Fun with Certificates part II - Institute for Advanced Study · Fun with Certificates part II Elliptic Curve Cryptography May 13, 2019 Network Security Institute for Advanced Study

Post on 25-Jun-2020

1 Views

Category:

Documents

0 Downloads

Preview:

Click to see full reader

Transcript

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Fun with Certificates part IIa Deep Dive into Elliptic Curve Cryptography for all ages

Brian Epstein(he/him/his)

Institute for Advanced Study

Computer Manager, Network and Security

Information Security Officer

bepstein@ias.edu - @epepepep

mailto:bepstein@ias.edu

https://security.ias.edu 3

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Topics● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs● Demo

https://security.ias.edu 4

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

So I was browsing the Interwebs...

5

6

https://security.ias.edu 7

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

26%

1%

64%

7%1%

no SSL

RSA 1024 bit

RSA 2048 bit

RSA 4096 bit

ECC 256 bit

.edu's taken from Majestic's top 1 million websites (3096 total)

2017 TLS Certificate Breakdown for Edu's

https://security.ias.edu 8

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

13%

0%

78%

6%

3%

0%

no SSL

RSA 1024 bit

RSA 2048 bit

RSA 4096 bit

ECC 256 bit

ECC 384 bit

.edu's taken from Majestic's top 1 million websites (4008 total)

2018 TLS Certificate Breakdown for Edu's

https://security.ias.edu 9

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Why create ECC, we have RSA?

● If RSA breaks, what then?● Faster computers force increased key size● Speed is faster with ECC (for most things)

https://security.ias.edu 10

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Key Length Comparison

https://security.ias.edu 11

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Elliptic Curve Cryptography

Neal Koblitz

Victor Miller

1985

https://security.ias.edu 12

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Elliptic Curve Cryptography (ECC)

● Explain the end goal for ECC● Review a little math● Show how to get to our end goal

So, let's begin at the end...

https://security.ias.edu 13

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Secret Exchange

Where can wetalk privately??I have an

idea . . .

https://security.ias.edu 14

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 15

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo (2,38)

gazelle (21,31)

stallion (17,15)

donkey (30,35)

iguana (19,18)

jackal (15,40)

orangutan (33,14)

goat (38,15)

mongoose (32,29)

rat (28,19)

deer (27,26)

cow (10,38)

https://security.ias.edu 16

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29,3

8)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

https://security.ias.edu 17

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29

,38)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

G = dingo (2,38)

d = ?

Q = wombat (22,16)

r = ?

R = panda (26,28)

https://security.ias.edu 18

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29

,38)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

G = dingo (2,38)

d = ?

Q = wombat (22,16)

r = ?

R = panda (26,28)

https://security.ias.edu 19

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29

,38)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

G = dingo (2,38)

d = ?

Q = wombat (22,16)

r = ?

R = panda (26,28)

https://security.ias.edu 20

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29

,38)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

G = dingo (2,38)

d = ?

Q = wombat (22,16)

r = ?

R = panda (26,28)

S = mule (21,10)

https://security.ias.edu 22

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

G = dingo (2,38)

d = ?

Q = wombat (22,16)

r = ?

R = panda (26,28)

S = mule (21,10)

d r

+ r+ d = = SWhy does this work?

d = 16 r = 25

25 + 16 = 16 + 25 = 41

https://security.ias.edu 23

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Humpf,how romantic...

I should'vepicked a better

number.

https://security.ias.edu 25

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Math● Square and Square root● Graphing● Elliptic Curves with point math● Finite Fields

https://security.ias.edu 26

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Square and Square Root

√9=3

√9=−3√9=±3

32=3⋅3=9

(−3)2=−3⋅−3=9

32=3⋅332

(−3)2=−3⋅−3(−3)2

https://security.ias.edu 27

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Graphing

0 1 2 3 40

2

4

6

8

10

12

14

16

18

1

x

y

y=x2+1

x yx2+1

0

1

2

34

5

02+1

1017

26

0•0+10+11

12+11•1+11+12

22+12•2+14+15

0 1 2 3 40

2

4

6

8

10

12

14

16

18

12

x

y

0 1 2 3 40

2

4

6

8

10

12

14

16

18

12

5

x

y

0 1 2 3 40

2

4

6

8

10

12

14

16

18

12

5

10

x

y

0 1 2 3 40

2

4

6

8

10

12

14

16

18

12

5

10

17

x

y

0 1 2 3 4 50

5

10

15

20

25

30

12

5

10

17

26

x

y

https://security.ias.edu 28

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Elliptic Curves

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

An Elliptical Machine

https://security.ias.edu 30

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Elliptic Curvesy2= x3−x+3{(x , y )∈ℝ2∣y2= x3+ax+b ,4 a3+27 b2≠0}∪{0}

https://security.ias.edu 31

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Elliptic Curve Math● Create “point addition” ⊕

P⊕Q⊕R=0

P⊕Q=-R● Create “point multiplication” ⊙

2⊙P = P⊕P

5⊙P = P⊕P⊕P⊕P⊕P● Demo D

32

33

34

35

36

37

38

39

40

41

42

43

44

45

https://security.ias.edu 46

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 40

2

4

6

8

10

12

14

16

18

12

5

10

17

x

y

x x2+1

0

1

2

34

5

1017

26

0

2

5

Graphing

https://security.ias.edu 47

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Finite Fields● Finite

– There is an end● Field

– Football– Soccer

● Demo A

https://security.ias.edu 48

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Benefits from Finite Fields● computers are terrible at irrational

numbers● get to use whole numbers (integers)● reduce the size of the problem● Field is “closed”

https://security.ias.edu 49

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Example Finite Field● Field size is 41● x axis goes from 0 to 40● y axis goes from 0 to 40

https://security.ias.edu 50

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Graphing an EC on a Finite Field

https://security.ias.edu 51

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 52

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2 3;

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 53

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2 3; 38

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 54

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

5

3; 38

0

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 55

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

6

3; 38

7; 34

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 56

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

https://security.ias.edu 57

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

... …

https://security.ias.edu 58

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0; 41

y2(mod 41)≡ x3−x+3 (mod 41)x

... …

https://security.ias.edu 59

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

... …

https://security.ias.edu 60

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

... …

https://security.ias.edu 61

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Point Addition ⊕● Draw a line between points P and Q● Flip over at the sides, keep your slope● When you hit the next point, flip to

opposite side of the graph

https://security.ias.edu 62

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

... …

P

Q

R

-R

P ⊕ Q = -RP ⊕ Q ⊕ R = 0

https://security.ias.edu 63

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

One way function

X

https://security.ias.edu 64

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

One way function● Point addition ⊕ and multiplication ⊙ are easy● Point subtraction ⊖ and division ⊘ are hard● Given R, what are P & Q?

https://security.ias.edu 65

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400

5

10

15

20

25

30

35

40

x

y

2

610

1517

18

1; 4015; 26

6; 35

3; 38

7; 343; 38

5 0

y2(mod 41)≡ x3−x+3 (mod 41)x

... …R

P + Q = -R

P + Q + R = 0

-R

P

https://security.ias.edu 66

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Point Multiplication ⊙

https://security.ias.edu 67

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

2 ⊙ (2,38) =(2,38) ⊕ (2,38) =(21,31)

https://security.ias.edu 68

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

3 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ (2,38)) =(2,38) ⊕ (21,31) =(17,15)

https://security.ias.edu 69

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

4 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ ((2,38) ⊕ (2,38))) =(2,38) ⊕ ((2,38) ⊕ (21,31)) =(2,38) ⊕ (17,15) =(30,35)

https://security.ias.edu 70

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 71

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 73

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 74

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

dingo(2,38)

gazelle

(21,31)

stallio

n

(17,15)

donke

y

(30,

35)

chipmunk(2,3)

mule(21,10)alligator(17,26)

jack

al(1

5,4

0)

igua

na(1

9,18

)

ferret

(19,2

3)

boar

(30,6)

ora

ng

uta

n(3

3,1

4)

goat

(38,1

5)

mong

oose

(32,2

9)

rat

(28

,19)

deer

(27,2

6)

cow

(10

,38)

hip

po

(29

,3)

meeka

t(6

,34

)

musk

rat

(34,3

5)

cou

gar

(37

,5)

wom

bat

(22

,16)

newt(35,11)

gibbon

(25,33)

opossum

(18,35)

panda

(26,28)

llama(5,0)

sloth (35,30) pa

rake

et(2

5,8)

reindee

r(3

7,3

6)

dormouse

(22,25)

hed

geh

og

(26,1

3)

chim

panz

ee

(18,

6)

cat

(34,6

)

an

teate

r(6

,7)

oce

lot

(29

,38)

beaver

(10,3

)

pon

y(2

7,1

5)

porcu

pin

e(2

8,2

2)

squ

irrel

(32,1

2)

koala

(38

,26)

an

telo

pe

(33,2

7)

chicke

n(1

5,1

)

https://security.ias.edu 75

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

And they lived happily ever after...

… until Dual_EC_DRBG

https://security.ias.edu 76

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)● Developed prior to 2004 by NSA

● Approved by NIST

● RSA Security used as default

● Bruce Schneier concluded it weak

● Edward Snowden leaks included documents revealing plot by NSA

https://security.ias.edu 77

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Is ECC compromised then?● No, but we have some trust issues.● ANSI X9.62 (1999), IEEE P1363 (2000)?● SEC 2 (2000), NIST FIPS 186-2 (2000)?● ANSI X9.63 (2001), Brainpool (2005)?● NSA Suite B (2005)?● ANSSI FRP256V1 (2011)?

https://security.ias.edu 78

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

SafeCurves

● Choosing safe curves for elliptic-curve cryptography

● https://safecurves.cr.yp.to/

https://security.ias.edu 79

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Million Dollar ECC curve

● Publicly verifiable randomness produced in February 2016 by many national lotteries

● http://cryptoexperts.github.io/million-dollar-curve/

https://security.ias.edu 80

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

And they lived happily ever after...

Hello? It's Eve here.Did you forget about me?

I heard everything!

https://security.ias.edu 81

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 82

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://safecurves.cr.yp.to/

https://security.ias.edu 83

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

(Jimmy)nkwwm

http://cryptoexperts.github.io/million-dollar-curve/
http://cryptoexperts.github.io/million-dollar-curve/

https://security.ias.edu 84

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

nkwwm

https://security.ias.edu 85

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

nkwwmJimmy (Jimmy)orqql

https://security.ias.edu 86

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy orqql

https://security.ias.edu 87

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy orqqlJimmy

https://security.ias.edu 88

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy Jimmy

(got it)ldg jg

https://security.ias.edu 89

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy Jimmy

ldg jg

https://security.ias.edu 90

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy Jimmy

ldg jggot it(got it)tes fs

https://security.ias.edu 91

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy Jimmy

got ittes fs

https://security.ias.edu 92

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Jimmy Jimmy

got ittes fsgot it

https://security.ias.edu 93

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

RSA Certificates● Subject (FQDN)● Issuer (CA)● Public Key

● Modulus (n) product of two prime numbers● Public Exponent (e)

● x509 extensions● Certificate Authority Signature

2008-05-29 Fun with Certificates

2008-05-29 Fun with Certificates

https://security.ias.edu 97

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

ECC Certificates● Subject (FQDN)● Issuer (CA)● Public Key

● Curve● Generator (start)● Public x,y coordinate

● x509 extensions● Certificate Authority Signature

98

RSA ECC

https://security.ias.edu 99

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

RSA Private Keys● Private Key

● Modulus (n) product of two prime numbers (p*q)● Public Exponent (e)● Private Exponent (d)● Prime1 (p)● Prime2 (q)

2008-05-29 Fun with Certificates

https://security.ias.edu 101

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

ECC Private Keys● Private Key

● Private number (how many steps)● Public x,y coordinate● Public Generator (starting point)● Curve

102

RSA ECC

https://security.ias.edu 103

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 104

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 105

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 106

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Trust● Public Key Infrastructure (PKI)

● Certificate Authority (CA) i.e. notary● Intermediate Certificate● Client Certificate

● Web of Trust

https://security.ias.edu 107

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Public Key Infrastructure(PKI)

Web of Trust

https://security.ias.edu 108

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

PKI● Why do we trust CAs?

● time consuming vetting process● regularly audited● $$$● bundled with product● certificate revocation

https://security.ias.edu 109

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Structure● Root CA

● self signed● Intermediate certificate● Server certificate

https://security.ias.edu 110

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 111

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Who provides the CA certificate, the client or the server?

The client.

...the intermediate certificate?

The server. (or it should)

https://security.ias.edu 112

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 113

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 114

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 115

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Getting Your Cert Signed● Internal Certificate Authority● Commercial Certificate Authority

● Be a reseller ($12/yr, $119/yr wildcard)● inCommon for .edu’s ($2k-$20k/yr)

● https://www.incommon.org/certificates/

https://security.ias.edu 117

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Semi-primes

41 * 43 = easy!1763

1739 = 47 * 37 difficult

1791904897 = 49943 * 35879

170122668341587273458646411386585043888873643113298660753168823105496218048396254258389541689798276387535036676575062116463749217204880781486238521463801806647717753763762209533452596443765433132839199250997874070119227832756249288919712152428105344288137338378592441098310151010596800002333954751873349228763 * 143685366445138003711595402594806625836106895764255994658099545498390517894693472991085893832864915801761970155763201096759761623694012072299292478856561357050062892354466628960025947611851554780658080196114743327960874693198902680721554877864174333388893106637708514607610834750473283277858418617695308935563 = 24444137941285645379511684911299365678423833046448779381238796084162536046797899019234205442218213499926991297229281024701278950648068677702332885730383357978977040184484121175079987603694398742376695650950853277837222494281038135867022877083226479856395867447419772143605903245226717018069307504429199930327344784767917383283267106133917174472280561457908186415882389738067587305825291144415722855157890883871648649466532813832921881732883942736314267482744271752456430649004239402313393638372879487394870568428620598721555293620836002747794896212943069775576590434653324242136440479444891894641015313209968513198569

hard, I need a computer!

Really hard, I need a super computer and a couple of millennia!

https://security.ias.edu 118

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Breaking semi-primes● Brute force● Sieve methods (slightly better)● Rainbow table

● What if we stored all 174 bit primes on micro-SD cards?

https://security.ias.edu 119

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110101111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001110001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001111101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010011111011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100010011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100111001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111000011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000001111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011011100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011101000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011110000101.........................................................................

11972621413014756705924586149611790497021399392059337≅ 1.2*1052

23945242826029513411849172299223580994042798784118783≅ 2.4*1052

100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101

111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101

Let's store every 174 bit prime number!

https://security.ias.edu 120

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 121

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

How many?# primes = π(x) = x/ln(x)

x1 = 11972621413014756705924586149611790497021399392059392

x2 = 23945242826029513411849172299223580994042798784118783

π(x2) – π(x

1) ≅ 9.87*1049 primes

0.005 g 1pb microsd

solar mass 1.9891*1030 kg

174 bitsprime

1 byte8 bits

1 kb 1024 bytes

1 mb 1024 kb

1 gb 1024 mb

1 tb 1024 gb

1 pb 1024 tb

1 kg 1000 gx

x x x x

x x x x =

x9.87*1049 primes

4.8 solar masses ≅ ???

https://security.ias.edu 122

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 123

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

https://security.ias.edu 124

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Cert Lab

https://security.ias.edu 125

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

Wrap-up● Cryptography● RSA overview● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs

https://security.ias.edu 126

Fun with Certificates part IIElliptic Curve Cryptography

May 13, 2019

Network SecurityInstitute for Advanced Study

T

H

A

N

K

S

top related

Advanced STCW Certificates - MNZ
Documents
SQA Advanced Certificate in Travel and Tourism (GM9G 47...
Documents
Deutsche Bank Aktiengesellschaft · Certificates, X-Pert...
Documents
Associate Degree Programs Certificates · AUTO 145 Advanced...
Documents
AML Certificates Handbook 2017 Certificates Handbook 2017...
Documents
Level 4 Diploma in Advanced Healthcare and Social Care...
Documents
Fun - MIT...
Documents
fun fun fun fun fun fun fun fun fun fun fun fun fun fun fun....
Documents
General Certificates of Education Advanced Level ... · PDF....
Documents
media.investimenti.unicredit.it · PROGRAMMA "BONUS...
Documents
[ Advanced Excel Fun~tions and Procedures ]
Documents
Advanced fun with Objective-C runtime.
Technology
GENERAL PRACTITIONER ADVANCED CERTIFICATES · leading...
Documents
Advanced learning fun from the Helen Doron Educational ...
Documents
Advanced learning fun from the Helen Doron Educational...
Documents
Configuring Client-to-Lan IPsec VPN using certificates ........
Documents