Decoding experiment of the mechanism of public electric wiretapping by CIA

At the request, the CIA investigated whether the code could be decrypted only with a vulnerability without a backdoor. Investigation to support the decipherment of the Snowden case and the following public electric information leaks. https://www.asahi.com/articles/ASN2D638WN2DUHBI010.html Under the assumption, 112-bit Elliptic Curve Cryptography (ECC) could be decrypted in 1/100 second. Decoding performance is equivalent to decoding by a complete quantum computer (50 years later?). ECC-112 is a deciphering world record. Decoded on the PlayStation 3 in the 110s and on the PC in the hundreds.

It will be evaluated with ECC-256 or higher, but it seems scary that it can be easily deciphered by the CIA. It is said that eavesdropping is done by a backdoor, but it is possible without preparation. Most public cryptography has been migrated from RSA-2048 to ECC-256. Elliptic curve cryptography is mathematically strong, but it is vulnerable to attacks. Miso is encrypted by ECC (y ^ 2 = x ^ 3 + ax + b (mod p), p, and the order r is a prime number) Attack by taking advantage of not using b (and therefore r). In encrypted communication, only the point (x, y) on the ECC is sent.

It's interesting, so let's announce it at the Numerical Analysis Symposium in June. Jabashi: I'm safe because I don't have the skills of interception and vulnerable attacks and I'm not interested.

A and B key exchange by ECC: step1: A: Create ECC point P = (Px, Py) and send it to B. step2: A: Create a random number m, calculate the ECC point Q = m * P, and send Q to B. B: Create a random number n, calculate the ECC point R = n * P, and send R to A. step3: A: Calculate S = m * R with the received R B: Calculate T = n * Q with the received Q

Common key exchange principle The following (S = T) is established by the ECC commutative law   S=mR=m(nP)=n(mP)=nQ=T The common key is Sx with S = T = (Sx, Sy) Even if the transmitted points P, Q, and R are intercepted, the common key Sx is decrypted by ECC. If you don't, you can't steal miso.

Eavesdropping method of common key (Sx) by this method Assumption: (1) Use the vulnerability to uncheck B's ECC processing. (2) Both A and B transmissions can be intercepted, modified and transmitted. Eavesdropping method: step1: Intercept the point P of the transmission from A to B, change it to E and send it to B. step2: Intercept points Q and R of both A and B transmissions. Decode n by this method and send R recalculated with R = n * P to A. step3: Calculate T = n * Q and decipher Sx of T = S = (Sx, Sy)

ECC-256 was planning to develop a parameter calculation program that could be deciphered by an attack over a month, but it was canceled. I thought lightly that I wouldn't attack. There are less than 10 recommended types of ECC-256 currently in use. The Bitcoin code is speck256k1, which is easy for each bank to understand. ECC-256 calculates and publishes an attack coefficient that can be instantly deciphered, and if it is misused and the deposit is stolen from another person's bank account, we may be held criminally liable. Even if you do not publish it, if you create a program and ask for it, it may be eavesdropped and leaked. Before the announcement in June, I will go to the Ministry of Internal Affairs and Communications and the Ministry of International Trade and Industry, which are the government agencies to which cryptography belongs. A brief deciphering material (most of the examples) has been posted at https://ecc-256.com. A python program for decryption, input data, results, and a screen copy (demo) of execution were also added to the python program on the above web (March 30, 2020). Python programs are about 20 times slower than C + gmp (multi-fold length). Even so, decoding 160,192,224,256-bit ECC takes about 1,10,100,1000 seconds on a 4Ghz PC, respectively. Decoding time varies several times. It turned out that the learning λ method discovered two years ago can be applied to decoding. It seems that 256-bit elliptic curve cryptography can be decrypted instantly (0.05 seconds) on a PC. Detailed design is currently underway, and actual measurement is expected after the holidays. Pre-learning time will be a few days on a PC. (April 7, 2020) Elliptic curve cryptography vulnerability attack. Succeeded in combining with the learning λ method. The current 256-bit cipher could be decrypted on a personal computer (4Ghz) in an average of 0.05 seconds (April 25, 2020). Study time is one day (24 hours) on a computer. Further improvement, aiming for 1 second (average 0.01 seconds per case) for 100 decodings after consecutive holidays. At the same time, port it to python (only the decryption part). The wireless LAN bluetooth has not been validated and has been found to be easily deciphered. It is currently patched. However, many people leave the modem (router) side unattended because it is troublesome to apply the patch.

Recommended Posts

Decoding experiment of the mechanism of public electric wiretapping by CIA
[Statistics] Understand the mechanism of Q-Q plot by animation.
I investigated the mechanism of flask-login!
Explain the mechanism of PEP557 data class
Pandas of the beginner, by the beginner, for the beginner [Python]
Let's investigate the mechanism of Kaiji's cee-loline