Category: Minimum data fields
Algorithms for solving special cases of ECDLP – Elliptic Curves
8.4.2 Algorithms for solving special cases of ECDLP Because of their mathematical properties, some elliptic curves allow you to take shortcuts when solving ECDLP. In 1991, mathematicians Alfred Menezes, Scott Vanstone, and Tatsuaki Okamoto published an algorithm that reduces ECDLP to a DLP in the multiplicative group of a finite field. They showed that for…
Explore MoreA potential backdoor in Dual_EC_DRBG – Elliptic Curves
8.4.4 A potential backdoor in Dual_EC_DRBG Dual_EC_DRBG is a pseudorandom number generator based on elliptic curve cryptography. From 2006 to 2014, it was among the algorithms officially recommended by NIST in their Special Publication 800-90A Random Number Generation Using Deterministic Random Bit Generators. In 2014, NIST withdraw the algorithm based on substantial suspicion in the…
Explore MoreCurve 25519 – Elliptic Curves
8.5.4 Curve 25519 Curve 25519 is defined in RFC 7748, where it is referred to as curve25519. It was proposed in 2005 by the American-German cryptographer Dan Bernstein [24] and attracted interest from the wider cryptographic community after the discovery of a potential backdoor in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm…
Explore MoreExample: ECDH with curve x25519 – Elliptic Curves
8.5.8 Example: ECDH with curve x25519 RFC 7748 [86] specifies how Alice and Bob must perform ECDH using curve 25519. The protocol is illustrated in Figure 8.12 and we will follow the notation in RFC 7748 in case you want to look into that standard for more detailed information. Figure 8.12: ECDHE with curve 25519…
Explore MoreGeneral considerations – Digital Signatures
9.1 General considerations Assume Alice has generated herself a key pair (PKAlice,SKAlice) within some asymmetric cryptosystem. If Alice uses her private key SKAlice to compute some output s = sigAlice(x) based on an input x, this is an operation that can, at least in principle, only be performed by Alice because she is the only…
Explore MoreRSA-based signatures – Digital Signatures
9.2 RSA-based signatures An RSA-based signature is generated by applying the private key part of the RSA key pair to the hash value of the message m to be signed. To recap from Chapter 7, Public-Key Cryptography, Alice’s RSA key pair has the public key part PKAlice = (e,n), where n is the product of…
Explore MoreDigital signatures in TLS 1.3 – Digital Signatures
9.4 Digital signatures in TLS 1.3 To agree upon the signature algorithms they want to use during their TLS session, Alice and Bob use two TLS 1.3 extensions. The algorithms for verifying digital signatures in certificates – a topic we will cover in detail in Chapter 10, Digital Certificates and Certification Authorities – are transmitted…
Explore MoreRSASSA-PKCS1-v1_5 algorithms 2 – Digital Signatures
These attacks illustrate why the input to the RSA signature generation function must be constructed in a secure manner and why the EMSA-PKCS1-v1_5 encoding uses a cryptographically secure hash function. More precisely, the EMSA-PKCS1-v1_5 encoding is computed as follows: 5. Output m. With the EMSA-PKCS1-v1_5 encoding function and the RSASP1 function in place, Alice can…
Explore MoreRSASSA-PKCS1-v1_5 algorithms – Digital Signatures
9.4.1 RSASSA-PKCS1-v1_5 algorithms The RSASSA PKCS1 version 1.5 algorithms rsa˙pkcs1˙sha256, rsa˙pkcs1˙sha384, and rsa˙pkcs1˙sha512 are defined in RFC 8017 PKCS #1: RSA Cryptography Specifications Version 2.2. The hash functions – SHA-256, SHA-384 and SHA-512 – are definded in FIPS 180-4 Secure Hash Standard [129]. RFC 8017 specifies public-key cryptography algorithms – including so-called signature schemes with…
Explore MoreRSASSA-PSS algorithms – Digital Signatures
9.4.2 RSASSA-PSS algorithms The TLS 1.3 SignatureScheme data structure defines two types of RSASSA-PSS algorithms: algorithms with public key OID rsaEncryption and algorithms with public key OID RSASSA-PSS. An Object Identifier (OID) is a unique number standardized by the International Telecommunication Union (ITU) and ISO/IEC to globally and unambiguously identify an object, attribute, or concept.…
Explore More