Annual Computer Security Applications Conference (ACSAC) 2020

Full Program »

Set It and Forget It! Turnkey ECC for Instant Integration

Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus is on high speed, constant time, and formally verified implementations. While there are a handful of outliers where all these concepts join and land in real-world deployments, these are generally on a case-by-case basis: e.g. a library may feature such X25519 or P-256 code, but not for all curves. In this work, we propose and implement a methodology that fully automates the implementation, testing, and integration of ECC stacks with the above properties. We demonstrate the flexibility and applicability of our methodology by seamlessly integrating into three real-world projects: OpenSSL, Mozilla's NSS, and the GOST OpenSSL Engine, achieving roughly 4x speedup for key generation and signing, and 2x speedup for key agreement on any given curve. Furthermore, we showcase the efficacy of our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and a specification-level vulnerability in a Russian standard. Our work bridges the gap between significant applied cryptography research results and deployed software, fully automating the process.

Dmitry Belyavsky
Cryptocom Ltd.

Billy Brumley
Tampere University

Jesús-Javier Chi-Domínguez
Tampere University

Luis Rivera-Zamarripa
Tampere University

Igor Ustinov
Cryptocom Ltd.

Paper (ACM DL)




Powered by OpenConf®
Copyright©2002-2021 Zakon Group LLC