Squeezing a key through a carry bit - TIB AV-Portal

Squeezing a key through a carry bit

Not available online.

If you are interested in this material, please contact knm@tib.eu.

Coming up next

46:17

Taking a scalpel to QNX

Starts in 10 seconds

0

Related Material

Chaos Computer Club e.V.

Valsorda, Filippo

Formal Metadata

Title

Squeezing a key through a carry bit

Subtitle

No bug is small enough

Title of Series

34th Chaos Communication Congress

Number of Parts

167

Author

Valsorda, Filippo

License

CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/34838 (DOI)

Publisher

Chaos Computer Club e.V.

Release Date

Language

Content Metadata

Subject Area

Computer Science

Abstract

The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations. We show how to build a full practical key recovery attack on top of it, capable of targeting JSON Web Encryption.

Keywords

Series

34th Chaos Communication Congress90 / 167

1

46:49

34c3 - Abschluss

2

21:23

34c3 - Eröffnung: tuwat

3

1:43:56

34C3 - Lightning Talks Day 2

4

1:41:05

34C3 - Lightning Talks Day 3

5

2:02:59

34C3 - Lightning Talks Day 4

6

31:27

Access To Bodies

7

30:34

8

1:02:45

A hacker's guide to Climate Change - What do we know and how do we know it?

9

33:59

Antipatterns und Missverständnisse in der Softwareentwicklung

10

58:57

Are all BSDs created equally?

11

44:13

ASLR on the line

12

55:26

13

1:01:41

BBSs and early Internet access in the 1990ies

14

31:11

BGP and the Rule of Custom

15

1:00:08

Bildung auf dem Weg ins Neuland

16

28:22

BootStomp: On the Security of Bootloaders in Mobile Devices

17

29:51

Bringing Linux back to server boot ROMs with NERF and Heads

18

30:33

Catch me if you can: Internet Activism in Saudi Arabia

19

34:05

Closing the loop: Reconnecting social-technologial dynamics to Earth System science

20

1:01:39

Coming Soon: Machine-Checked Mathematical Proofs in Everyday Software and Hardware Development

21

1:09:19

cryptocurrencies, smart contracts, etc.: revolutionary tech?

22

58:18

Decoding Contactless (Card) Payments

23

56:53

Deconstructing a Socialist Lawnmower

24

54:43

Defeating (Not)Petya's Cryptography

25

31:29

Demystifying Network Cards

26

55:08

Der PC-Wahl-Hack

27

1:01:18

Die göttliche Informatik / The divine Computer Science

28

56:53

Die Lauschprogramme der Geheimdienste

29

32:21

Die Sprache der Überwacher

30

31:27

DPRK Consumer Technology

31

57:57

Dude, you broke the Future!

32

29:33

Ecstasy 10x yellow Twitter 120mg Mdma

33

1:01:05

Ein Festival der Demokratie

34

30:18

35

29:05

End-to-end formal ISA verification of RISC-V processors with riscv-formal

36

27:49

Ensuring Climate Data Remains Public

37

29:38

Es sind die kleinen Dinge im Leben II

38

57:24

Everything you want to know about x86 microcode, but might have been afraid to ask

39

31:22

Extended DNA Analysis

40

43:34

Forensic Architecture

41

32:14

Fuck Dutch mass-surveillance: let's have a referendum!

42

31:35

Growing Up Software Development

43

2:00:12

Hacker Jeopardy

44

30:27

Hardening Open Source Development

45

32:50

History and implications of DRM

46

1:01:29

Holography of Wi-Fi radiation

47

1:01:52

How Alice and Bob meet if they don't like onions

48

58:50

How risky is the software you use?

49

51:17

How to drift with any car

50

26:29

Humans as software extensions

51

1:00:01

Implementing an LLVM based Dynamic Binary Instrumentation framework

52

59:10

Inside Android’s SafetyNet Attestation: Attack and Defense

53

51:46

Inside Intel Management Engine

54

33:39

institutions for Resolution Disputes

55

27:23

International Image Interoperability Framework (IIIF) – Kulturinstitutionen schaffen interoperable Schnittstellen für digitalisiertes Kulturgut

56

50:24

Internet censorship in the Catalan referendum

57

54:56

iOS kernel exploitation archaeology

58

2:13:11

Jahresrückblick des CCC 2017

59

1:01:41

KRACKing WPA2 by Forcing Nonce Reuse

60

52:54

Ladeinfrastruktur für Elektroautos: Ausbau statt Sicherheit

61

1:05:55

62

55:58

Lobby-Schlacht um die ePrivacy-Verordnung

63

30:07

May contain DTraces of FreeBSD

64

30:54

Mietshäusersyndikat: den Immobilienmarkt hacken

65

1:00:31

MQA - A clever stealth DRM-Trojan

66

30:15

“Nabovarme” opensource heating infrastructure in Christiania

67

32:47

Net Neutraliy Enforcement in the EU

68

47:24

Netzpolitik in der Schweiz

69

1:47:19

Nougatbytes 11₂

70

1:02:13

On the Prospects and Challenges of Weather and Climate Modeling at Convection-Resolving Resolution

71

1:00:31

Opening Closed Systems with GlitchKit

72

31:39

openPower - the current state of commercial openness in CPU development

73

58:08

Open Source Estrogen

74

31:51

Organisational Structures for Sustainable Free Software Development

75

35:58

Privacy Shield - Lipstick on a Pig?

76

58:00

Protecting Your Privacy at the Border

77

31:26

Public FPGA based DMA Attacking

78

1:01:42

79

25:55

Regulating Autonomous Weapons

80

32:46

Relativitätstheorie für blutige Anfänger

81

59:28

Resilienced Kryptographie

82

42:08

Reverse engineering FPGAs

83

33:51

84

28:33

SatNOGS: Crowd-sourced satellite operations

85

45:08

SCADA - Gateway to (s)hell

86

30:47

Schreibtisch-Hooligans

87

30:45

Science is broken

88

1:06:42

Social Bots, Fake News und Filterblasen

89

1:02:30

Spy vs. Spy: A Modern Study Of Microphone Bugs Operation And Detection

90

50:01

Squeezing a key through a carry bit

91

46:17

Taking a scalpel to QNX

92

33:27

93

58:29

The Internet in Cuba: A Story of Community Resilience

94

52:13

The making of a chip

95

1:06:38

The Snowden Refugees under Surveillance in Hong Kong

96

1:01:41

The Ultimate Apollo Guidance Computer Talk

97

16:16

The Work of Art in the Age of Digital Assassination

98

43:29

This is NOT a proposal about mass surveillance!

99

57:38

Tracking Transience

100

48:09

Treibhausgasemissionen einschätzen

101

1:01:11

Trügerische Sicherheit

102

58:14

Uncertain Concern

103

31:31

Uncovering British spies’ web of sockpuppet social media personas

104

51:35

Uncovering vulnerabilities in Hoermann BiSecur

105

31:15

Unleash your smart-home devices: Vacuum Cleaning Robot Hacking

106

33:44

UPSat - the first open source satellite

107

55:13

Vintage Computing for Trusted Radiation Measurements and a World Free of Nuclear Weapons

108

32:28

Visceral Systems

109

33:21

Watching the changing Earth

110

31:25

111

32:04

Why Do We Anthropomorphize Computers?...

112

31:26

Algorithmic science evaluation and power structure: the discourse on strategic citation and 'citation cartels'

113

1:01:06

Zamir Transnational Network und Zagreb Dairy

114

59:14

Free Electron Lasers

115

31:23

TrustZone is not enough

116

21:13

Designing PCBs with code

117

33:14

Making Experts Makers and Makers Experts

118

1:01:43

Beeinflussung durch Künstliche Intelligenz

119

32:13

The seizure of the Iuventa

120

33:10

Die fabelhafte Welt des Mobilebankings

121

34:26

Social Cooling - big data’s unintended side effect

122

1:00:02

Lets break modern binary code obfuscation

123

56:07

eMMC hacking, or: how I fixed long-dead Galaxy S3 phones

124

1:02:33

Intel ME: Myths and reality

125

32:02

The Noise Protocol Framework

126

35:14

hacking disaster

127

59:02

Pointing Fingers at 'The Media'

128

32:51

Modern key distribution with ClaimChain

129

59:05

Financial surveillance

130

46:51

Practical Mix Network Design

131

30:48

0en & 1en auf dem Acker

132

59:24

All Computers Are Beschlagnahmt

133

32:32

Think big or care for yourself

134

31:19

Running GSM mobile phone on SDR

135

55:01

Microarchitectural Attacks on Trusted Execution Environments

136

32:26

library operating systems

137

35:03

Low Cost Non-Invasive Biomedical Imaging

138

38:10

Schnaps Hacking

139

56:49

Console Security - Switch

140

1:00:06

Policing in the age of data exploitation

141

31:11

142

45:36

1-day exploit development for Cisco IOS

143

35:16

Simulating the future of the global agro-food system

144

30:27

OONI: Let's Fight Internet Censorship, Together!

145

1:55:44

Methodisch inkorrekt!

146

49:10

Electromagnetic Threats for Information Security

147

31:30

148

29:16

Der netzpolitische Wetterbericht

149

28:39

How can you trust formally verified software?

150

57:18

34C3 Infrastructure Review

151

47:47

Tightening the Net in Iran

152

1:00:45

Tiger, Drucker und ein Mahnmal

153

1:11:24

Security Nightmares 0x12

154

59:39

We should share our secrets

155

48:18

Mobile Data Interception from the Interconnection Link

156

37:13

Drones of Power: Airborne Wind Energy

157

39:29

Gamified Control?

158

25:42

Saving the World with Space Solar Power

159

33:45

Digitale Bildung in der Schule

160

53:47

Deep Learning Blindspots

161

1:03:22

Don't stop 'til you feel it

162

56:38

Type confusion: discovery, abuse, and protection

163

22:48

Doping your Fitbit

164

27:48

Italy's surveillance toolbox

165

28:52

Home Distilling

166

29:14

167

59:20

Internet of Fails

Automatic playback

Recommendations