Page 1
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Fun with Certificates part IIa Deep Dive into Elliptic Curve Cryptography for all ages
Brian Epstein(he/him/his)
Institute for Advanced Study
Computer Manager, Network and Security
Information Security Officer
[email protected] - @epepepep
Page 2
https://security.ias.edu 3
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Topics● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs● Demo
Page 3
https://security.ias.edu 4
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
So I was browsing the Interwebs...
Page 6
https://security.ias.edu 7
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
26%
1%
64%
7%1%
no SSL
RSA 1024 bit
RSA 2048 bit
RSA 4096 bit
ECC 256 bit
.edu's taken from Majestic's top 1 million websites (3096 total)
2017 TLS Certificate Breakdown for Edu's
Page 7
https://security.ias.edu 8
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
13%
0%
78%
6%
3%
0%
no SSL
RSA 1024 bit
RSA 2048 bit
RSA 4096 bit
ECC 256 bit
ECC 384 bit
.edu's taken from Majestic's top 1 million websites (4008 total)
2018 TLS Certificate Breakdown for Edu's
Page 8
https://security.ias.edu 9
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Why create ECC, we have RSA?
● If RSA breaks, what then?● Faster computers force increased key size● Speed is faster with ECC (for most things)
Page 9
https://security.ias.edu 10
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Key Length Comparison
Page 10
https://security.ias.edu 11
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Cryptography
Neal Koblitz
Victor Miller
1985
Page 11
https://security.ias.edu 12
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Cryptography (ECC)
● Explain the end goal for ECC● Review a little math● Show how to get to our end goal
So, let's begin at the end...
Page 12
https://security.ias.edu 13
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Secret Exchange
Where can wetalk privately??I have an
idea . . .
Page 13
https://security.ias.edu 14
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 14
https://security.ias.edu 15
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo (2,38)
gazelle (21,31)
stallion (17,15)
donkey (30,35)
iguana (19,18)
jackal (15,40)
orangutan (33,14)
goat (38,15)
mongoose (32,29)
rat (28,19)
deer (27,26)
cow (10,38)
Page 15
https://security.ias.edu 16
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29,3
8)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
Page 16
https://security.ias.edu 17
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
Page 17
https://security.ias.edu 18
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
Page 18
https://security.ias.edu 19
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
Page 19
https://security.ias.edu 20
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
S = mule (21,10)
Page 20
https://security.ias.edu 22
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
G = dingo (2,38)
d = ?
Q = wombat (22,16)
r = ?
R = panda (26,28)
S = mule (21,10)
d r
+ r+ d = = SWhy does this work?
d = 16 r = 25
25 + 16 = 16 + 25 = 41
Page 21
https://security.ias.edu 23
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Humpf,how romantic...
I should'vepicked a better
number.
Page 22
https://security.ias.edu 25
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Math● Square and Square root● Graphing● Elliptic Curves with point math● Finite Fields
Page 23
https://security.ias.edu 26
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Square and Square Root
√9=3
√9=−3√9=±3
32=3⋅3=9
(−3)2=−3⋅−3=9
32=3⋅332
(−3)2=−3⋅−3(−3)2
Page 24
https://security.ias.edu 27
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Graphing
0 1 2 3 40
2
4
6
8
10
12
14
16
18
1
x
y
y=x2+1
x yx2+1
0
1
2
34
5
02+1
1017
26
0•0+10+11
12+11•1+11+12
22+12•2+14+15
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
x
y
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
17
x
y
0 1 2 3 4 50
5
10
15
20
25
30
12
5
10
17
26
x
y
Page 25
https://security.ias.edu 28
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curves
Page 26
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
An Elliptical Machine
Page 27
https://security.ias.edu 30
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curvesy2= x3−x+3{(x , y )∈ℝ2∣y2= x3+ax+b ,4 a3+27 b2≠0}∪{0}
Page 28
https://security.ias.edu 31
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Elliptic Curve Math● Create “point addition” ⊕
P⊕Q⊕R=0
P⊕Q=-R● Create “point multiplication” ⊙
2⊙P = P⊕P
5⊙P = P⊕P⊕P⊕P⊕P● Demo D
Page 43
https://security.ias.edu 46
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 40
2
4
6
8
10
12
14
16
18
12
5
10
17
x
y
x x2+1
0
1
2
34
5
1017
26
0
2
5
Graphing
Page 44
https://security.ias.edu 47
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Finite Fields● Finite
– There is an end● Field
– Football– Soccer
● Demo A
Page 45
https://security.ias.edu 48
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Benefits from Finite Fields● computers are terrible at irrational
numbers● get to use whole numbers (integers)● reduce the size of the problem● Field is “closed”
Page 46
https://security.ias.edu 49
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Example Finite Field● Field size is 41● x axis goes from 0 to 40● y axis goes from 0 to 40
Page 47
https://security.ias.edu 50
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Graphing an EC on a Finite Field
Page 48
https://security.ias.edu 51
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 49
https://security.ias.edu 52
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2 3;
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 50
https://security.ias.edu 53
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2 3; 38
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 51
https://security.ias.edu 54
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
5
3; 38
0
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 52
https://security.ias.edu 55
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
6
3; 38
7; 34
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 53
https://security.ias.edu 56
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
Page 54
https://security.ias.edu 57
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
Page 55
https://security.ias.edu 58
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0; 41
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
Page 56
https://security.ias.edu 59
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
Page 57
https://security.ias.edu 60
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
Page 58
https://security.ias.edu 61
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Point Addition ⊕● Draw a line between points P and Q● Flip over at the sides, keep your slope● When you hit the next point, flip to
opposite side of the graph
Page 59
https://security.ias.edu 62
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …
P
Q
R
-R
P ⊕ Q = -RP ⊕ Q ⊕ R = 0
Page 60
https://security.ias.edu 63
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
One way function
X
Page 61
https://security.ias.edu 64
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
One way function● Point addition ⊕ and multiplication ⊙ are easy● Point subtraction ⊖ and division ⊘ are hard● Given R, what are P & Q?
Page 62
https://security.ias.edu 65
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
0 1 2 3 4 5 6 7 8 9 101112131415161718192021222324252627282930313233343536373839400
5
10
15
20
25
30
35
40
x
y
2
610
1517
18
1; 4015; 26
6; 35
3; 38
7; 343; 38
5 0
y2(mod 41)≡ x3−x+3 (mod 41)x
... …R
P + Q = -R
P + Q + R = 0
-R
P
Page 63
https://security.ias.edu 66
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Point Multiplication ⊙
Page 64
https://security.ias.edu 67
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
2 ⊙ (2,38) =(2,38) ⊕ (2,38) =(21,31)
Page 65
https://security.ias.edu 68
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
3 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ (2,38)) =(2,38) ⊕ (21,31) =(17,15)
Page 66
https://security.ias.edu 69
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
4 ⊙ (2,38) =(2,38) ⊕ ((2,38) ⊕ ((2,38) ⊕ (2,38))) =(2,38) ⊕ ((2,38) ⊕ (21,31)) =(2,38) ⊕ (17,15) =(30,35)
Page 67
https://security.ias.edu 70
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 68
https://security.ias.edu 71
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 69
https://security.ias.edu 73
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 70
https://security.ias.edu 74
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
dingo(2,38)
gazelle
(21,31)
stallio
n
(17,15)
donke
y
(30,
35)
chipmunk(2,3)
mule(21,10)alligator(17,26)
jack
al(1
5,4
0)
igua
na(1
9,18
)
ferret
(19,2
3)
boar
(30,6)
ora
ng
uta
n(3
3,1
4)
goat
(38,1
5)
mong
oose
(32,2
9)
rat
(28
,19)
deer
(27,2
6)
cow
(10
,38)
hip
po
(29
,3)
meeka
t(6
,34
)
musk
rat
(34,3
5)
cou
gar
(37
,5)
wom
bat
(22
,16)
newt(35,11)
gibbon
(25,33)
opossum
(18,35)
panda
(26,28)
llama(5,0)
sloth (35,30) pa
rake
et(2
5,8)
reindee
r(3
7,3
6)
dormouse
(22,25)
hed
geh
og
(26,1
3)
chim
panz
ee
(18,
6)
cat
(34,6
)
an
teate
r(6
,7)
oce
lot
(29
,38)
beaver
(10,3
)
pon
y(2
7,1
5)
porcu
pin
e(2
8,2
2)
squ
irrel
(32,1
2)
koala
(38
,26)
an
telo
pe
(33,2
7)
chicke
n(1
5,1
)
Page 71
https://security.ias.edu 75
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
And they lived happily ever after...
… until Dual_EC_DRBG
Page 72
https://security.ias.edu 76
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG)● Developed prior to 2004 by NSA
● Approved by NIST
● RSA Security used as default
● Bruce Schneier concluded it weak
● Edward Snowden leaks included documents revealing plot by NSA
Page 73
https://security.ias.edu 77
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Is ECC compromised then?● No, but we have some trust issues.● ANSI X9.62 (1999), IEEE P1363 (2000)?● SEC 2 (2000), NIST FIPS 186-2 (2000)?● ANSI X9.63 (2001), Brainpool (2005)?● NSA Suite B (2005)?● ANSSI FRP256V1 (2011)?
Page 74
https://security.ias.edu 78
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
SafeCurves
● Choosing safe curves for elliptic-curve cryptography
● https://safecurves.cr.yp.to/
Page 75
https://security.ias.edu 79
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Million Dollar ECC curve
● Publicly verifiable randomness produced in February 2016 by many national lotteries
● http://cryptoexperts.github.io/million-dollar-curve/
Page 76
https://security.ias.edu 80
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
And they lived happily ever after...
Hello? It's Eve here.Did you forget about me?
I heard everything!
Page 77
https://security.ias.edu 81
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 78
https://security.ias.edu 82
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 79
https://security.ias.edu 83
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
(Jimmy)nkwwm
Page 80
https://security.ias.edu 84
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
nkwwm
Page 81
https://security.ias.edu 85
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
nkwwmJimmy (Jimmy)orqql
Page 82
https://security.ias.edu 86
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy orqql
Page 83
https://security.ias.edu 87
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy orqqlJimmy
Page 84
https://security.ias.edu 88
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
(got it)ldg jg
Page 85
https://security.ias.edu 89
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
ldg jg
Page 86
https://security.ias.edu 90
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
ldg jggot it(got it)tes fs
Page 87
https://security.ias.edu 91
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
got ittes fs
Page 88
https://security.ias.edu 92
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Jimmy Jimmy
got ittes fsgot it
Page 89
https://security.ias.edu 93
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
RSA Certificates● Subject (FQDN)● Issuer (CA)● Public Key
● Modulus (n) product of two prime numbers● Public Exponent (e)
● x509 extensions● Certificate Authority Signature
Page 90
2008-05-29 Fun with Certificates
Page 91
2008-05-29 Fun with Certificates
Page 92
https://security.ias.edu 97
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
ECC Certificates● Subject (FQDN)● Issuer (CA)● Public Key
● Curve● Generator (start)● Public x,y coordinate
● x509 extensions● Certificate Authority Signature
Page 94
https://security.ias.edu 99
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
RSA Private Keys● Private Key
● Modulus (n) product of two prime numbers (p*q)● Public Exponent (e)● Private Exponent (d)● Prime1 (p)● Prime2 (q)
Page 95
2008-05-29 Fun with Certificates
Page 96
https://security.ias.edu 101
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
ECC Private Keys● Private Key
● Private number (how many steps)● Public x,y coordinate● Public Generator (starting point)● Curve
Page 98
https://security.ias.edu 103
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 99
https://security.ias.edu 104
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 100
https://security.ias.edu 105
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 101
https://security.ias.edu 106
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Trust● Public Key Infrastructure (PKI)
● Certificate Authority (CA) i.e. notary● Intermediate Certificate● Client Certificate
● Web of Trust
Page 102
https://security.ias.edu 107
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Public Key Infrastructure(PKI)
Web of Trust
Page 103
https://security.ias.edu 108
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
PKI● Why do we trust CAs?
● time consuming vetting process● regularly audited● $$$● bundled with product● certificate revocation
Page 104
https://security.ias.edu 109
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Structure● Root CA
● self signed● Intermediate certificate● Server certificate
Page 105
https://security.ias.edu 110
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 106
https://security.ias.edu 111
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Who provides the CA certificate, the client or the server?
The client.
...the intermediate certificate?
The server. (or it should)
Page 107
https://security.ias.edu 112
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 108
https://security.ias.edu 113
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 109
https://security.ias.edu 114
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 110
https://security.ias.edu 115
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Getting Your Cert Signed● Internal Certificate Authority● Commercial Certificate Authority
● Be a reseller ($12/yr, $119/yr wildcard)● inCommon for .edu’s ($2k-$20k/yr)
● https://www.incommon.org/certificates/
Page 111
https://security.ias.edu 117
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Semi-primes
41 * 43 = easy!1763
1739 = 47 * 37 difficult
1791904897 = 49943 * 35879
170122668341587273458646411386585043888873643113298660753168823105496218048396254258389541689798276387535036676575062116463749217204880781486238521463801806647717753763762209533452596443765433132839199250997874070119227832756249288919712152428105344288137338378592441098310151010596800002333954751873349228763 * 143685366445138003711595402594806625836106895764255994658099545498390517894693472991085893832864915801761970155763201096759761623694012072299292478856561357050062892354466628960025947611851554780658080196114743327960874693198902680721554877864174333388893106637708514607610834750473283277858418617695308935563 = 24444137941285645379511684911299365678423833046448779381238796084162536046797899019234205442218213499926991297229281024701278950648068677702332885730383357978977040184484121175079987603694398742376695650950853277837222494281038135867022877083226479856395867447419772143605903245226717018069307504429199930327344784767917383283267106133917174472280561457908186415882389738067587305825291144415722855157890883871648649466532813832921881732883942736314267482744271752456430649004239402313393638372879487394870568428620598721555293620836002747794896212943069775576590434653324242136440479444891894641015313209968513198569
hard, I need a computer!
Really hard, I need a super computer and a couple of millennia!
Page 112
https://security.ias.edu 118
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Breaking semi-primes● Brute force● Sieve methods (slightly better)● Rainbow table
● What if we stored all 174 bit primes on micro-SD cards?
Page 113
https://security.ias.edu 119
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110000101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000110101111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001100111111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001110001101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001111101100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010011111011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100010011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010100111001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010111000011100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011000001111100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011011100001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011101000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000011110000101.........................................................................
11972621413014756705924586149611790497021399392059337≅ 1.2*1052
23945242826029513411849172299223580994042798784118783≅ 2.4*1052
100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001001101
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111101
Let's store every 174 bit prime number!
Page 114
https://security.ias.edu 120
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 115
https://security.ias.edu 121
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
How many?# primes = π(x) = x/ln(x)
x1 = 11972621413014756705924586149611790497021399392059392
x2 = 23945242826029513411849172299223580994042798784118783
π(x2) – π(x
1) ≅ 9.87*1049 primes
0.005 g 1pb microsd
solar mass 1.9891*1030 kg
174 bitsprime
1 byte8 bits
1 kb 1024 bytes
1 mb 1024 kb
1 gb 1024 mb
1 tb 1024 gb
1 pb 1024 tb
1 kg 1000 gx
x x x x
x x x x =
x9.87*1049 primes
4.8 solar masses ≅ ???
Page 116
https://security.ias.edu 122
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 117
https://security.ias.edu 123
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Page 118
https://security.ias.edu 124
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Cert Lab
Page 119
https://security.ias.edu 125
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
Wrap-up● Cryptography● RSA overview● Explain why ECC came about● ECC deep dive● Safe Curves and Trust● Certs
Page 120
https://security.ias.edu 126
Fun with Certificates part IIElliptic Curve Cryptography
May 13, 2019
Network SecurityInstitute for Advanced Study
T
H
A
N
K
S