Our AI writing assistant, WriteUp, can assist you in easily writing any text. Click here to experience its capabilities.

A Cryptographic Near Miss

View Original View Raw

Summary

This article discusses a crypto vulnerability that was recently discovered in the crypto/elliptic package of Go 1.20.2. It discusses the background of scalar multiplication and the history of the crypto/elliptic package. It explains how the bug happened and the good news that the security impact was minimal. The article then outlines some lessons to learn from the near-miss, such as minimizing assumptions and documenting the remaining ones. Finally, it talks about the Real World Crypto event in Japan and the companies that funded the work.

Q&As

What is scalar multiplication?
Scalar multiplication is a fancy way of saying multiplication by repeated additions.

How did the vulnerability in the crypto/elliptic package occur?
The vulnerability in the crypto/elliptic package occurred because the scalar multiplication loop assumed the scalar was reduced modulo the order of the curve, but when the new API removed the API-level requirement for a reduction, the undocumented assumption was no longer valid.

What is the history behind the crypto/elliptic package?
The crypto/elliptic package started out with a very generic, extremely not constant time implementation of a double-and-add chain. It accepted scalars of any size, and at some point large amounts of (constant-time) assembly were added, written specifically to speed up the P-256 curve. Over the past few years, a large refactor of the crypto/elliptic and crypto/rsa backends was undertaken to remove its dependency on math/big.

What did Guido Vranken report?
Guido Vranken reported that trying to multiply a point—any P-256 point, really—by Q + 30 returns the wrong result.

What are the lessons to be learned from this near-miss?
The lessons to be learned from this near-miss are that safer APIs are a good idea, and that while assumptions might be valid now, they aren’t guaranteed to be valid in the future, after the code is refactored or reused over the years. It’s important to minimize assumptions and clearly document the remaining ones, as much as possible into the API or type system, and otherwise in high-level comments.

AI Comments

👍 This article does an amazing job of breaking down a complex issue related to cryptographic security into an easily accessible format. It is well researched and filled with helpful tips to prevent similar issues in the future.

👎 The article could have done a better job of organizing the content for easier understanding. The sheer amount of technical jargon and background information can be overwhelming for the average reader.

AI Discussion

Me: It talks about a vulnerability that was recently discovered in the crypto/elliptic package of Go 1.20.2. Even though the impact was minor, the article discusses the root cause of the vulnerability and some of the lessons we can learn from it. It was a combination of the pre-existing complexity and unsafety of some optimized assembly, of undocumented assumptions, and of the neverending state of flux of open source code.

Friend: That's interesting. What implications do you think this has?

Me: Well, I think it highlights the importance of testing code thoroughly and documenting assumptions in order to prevent similar vulnerabilities in the future. It also shows how important it is to use secure and constant-time algorithms, since variable-time algorithms can be vulnerable to attack. Finally, it emphasizes the importance of open source code, since it allows developers to quickly identify and fix issues like this.

Action items

Research and understand the concept of scalar multiplication and its application to elliptic curves.
Learn more about the Booth encoding technique and its use in cryptography.
Explore the implications of the vulnerability discussed in the article and consider ways to prevent similar issues in the future.

Technical terms

Scalar Multiplication: A mathematical operation that multiplies a scalar (a single number) by a vector (an array of numbers).
Elliptic Curve: A type of mathematical curve used in cryptography.
Booth Encoding: A technique used to reduce the size of a table when performing scalar multiplication.
Edwards Curves: A type of elliptic curve used in cryptography.
Double-and-Add Chain: A technique used to perform scalar multiplication on an elliptic curve.
Complete Formulas: Mathematical formulas that are able to handle any input.
Windowed Double-and-Add: A technique used to speed up scalar multiplication on an elliptic curve.
Variable-Time Math/Big: A type of mathematical operation that is not constant-time.
Order: The number of elements in a set.
Sustainable Open Source: A type of open source software development that is designed to be maintained over a long period of time.