Squeezing a key through a carry bit

CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/34838 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

2017

Language

English

Content Metadata

Subject Area

Computer Science

Abstract

The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations. We show how to build a full practical key recovery attack on top of it, capable of targeting JSON Web Encryption.

Keywords

Security

Series