Welcome to the resource topic for 2008/113
Title:
Open Source Is Not Enough. Attacking the EC-package of Bouncycastle version 1.x_132
Authors: Daniel Mall, Qing Zhong
Abstract:BouncyCastle is an open source Crypto provider written in Java which supplies classes for Elliptic Curve Cryptography (ECC). We have found a flaw in the class ECPoint resulting from an unhappy interaction of elementary algorithms. We show how to exploit this flaw to a real world attack, e.g., on the encryption scheme ECIES. BouncyCastle has since fixed this flaw (version 1.x_133 and higher) but all older versions remain highly vulnerable to an active attacker and the attack shows a certain vulnerability of the involved validation algorithms.
ePrint: https://eprint.iacr.org/2008/113
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .