Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC

Surý, Ondřej; Edmonds, Robert

doi:10.17487/rfc8080

Cited by 10 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The DNSSEC protocol allows adding new cryptographic algorithms relatively easily, and new algorithms have been proposed and integrated numerous times [38,42,55]. All algorithms, however, must adhere to boundaries and requirements set by the design and deployment of DNS, DNSSEC and the underlying transport protocols.…”

Section: Cryptographic Requirementsmentioning

confidence: 99%

Retrofitting post-quantum cryptography in internet protocols

Müller

Jong²,

Heesch³

et al. 2020

SIGCOMM Comput. Commun. Rev.

View full text Add to dashboard Cite

Quantum computing is threatening current cryptography, especially the asymmetric algorithms used in many Internet protocols. More secure algorithms, colloquially referred to as Post-Quantum Cryptography (PQC), are under active development. These new algorithms differ significantly from current ones. They can have larger signatures or keys, and often require more computational power. This means we cannot just replace existing algorithms by PQC alternatives, but need to evaluate if they meet the requirements of the Internet protocols that rely on them. In this paper we provide a case study, analyzing the impact of PQC on the Domain Name System (DNS) and its Security Extensions (DNSSEC). In its main role, DNS translates human-readable domain names to IP addresses and DNSSEC guarantees message integrity and authenticity. DNSSEC is particularly challenging to transition to PQC, since DNSSEC and its underlying transport protocols require small signatures and keys and efficient validation. We evaluate current candidate PQC signature algorithms in the third round of the NIST competition on their suitability for use in DNSSEC. We show that three algorithms, partially, meet DNSSEC's requirements but also show where and how we would still need to adapt DNSSEC. Thus, our research lays the foundation for making DNSSEC, and protocols with similar constraints ready for PQC.

show abstract

Section: Cryptographic Requirementsmentioning

confidence: 99%

Retrofitting post-quantum cryptography in internet protocols

Müller

Jong²,

Heesch³

et al. 2020

SIGCOMM Comput. Commun. Rev.

View full text Add to dashboard Cite

show abstract

“…Algorithm 1 shows the process to sign the message. The detail explanation of EdDSA is given in [28].…”

Section: A Regular Setup Attack Edwards-curve Digital Signature Algorithmmentioning

confidence: 99%

Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols

et al. 2020

View full text Add to dashboard Cite

Kleptography is the study of pilfering secure data secretly and subliminally. The concept of inserting backdoors was introduced two decades ago by Young and Yung. However, still it is a serious threat for modern cryptography. Different studies have proved that exploiting implementation errors of cryptographic algorithms needs less effort as compared to attacking its mathematical structure. Inserting the backdoor modifies the standard method of generating public and private key pairs in such away that the public information is meaningful for the attacker. This paper presents the kleptographic attack on cryptographic algorithm based on Elliptic curves. We show the technique of implementing backdoor against Edwards-curve Digital Signature Algorithm, Elliptic curve Diffie-Hellman key exchange scheme, Elliptic curve Digital Signature Algorithm, Elliptic curve Integrated Encryption Scheme, Elliptic curve ElGamal Encryption and Elliptic curve Qu-Vanstone implicit certificate scheme. In practical approach, backdoors are inserted in such a way that their identification is impossible by analyzing the output of an algorithm. Detection of kleptographic implementation is a complex task and very few studies can be found in this direction. We have explored the possibility of detection of malicious code inside the Elliptic curve based algorithms by using the idea of running time analysis. We have shown that by implementing strong Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against Elliptic curve based algorithms, one can detect the presence of backdoor by analyzing the time difference in execution of an honest vs malicious version of code. We also modified the backdoor insertion mechanism in Edwards-curve Digital Signature Algorithm that results in negligible time difference making it impossible for the user to detect backdoor presence.

show abstract

“…Note that our attack extracts one secret bit for each execution of the victim; hence, if the victim picks a fresh nonce at each execution, two bits extracted by our attack would be completely uncorrelated. Nevertheless, EdDSA is deterministic [27] and the nonce is computed as function of the message to be signed and the signing key. Hence, by feeding a fixed message to the signing routine we ensure that the nonce is always the same and can extract one of its bits at each execution.…”

Section: Attacks On Mpi_ec_mul_pointmentioning

confidence: 99%

On the Challenges of Detecting Side-Channel Attacks in SGX

Jiang¹,

Soriente²,

Karame³

2020

Preprint

View full text Add to dashboard Cite

Side-channel vulnerabilities of Intel SGX is driving the research community towards designing low-overhead detection tools. The ones available to date are grounded on the observation that attacks affect the performance of the victim application (in terms of runtime, enclave interruptions, etc.), so they monitor the potential victim and raise an alarm if the witnessed performance is anomalous.We show that tools monitoring the performance of an enclave to detect side-channel attacks may not be effective. Our core intuition is that these tools are geared towards an adversary that interferes with the victim's execution in order to extract the most number of secret bits (e.g., the entire secret) in one or few runs. They cannot, however, detect an adversary that leaks smaller portions of the secret-as small as a single bit-at each execution of the victim. In particular, by minimizing the information leaked at each run, the impact of the attack on the application's performance is significantly lessened-so that the detection tool notices no attack. By repeating the attack multiple times, and each time leaking a different part of the secret, the adversary can recover the whole secret and remain undetected.Based on this intuition, we adapt attacks leveraging page-tables and L3 cache so to bypass available detection mechanisms. We show how an attacker can leak the secret key used in an enclave running various cryptographic routines of libgcrypt. Beyond cryptographic software, we also show how to leak predictions of enclaves running decision-tree routines of OpenCV.

show abstract

Edwards-Curve Digital Security Algorithm (EdDSA) for DNSSEC

Cited by 10 publications

References 6 publications

Retrofitting post-quantum cryptography in internet protocols

Retrofitting post-quantum cryptography in internet protocols

Kleptographic Attack on Elliptic Curve Based Cryptographic Protocols

On the Challenges of Detecting Side-Channel Attacks in SGX

Contact Info

Product

Resources

About