Test case P-384/P-521 bug from golang
alex opened this issue · comments
golang/go#29903, but no test case there :-) Hopefully one part of Google can talk to another.
We have some logistic problem. Once it's resolved we'll publish the relevant test cases.
Awesome.
At the time I filed this I didn't even realize your team had found the bug, but chatting with Fillippo I gather the test case came from your work :-)
Yeah the test case came from this project. Daniel Bleichenbacher created the test case, and another person ran it against Golang and found the bug.
One issue here is that it took me some time to notice that there is already a published paper on the
attack. The golang bug is a special case of this paper.
Akishita T., Takagi T. (2003) Zero-Value Point Attacks on Elliptic Curve Cryptosystem. ISC 2003. LNCS 2851
Instead of just adding test vectors for the golang bug, I'm extending the the test vectors to include test cases for other similar situations, i.e. distinct curves, distinct point representations, distinct addition chains.