View
1
Download
0
Category
Preview:
Citation preview
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Fun with Certificates part IIa Deep Dive into Elliptic Curve Cryptography for all ages
Brian Epstein(he/him/his)
Institute for Advanced Study
Computer Manager, Network and Security
Information Security Officer
bepstein@ias.edu - @epepepep
https://security.ias.edu 3
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Topics● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs● Demo
https://security.ias.edu 4
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
So I was browsing the Interwebs...
5
6
https://security.ias.edu 7
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
26%
1%
64%
7%1%
no SSL
RSA 1024 bit
RSA 2048 bit
RSA 4096 bit
ECC 256 bit
.edu's taken from Majestic's top 1 million websites (3096 total)
2017 TLS Certificate Breakdown for Edu's
https://security.ias.edu 8
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
13%
0%
78%
6%
3%
0%
no SSL
RSA 1024 bit
RSA 2048 bit
RSA 4096 bit
ECC 256 bit
ECC 384 bit
.edu's taken from Majestic's top 1 million websites (4008 total)
2018 TLS Certificate Breakdown for Edu's
https://security.ias.edu 9
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Why create ECC, we have RSA?
● If RSA breaks, what then?● Faster computers force increased key size● Speed is faster with ECC (for most things)
https://security.ias.edu 10
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Key Length Comparison
https://security.ias.edu 11
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Cryptography
Neal Koblitz
Victor Miller
1985
https://security.ias.edu 12
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Cryptography (ECC)
● Explain the end goal for ECC● Review a little math● Show how to get to our end goal
So, let's begin at the end...
https://security.ias.edu 13
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Secret Exchange
Where can wetalk privately??I have an
idea . . .
https://security.ias.edu 14
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 15
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo (2,38)
gazelle (21,31)
stallion (17,15)
donkey (30,35)
iguana (19,18)
jackal (15,40)
orangutan (33,14)
goat (38,15)
mongoose (32,29)
rat (28,19)
deer (27,26)
cow (10,38)
https://security.ias.edu 16
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29,3
8)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
https://security.ias.edu 17
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
https://security.ias.edu 18
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
https://security.ias.edu 19
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
https://security.ias.edu 20
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
S = mule (21,10)
https://security.ias.edu 22
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
S = mule (21,10)
d r
+ r+ d = = SWhy does this work?
d = 16 r = 25
25 + 16 = 16 + 25 = 41
https://security.ias.edu 23
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Humpf,how romantic...
I should'vepicked a better
number.
https://security.ias.edu 25
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Math● Square and Square root● Graphing● Elliptic Curves with point math● Finite Fields
https://security.ias.edu 26
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Square and Square Root
√9=3
√9=−3√9=±3
32=3⋅3=9
(−3)2=−3⋅−3=9
32=3⋅332
(−3)2=−3⋅−3(−3)2
https://security.ias.edu 27
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Graphing
0 1 2 3 40
2
4
6
8
10
12
14
16
18
1
x
y
y=x2+1
x yx2+1
0
1
2
34
5
02+1
1017
26
0•0+10+11
12+11•1+11+12
22+12•2+14+15
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
17
x
y
0 1 2 3 4 50
5
10
15
20
25
30
12
5
10
17
26
x
y
https://security.ias.edu 28
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curves
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
An Elliptical Machine
https://security.ias.edu 30
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curvesy2= x3−x+3{(x , y )∈ℝ2∣y2= x3+ax+b ,4 a3+27 b2≠0}∪{0}
https://security.ias.edu 31
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Math● Create “point addition” ⊕
P⊕Q⊕R=0
P⊕Q=-R● Create “point multiplication” ⊙
2⊙P = P⊕P
5⊙P = P⊕P⊕P⊕P⊕P● Demo D
32
33
34
35
36
37
38
39
40
41
42
43
44
45
https://security.ias.edu 46
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
17
x
y
x x2+1
0
1
2
34
5
1017
26
0
2
5
Graphing
https://security.ias.edu 47
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Finite Fields● Finite
– There is an end● Field
– Football– Soccer
● Demo A
https://security.ias.edu 48
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Benefits from Finite Fields● computers are terrible at irrational
numbers● get to use whole numbers (integers)● reduce the size of the problem● Field is “closed”
https://security.ias.edu 49
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Example Finite Field● Field size is 41● x axis goes from 0 to 40● y axis goes from 0 to 40
https://security.ias.edu 50
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Graphing an EC on a Finite Field
https://security.ias.edu 51
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 52
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2 3;
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 53
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2 3; 38
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 54
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
5
3; 38
0
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 55
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
6
3; 38
7; 34
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 56
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
https://security.ias.edu 57
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
https://security.ias.edu 58
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0; 41
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
https://security.ias.edu 59
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
https://security.ias.edu 60
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
https://security.ias.edu 61
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Point Addition ⊕● Draw a line between points P and Q● Flip over at the sides, keep your slope● When you hit the next point, flip to
opposite side of the graph
https://security.ias.edu 62
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
P
Q
R
-R
P ⊕ Q = -RP ⊕ Q ⊕ R = 0
https://security.ias.edu 63
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
One way function
X
https://security.ias.edu 64
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
One way function● Point addition ⊕ and multiplication ⊙ are easy● Point subtraction ⊖ and division ⊘ are hard● Given R, what are P & Q?
https://security.ias.edu 65
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …R
P + Q = -R
P + Q + R = 0
-R
P
https://security.ias.edu 66
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Point Multiplication ⊙
https://security.ias.edu 67
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
2 ⊙ (2,38) =(2,38) ⊕ (2,38) =(21,31)
https://security.ias.edu 68
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
3 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ (2,38)) =(2,38) ⊕ (21,31) =(17,15)
https://security.ias.edu 69
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
4 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ ((2,38) ⊕ (2,38))) =(2,38) ⊕ ((2,38) ⊕ (21,31)) =(2,38) ⊕ (17,15) =(30,35)
https://security.ias.edu 70
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 71
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 73
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 74
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
https://security.ias.edu 75
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
And they lived happily ever after...
… until Dual_EC_DRBG
https://security.ias.edu 76
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)● Developed prior to 2004 by NSA
● Approved by NIST
● RSA Security used as default
● Bruce Schneier concluded it weak
● Edward Snowden leaks included documents revealing plot by NSA
https://security.ias.edu 77
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Is ECC compromised then?● No, but we have some trust issues.● ANSI X9.62 (1999), IEEE P1363 (2000)?● SEC 2 (2000), NIST FIPS 186-2 (2000)?● ANSI X9.63 (2001), Brainpool (2005)?● NSA Suite B (2005)?● ANSSI FRP256V1 (2011)?
https://security.ias.edu 78
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
SafeCurves
● Choosing safe curves for elliptic-curve cryptography
● https://safecurves.cr.yp.to/
https://security.ias.edu 79
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Million Dollar ECC curve
● Publicly verifiable randomness produced in February 2016 by many national lotteries
● http://cryptoexperts.github.io/million-dollar-curve/
https://security.ias.edu 80
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
And they lived happily ever after...
Hello? It's Eve here.Did you forget about me?
I heard everything!
https://security.ias.edu 81
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 82
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 83
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
(Jimmy)nkwwm
https://security.ias.edu 84
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
nkwwm
https://security.ias.edu 85
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
nkwwmJimmy (Jimmy)orqql
https://security.ias.edu 86
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy orqql
https://security.ias.edu 87
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy orqqlJimmy
https://security.ias.edu 88
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
(got it)ldg jg
https://security.ias.edu 89
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
ldg jg
https://security.ias.edu 90
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
ldg jggot it(got it)tes fs
https://security.ias.edu 91
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
got ittes fs
https://security.ias.edu 92
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
got ittes fsgot it
https://security.ias.edu 93
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
RSA Certificates● Subject (FQDN)● Issuer (CA)● Public Key
● Modulus (n) product of two prime numbers● Public Exponent (e)
● x509 extensions● Certificate Authority Signature
2008-05-29 Fun with Certificates
2008-05-29 Fun with Certificates
https://security.ias.edu 97
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
ECC Certificates● Subject (FQDN)● Issuer (CA)● Public Key
● Curve● Generator (start)● Public x,y coordinate
● x509 extensions● Certificate Authority Signature
98
RSA ECC
https://security.ias.edu 99
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
RSA Private Keys● Private Key
● Modulus (n) product of two prime numbers (p*q)● Public Exponent (e)● Private Exponent (d)● Prime1 (p)● Prime2 (q)
2008-05-29 Fun with Certificates
https://security.ias.edu 101
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
ECC Private Keys● Private Key
● Private number (how many steps)● Public x,y coordinate● Public Generator (starting point)● Curve
102
RSA ECC
https://security.ias.edu 103
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 104
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 105
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 106
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Trust● Public Key Infrastructure (PKI)
● Certificate Authority (CA) i.e. notary● Intermediate Certificate● Client Certificate
● Web of Trust
https://security.ias.edu 107
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Public Key Infrastructure(PKI)
Web of Trust
https://security.ias.edu 108
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
PKI● Why do we trust CAs?
● time consuming vetting process● regularly audited● $$$● bundled with product● certificate revocation
https://security.ias.edu 109
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Structure● Root CA
● self signed● Intermediate certificate● Server certificate
https://security.ias.edu 110
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 111
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Who provides the CA certificate, the client or the server?
The client.
...the intermediate certificate?
The server. (or it should)
https://security.ias.edu 112
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 113
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 114
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 115
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Getting Your Cert Signed● Internal Certificate Authority● Commercial Certificate Authority
● Be a reseller ($12/yr, $119/yr wildcard)● inCommon for .edu’s ($2k-$20k/yr)
● https://www.incommon.org/certificates/
https://security.ias.edu 117
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Semi-primes
41 * 43 = easy!1763
1739 = 47 * 37 difficult
1791904897 = 49943 * 35879
170122668341587273458646411386585043888873643113298660753168823105496218048396254258389541689798276387535036676575062116463749217204880781486238521463801806647717753763762209533452596443765433132839199250997874070119227832756249288919712152428105344288137338378592441098310151010596800002333954751873349228763 * 143685366445138003711595402594806625836106895764255994658099545498390517894693472991085893832864915801761970155763201096759761623694012072299292478856561357050062892354466628960025947611851554780658080196114743327960874693198902680721554877864174333388893106637708514607610834750473283277858418617695308935563 = 24444137941285645379511684911299365678423833046448779381238796084162536046797899019234205442218213499926991297229281024701278950648068677702332885730383357978977040184484121175079987603694398742376695650950853277837222494281038135867022877083226479856395867447419772143605903245226717018069307504429199930327344784767917383283267106133917174472280561457908186415882389738067587305825291144415722855157890883871648649466532813832921881732883942736314267482744271752456430649004239402313393638372879487394870568428620598721555293620836002747794896212943069775576590434653324242136440479444891894641015313209968513198569
hard, I need a computer!
Really hard, I need a super computer and a couple of millennia!
https://security.ias.edu 118
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Breaking semi-primes● Brute force● Sieve methods (slightly better)● Rainbow table
● What if we stored all 174 bit primes on micro-SD cards?
https://security.ias.edu 119
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110101111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001110001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001111101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010011111011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100010011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100111001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111000011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000001111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011011100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011101000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011110000101.........................................................................
11972621413014756705924586149611790497021399392059337≅ 1.2*1052
23945242826029513411849172299223580994042798784118783≅ 2.4*1052
100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101
Let's store every 174 bit prime number!
https://security.ias.edu 120
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 121
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
How many?# primes = π(x) = x/ln(x)
x1 = 11972621413014756705924586149611790497021399392059392
x2 = 23945242826029513411849172299223580994042798784118783
π(x2) – π(x
1) ≅ 9.87*1049 primes
0.005 g 1pb microsd
solar mass 1.9891*1030 kg
174 bitsprime
1 byte8 bits
1 kb 1024 bytes
1 mb 1024 kb
1 gb 1024 mb
1 tb 1024 gb
1 pb 1024 tb
1 kg 1000 gx
x x x x
x x x x =
x9.87*1049 primes
4.8 solar masses ≅ ???
https://security.ias.edu 122
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 123
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
https://security.ias.edu 124
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Cert Lab
https://security.ias.edu 125
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Wrap-up● Cryptography● RSA overview● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs
https://security.ias.edu 126
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
T
H
A
N
K
S
Recommended