EC Implementation problems

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

EC Implementation problems

Juraj Somorovsky
Hi,

I played a bit with the Java-BC implementation of the elliptic curves
and found the following two problems:

1) the BC implementation does not check if the point (which is going to
be multiplied) belongs to the used elliptic curve.
2) if the result of the multiplication is infinity, the ECDH key
agreement responds with an Illegalstate exception

I am not sure 2) is a huge problem, but I mean 1) should definitely be
fixed in the ...ec.*Mutlipliers' implementations.

I did not take a closer look at the *Multipliers' implementations, but
if needed, I can try to provide a better analysis.


The following test reproduces the problem:

    @Test
    public void testECFromBook() throws Exception {

        // curve definition
        String a = "2";
        String b = "2";
        String q = "17"; // modulus in the elliptic curve

        // base point initialization
        String basePointX = "5";
        String basePointY = "1";
        String order = "19";

        // private key
        String privateKey = "6";

        // public key point (not belonging to the elliptic curve)
        String publicKeyX = "11";
        String publicKeyY = "1";

        // y^2 = x^3 + ax + b mod q
        EllipticCurve curve = new EllipticCurve(
                new ECFieldFp(new BigInteger(q)), // q (modulus)
                new BigInteger(a), // a
                new BigInteger(b)); // b


        ECParameterSpec spec = new ECParameterSpec(
                curve,
                new ECPoint(new BigInteger(basePointX),
                new BigInteger(basePointY)), // G
                new BigInteger(order), // n
                1); // h

        ECPrivateKeySpec priKeySpec = new ECPrivateKeySpec(
                new BigInteger(privateKey), // d
                spec);

        KeyAgreement ka = KeyAgreement.getInstance("ECDH",
                new BouncyCastleProvider());

        KeyFactory f = KeyFactory.getInstance("EC", new
BouncyCastleProvider());
//        KeyFactory f = KeyFactory.getInstance("EC");
        PrivateKey sKey = f.generatePrivate(priKeySpec);
//        ECPrivateKeyImpl sKey = new ECPrivateKeyImpl(new
BigInteger(privateKey), spec);

        ka.init(sKey, spec);

        ECPublicKeySpec pubKeySpec = new ECPublicKeySpec(
                new ECPoint(new BigInteger(publicKeyX),
                new BigInteger(publicKeyY)), // Q
                spec);

        ka.doPhase(f.generatePublic(pubKeySpec), true);

        System.out.println("Secret: ");
        System.out.println(Arrays.toString(ka.generateSecret()));
    }


--
Dr.-Ing. Juraj Somorovsky

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
-----------------------------------
Universitätsstr. 150, Geb. ID 2/411
D-44780 Bochum

Telefon: +49 (0) 234 / 32-26551
Fax: +49 (0) 234 / 32-14347
http://www.nds.rub.de/chair/people/jsomorovsky
@jurajsomorovsky