves for different perceived security levels that are either defined over prime fields or binary extension fields; on the Internet, however, the deployed curves are mostly defined over prime fields [16]. This can be partially explained by the increasing skepticism towards the security of elliptic curves defined over binary extension fields (justified by recent progress on solving the discrete logarithm problem on such curves [26]).…”

Section: Introductionmentioning

confidence: 99%

Selecting elliptic curves for cryptography: an efficiency and security analysis

et al. 2015

Self Cite

View full text Add to dashboard Cite

We select a set of elliptic curves for cryptography and analyze our selection from a performance and security perspective. This analysis complements recent curve proposals that suggest (twisted) Edwards curves by also considering the Weierstrass model. Working with both Montgomery-friendly and pseudo-Mersenne primes allows us to consider more possibilities which help to improve the overall efficiency of base field arithmetic. Our Weierstrass curves are backwards compatible with current implementations of prime order NIST curves, while providing improved efficiency and stronger security properties. We choose algorithms and explicit formulas to demonstrate that our curves support constant-time, exception-free scalar multiplications, thereby offering high practical security in cryptographic applications. Our implementation shows that variable-base scalar multiplication on the new Weierstrass curves at the 128-bit security level is about 1.4 times faster than the recent implementation record on the corresponding NIST curve. For practitioners who are willing to use a different curve model and sacrifice a few bits of security, we present a collection of twisted Edwards curves with particularly efficient arithmetic that are up to 1.42, 1.26 Michael Naehrig E-mail: mnaehrig@microsoft.com and 1.24 times faster than the new Weierstrass curves at the 128-, 192-and 256-bit security levels, respectively. Finally, we discuss how these curves behave in a realworld protocol by considering different scalar multiplication scenarios in the transport layer security (TLS) protocol. The proposed curves and the results of the analysis are intended to contribute to the recent efforts towards recommending new elliptic curves for Internet standards.

show abstract

Section: Introductionmentioning

confidence: 99%

Selecting elliptic curves for cryptography: an efficiency and security analysis

et al. 2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…Generally speaking, HDECC can be applied instead of any use of the classic ECC; i.e., Bitcoin, secure shell (ssl), transport layer security (tls) [14]. Among these applications, one of the most important is certainly tls.…”

Section: Examples Of Practical Uses Of High-dimensional Ellipticmentioning

confidence: 99%

Elliptic-Curves Cryptography on High-Dimensional Surfaces

Sonnino¹,

Sonnino²

2017

IJAERS

View full text Add to dashboard Cite

show abstract

“…Important studies of cryptographic vulnerabilities have included studies of key revocation after the Debian randomness bug [59], studies of factorable RSA keys due to shared prime factors [60], [61], studies of elliptic curve deployment errors in TLS [62], forged TLS certificates in the wild [18] and multiple studies of key sizes and cipher suites used in practice [23], [63], [64]. Our work is largely distinct from these in that we focus on two new aspects of HTTPS (pinning and strict transport security) which are vulnerabilities at the HTTPS (application) level rather than the TLS (cryptographic) level.…”

Section: B Empirical Studies Of Https and Tlsmentioning

confidence: 99%

Upgrading HTTPS in mid-air: An Empirical Study of Strict Transport Security and Key Pinning

Kranch

Bonneau

2015

Proceedings 2015 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-We have conducted the first in-depth empirical study of two important new web security features: strict transport security (HSTS) and public-key pinning. Both have been added to the web platform to harden HTTPS, the prevailing standard for secure web browsing. While HSTS is further along, both features still have very limited deployment at a few large websites and a long tail of small, security-conscious sites. We find evidence that many developers do not completely understand these features, with a substantial portion using them in invalid or illogical ways. The majority of sites we observed trying to set an HSTS header did so with basic errors that significantly undermine the security this feature is meant to provide. We also identify several subtle but important new pitfalls in deploying these features in practice. For example, the majority of pinned domains undermined the security benefits by loading non-pinned resources with the ability to hijack the page. A substantial portion of HSTS domains and nearly all pinned domains leaked cookie values, including login cookies, due to the poorly-understood interaction between HTTP cookies and the same-origin policy. Our findings highlight that the web platform, as well as modern web sites, are large and complicated enough to make even conceptually simple security upgrades challenging to deploy in practice.

show abstract

Elliptic Curve Cryptography in Practice

Cited by 185 publications

References 33 publications

Selecting elliptic curves for cryptography: an efficiency and security analysis

Selecting elliptic curves for cryptography: an efficiency and security analysis

Elliptic-Curves Cryptography on High-Dimensional Surfaces

Upgrading HTTPS in mid-air: An Empirical Study of Strict Transport Security and Key Pinning

Contact Info

Product

Resources

About