Test case P-384/P-521 bug from golang

Question

Test case P-384/P-521 bug from golang

alex opened this issue 5 years ago · comments

Alex Gaynor commented 5 years ago

golang/go#29903, but no test case there :-) Hopefully one part of Google can talk to another.

Thai Duong · Answer 1 · Thu Jan 24 2019 07:28:01 GMT+0800 (China Standard Time)

We have some logistic problem. Once it's resolved we'll publish the relevant test cases.

Alex Gaynor · Answer 2 · Thu Jan 24 2019 08:07:43 GMT+0800 (China Standard Time)

Awesome.

At the time I filed this I didn't even realize your team had found the bug, but chatting with Fillippo I gather the test case came from your work :-)

Thai Duong · Answer 3 · Thu Jan 24 2019 09:56:14 GMT+0800 (China Standard Time)

Yeah the test case came from this project. Daniel Bleichenbacher created the test case, and another person ran it against Golang and found the bug.

Daniel Bleichenbacher · Answer 4 · Fri Jan 25 2019 21:37:28 GMT+0800 (China Standard Time)

One issue here is that it took me some time to notice that there is already a published paper on the
attack. The golang bug is a special case of this paper.

Akishita T., Takagi T. (2003) Zero-Value Point Attacks on Elliptic Curve Cryptosystem. ISC 2003. LNCS 2851

Instead of just adding test vectors for the golang bug, I'm extending the the test vectors to include test cases for other similar situations, i.e. distinct curves, distinct point representations, distinct addition chains.

Thai Duong · Answer 5 · Tue Nov 26 2019 09:59:41 GMT+0800 (China Standard Time)

The test cases that @bleichen mentioned above were added in 7c9c6db.