Category: General considerations
Algorithms for solving special cases of ECDLP – Elliptic Curves
8.4.2 Algorithms for solving special cases of ECDLP Because of their mathematical properties, some elliptic curves allow you to take shortcuts when solving ECDLP. In 1991, mathematicians Alfred Menezes, Scott Vanstone, and Tatsuaki Okamoto published an algorithm that reduces ECDLP to a DLP in the multiplicative group of a finite field. They showed that for…
Explore MoreSecure elliptic curves – the mathematical perspective – Elliptic Curves
8.4.3 Secure elliptic curves – the mathematical perspective From the preceding discussion, it should be clear that not every elliptic curve is suitable for cryptography. An elliptic curve used for cryptographic purposes must be cryptographically strong, which is just another way of saying that the ECDLP instance for this curve must be computationally hard. In…
Explore MoreCurve 25519 – Elliptic Curves
8.5.4 Curve 25519 Curve 25519 is defined in RFC 7748, where it is referred to as curve25519. It was proposed in 2005 by the American-German cryptographer Dan Bernstein [24] and attracted interest from the wider cryptographic community after the discovery of a potential backdoor in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm…
Explore MoreCurve 448 – Elliptic Curves
8.5.5 Curve 448 Curve 448 is also defined in RFC 7748 where it is referred to as curve448. It was proposed in 2015 by the American computer scientist and cryptographer Mike Hamburg [79] for inclusion in TLS, in order to equip the TLS standard with a cryptographically strong curve alongside curve25519. curve448 is named after…
Explore MoreDigital signatures in TLS 1.3 – Digital Signatures
9.4 Digital signatures in TLS 1.3 To agree upon the signature algorithms they want to use during their TLS session, Alice and Bob use two TLS 1.3 extensions. The algorithms for verifying digital signatures in certificates – a topic we will cover in detail in Chapter 10, Digital Certificates and Certification Authorities – are transmitted…
Explore MoreRSASSA-PKCS1-v1_5 algorithms 2 – Digital Signatures
These attacks illustrate why the input to the RSA signature generation function must be constructed in a secure manner and why the EMSA-PKCS1-v1_5 encoding uses a cryptographically secure hash function. More precisely, the EMSA-PKCS1-v1_5 encoding is computed as follows: 5. Output m. With the EMSA-PKCS1-v1_5 encoding function and the RSASP1 function in place, Alice can…
Explore MoreRSASSA-PKCS1-v1_5 algorithms – Digital Signatures
9.4.1 RSASSA-PKCS1-v1_5 algorithms The RSASSA PKCS1 version 1.5 algorithms rsa˙pkcs1˙sha256, rsa˙pkcs1˙sha384, and rsa˙pkcs1˙sha512 are defined in RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2. The hash functions – SHA-256, SHA-384 and SHA-512 – are definded in FIPS 180-4 Secure Hash Standard [129]. RFC 8017 specifies public-key cryptography algorithms – including so-called signature schemes with…
Explore MoreWhat is a digital certificate? – Digital Certificates and Certification Authorities
10.1 What is a digital certificate? Remember from Chapter 7, Public-Key Cryptography, that public keys, more precisely their numerical representation and their relation to a certain entity, must be authentic. Otherwise, an attacker, Eve, might exchange her own public key with Alice’s and could read Alice’s messages. Digital signatures, on the other hand, create the…
Explore MoreMinimum data fields 2 – Digital Certificates and Certification Authorities
Note that the above Critical/Not Critical classification might differ from the guidelines of the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities, web browser vendors, and companies providing PKI-based applications. The CA/Browser Forum guidelines govern the issuing and management of X.509v3 certificates, including those used for TLS [43]. Figure 10.2 shows some…
Explore MoreMinimum data fields – Digital Certificates and Certification Authorities
10.2.1 Minimum data fields According to X.509v1, a digital certificate has to contain at least the following eight data fields: Figure 10.1 shows some of these minimum data fields for the certificate of the web server www.amazon.com within Google Chrome’s certificate viewer. Figure 10.1: X.509v3 certificate of www.amazon.com as shown by Google Chrome’s certificate viewer…
Explore More