Set It and Forget It! Turnkey ECC for Instant Integration

Dmitry Belyavsky, Billy Bob Brumley, Jesús-Javier Chi-Domínguez, Luis Rivera-Zamarripa, Igor Ustinov

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

Abstract

Historically, Elliptic Curve Cryptography (ECC) is an active field of applied cryptography where recent focus is on high speed, constant time, and formally verified implementations. While there are a handful of outliers where all these concepts join and land in real-world deployments, these are generally on a case-by-case basis: e.g. a library may feature such X25519 or P-256 code, but not for all curves. In this work, we propose and implement a methodology that fully automates the implementation, testing, and integration of ECC stacks with the above properties. We demonstrate the flexibility and applicability of our methodology by seamlessly integrating into three real-world projects: OpenSSL, Mozilla’s NSS, and the GOST OpenSSL Engine, achieving roughly 9.5x, 4.5x, 13.3x, and 3.7x speedup on any given curve for key generation, key agreement, signing, and verifying, respectively. Furthermore, we showcase the efficacy of our testing methodology by uncovering flaws and vulnerabilities in OpenSSL, and a specification-level vulnerability in a Russian standard. Our work bridges the gap between significant applied cryptography research results and deployed software, fully automating the process.
Original languageEnglish
Title of host publicationAnnual Computer Security Applications Conference (ACSAC)
PublisherACM
Pages760-771
Number of pages12
ISBN (Electronic)9781450388580
DOIs
Publication statusPublished - 2020
Publication typeA4 Article in a conference publication
EventAnnual Computer Security Applications Conference - , United States
Duration: 7 Dec 202011 Dec 2020

Conference

ConferenceAnnual Computer Security Applications Conference
CountryUnited States
Period7/12/2011/12/20

Keywords

  • applied cryptography
  • public key cryptography
  • elliptic curve cryptography
  • software engineering
  • software testing
  • formal verification
  • GOST
  • NSS
  • OpenSSL

Publication forum classification

  • Publication forum level 1

Fingerprint Dive into the research topics of 'Set It and Forget It! Turnkey ECC for Instant Integration'. Together they form a unique fingerprint.

Cite this