A New RSA Variant Based on Elliptic Curves

We propose a new scheme based on ephemeral elliptic curves over the ring $\mathbb{Z}/n\mathbb{Z}$ where $n=pq$ is an RSA modulus with $p=u_p^2+v_p^2$, $q=u_q^2+v_q^2$, $u_p\equiv u_q\equiv 3\pmod 4$. The new scheme is a variant of both the RSA and the KMOV cryptosystems. The scheme can be used for both signature and encryption. We study the security of the new scheme and show that is immune against factorization attacks, discrete logarithm problem attacks, sum of two squares attacks, sum of four squares attacks, isomorphism attacks, and homomorphism attacks. Moreover, we show that the private exponents can be much smaller than the ordinary exponents for RSA and KMOV, which makes the decryption phase in the new scheme more efficient

Algorithms and cryptographic protocols using elliptic curves

En els darrers anys, la criptografia amb corbes el.líptiques ha adquirit una importància creixent, fins a arribar a formar part en la actualitat de diferents estàndards industrials. Tot i que s'han dissenyat variants amb corbes el.líptiques de criptosistemes clàssics, com el RSA, el seu màxim interès rau en la seva aplicació en criptosistemes basats en el Problema del Logaritme Discret, com els de tipus ElGamal. En aquest cas, els criptosistemes el.líptics garanteixen la mateixa seguretat que els construïts sobre el grup multiplicatiu d'un cos finit primer, però amb longituds de clau molt menor. Mostrarem, doncs, les bones propietats d'aquests criptosistemes, així com els requeriments bàsics per a que una corba sigui criptogràficament útil, estretament relacionat amb la seva cardinalitat. Revisarem alguns mètodes que permetin descartar corbes no criptogràficament útils, així com altres que permetin obtenir corbes bones a partir d'una de donada. Finalment, descriurem algunes aplicacions, com són el seu ús en Targes Intel.ligents i sistemes RFID, per concloure amb alguns avenços recents en aquest camp.The relevance of elliptic curve cryptography has grown in recent years, and today represents a cornerstone in many industrial standards. Although elliptic curve variants of classical cryptosystems such as RSA exist, the full potential of elliptic curve cryptography is displayed in cryptosystems based on the Discrete Logarithm Problem, such as ElGamal. For these, elliptic curve cryptosystems guarantee the same security levels as their finite field analogues, with the additional advantage of using significantly smaller key sizes. In this report we show the positive properties of elliptic curve cryptosystems, and the requirements a curve must meet to be useful in this context, closely related to the number of points. We survey methods to discard cryptographically uninteresting curves as well as methods to obtain other useful curves from a given one. We then describe some real world applications such as Smart Cards and RFID systems and conclude with a snapshot of recent developments in the field

Побудова атаки з використанням структури простих чисел на RSA подiбнi криптосистеми зi складеним модулем

Квалiфiкацiйна робота мiстить: 56 стор., 63 джерела. Метою роботи є дослiдження стiйкостi RSA-подiбних криптосистем зi складеним модулем до атаки з використанням часткового знання щодо простих чисел модуля. Об’єктом дослiдження є iнформацiйнi процеси в системах криптографiчного захисту. Предметом дослiдження є стiйкiсть RSA-подiбних криптосистем зi складеним модулем до атаки з використанням структури простих чисел та наймолодших значущих бiтiв. У ходi дослiдження зроблено огляд криптосистеми RSA та її модифiкацiй. Розглянуто наявнi атаки на криптосистему RSA та на RSA-подiбнi криптосистеми. Результатами роботи є покращення наявної атаки на криптосистему RSA. Дослiджено криптосистеми PP − RSA та GPP − RSA, якi є модифiкацiями криптосистеми RSA. Побудована атака з використанням структури простих чисел на криптосистему PP − RSA та обчислена оцiнка її складностi. Побудована атака з використанням структури простих чисел на криптосистему GPP − RSA та обчислена оцiнка її складностi. Обчислена оцiнка кiлькостi простих чисел спецiального вигляду, якi використовуються у запропонованих атаках.The thesis contains: 56 pages, 63 sources. The purpose of work is analyzing the security of the RSA-type cryptosystems with a composed module to attack using partial knowledge of module’s prime factors. The object is information processes in cryptographic protection systems. The subject is the resistance of RSA-type cryptosystems with a composed module to attack using special-structured primes and the least significant bits. The thesis reviews the cryptosystem RSA and its modifications. Existing attacks on the RSA cryptosystem and on RSA-type cryptosystems are considered. The result of work is to improve the existing attack on the RSA cryptosystem. Investigated PP − RSA and GPP − RSA cryptosystems, which are a modification of the RSA cryptosystem. Constructed attack using the special-structured primes on the PP − RSA cryptosystems and calculated estimate of the complexity of the proposed attack. Constructed attack using the special-structured primes on the GPP − RSA cryptosystems and calculated estimate of the complexity of the proposed attack. Estimate of the special-structured primes, which are used in the proposed attacks, is calculated

Automotive firmware extraction and analysis techniques

An intricate network of embedded devices, called Electronic Control Units (ECUs), is responsible for the functionality of a modern vehicle. Every module processes a myriad of information and forwards it on to other nodes on the network, typically an automotive bus such as the Controller Area Network (CAN). Analysing embedded device software, and automotive in particular, brings many challenges. The analyst must, especially in the notoriously secretive automotive industry, first lift the ECU firmware from the hardware, which typically prevents unauthorised access. In this thesis, we address this problem in two ways: - We detail and bypass the access control mechanism used in diagnostic protocols in ECU firmware. Using existing diagnostic functionality, we present a generic technique to download code to RAM and execute it, without requiring physical access to the ECU. We propose a generic firmware readout framework on top of this, which only requires access to the CAN bus. - We analyse various embedded bootloaders and combine dynamic analysis with low-level hardware fault attacks, resulting in several fault-injection attacks which bypass on-chip readout protection. We then apply these firmware extraction techniques to acquire immobiliser firmware by two different manufacturers, from which we reverse engineer the DST80 cipher and present it in full detail here. Furthermore, we point out flaws in the key generation procedure, also recovered from the ECU firmware, leading to a full key recovery based on publicly readable transponder pages

Improved Cryptanalysis of the KMOV Elliptic Curve Cryptosystem

This paper presents two new improved attacks on the KMOV cryptosystem. KMOV is an encryption algorithm based on elliptic curves over the ring (formula presented) is a product of two large primes of equal bit size. The first attack uses the properties of the convergents of the continued fraction expansion of a specific value derived from the KMOV public key. The second attack is based on Coppersmith’s method for finding small solutions of a multivariate polynomial modular equation. Both attacks improve the existing attacks on the KMOV cryptosystem

Improved Cryptanalysis of the KMOV Elliptic Curve Cryptosystem

International audienceThis paper presents two new improved attacks on the KMOV cryptosystem. KMOV is an encryption algorithm based on elliptic curves over the ring ZN where N = pq is a product of two large primes of equal bit size. The first attack uses the properties of the convergents of the continued fraction expansion of a specific value derived from the KMOV public key. The second attack is based on Coppersmith's method for finding small solutions of a multivariate polynomial modular equation. Both attacks improve the existing attacks on the KMOV cryptosystem