Security and Practical Considerations When Implementing the Elliptic Curve Integrated Encryption Scheme

Cryptologia

Volumn 39, Issue 3, 2015, Pages 244-269

  Gayoso Martinez V ^a   Hernandez Encinas L ^b   Queiruga Dios, A ^b  

^a UNIVERSIDAD POLITÉCNICA DE MADRID   (Spain)

^b UNIVERSITY OF SALAMANCA   (Spain)

Author keywords

data encryption; elliptic curves; Java; public key cryptography; standards

Indexed keywords

EID: 84936846260     PISSN: 01611194     EISSN: 15581586     Source Type: Journal    
DOI: 10.1080/01611194.2014.988363     Document Type: Article

References (64)

1. M.Abdalla,, M.Bellare, and P.Rogaway. 1998. DHIES: An Encryption Scheme Based on the Diffie-Hellman Problem. Contribution to IEEE P1363a. http://cseweb.ucsd.edu/users/mihir/papers/dhaes.pdf
2. M.Abdalla,, M.Bellare, and P.Rogaway. 2001. The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES, Lecture Notes in Computer Science, 2020:143–158.
3. C.Adams, 1997. The CAST-128 Encryption Algorithm. Internet Engineering Task Force, RFC 2144. http://www.ietf.org/rfc/rfc2144.txt
4. American National Standards Institute. 2001. Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography. ANSI X9.63.
5. K.Aoki,, J.Guo, K.Matusiewicz, Y.Sasaki, and L.Wang. 2009. Preimages for Step-Reduced SHA-2, Lecture Notes in Computer Science, 5912:578–597.
6. K.Aoki,, T.Ichikawa, M.Kanda, M.Matsui, S.Moriai, J.Nakajima, and T.Tokita. 2001. Camellia: A 128-bit Block Cipher Suitable for Multiple Platforms—Design and Analysis, Lecture Notes in Computer Science, 2012:39–56.
7. M.Bellare,, and P.Rogaway. 1997. Minimizing the Use of Random Oracles in Authenticated Encryption Schemes, Lecture Notes in Computer Science, 1334:1–16.
8. A.Biryukov,, and D.Khovratovich. 2009. Related-key Cryptanalysis of the Full AES-192 and AES-256. Cryptology ePrint Archive, Report 2009/317. http://eprint.iacr.org/2009/317.pdf
9. A.Biryukov,, M.Lamberger, F.Mendel, and I.Nikolic. 2011. Second-Order Differential Collisions for Reduced SHA-256, Lecture Notes in Computer Science, 7073:270–287.
10. I.F.Blake,, G.Seroussi, and N.Paul Smart. 2004. Advances in Elliptic Curve Cryptography. Cambridge, UK: Cambridge University Press.
11. A.Bogdanov,, D.Khovratovich, and C.Rechberger. 2011. Biclique Cryptanalysis of the Full AES. Cryptology ePrint Archive, Report 2011/449. http://eprint.iacr.org/2011/449.pdf.
12. Brainpool. 2005. ECC Brainpool Standard Curves and Curve Generation, http://www.ecc-brainpool.org/download/Domain-parameters.pdf
13. Brainpool. 2010. Elliptic Curve Cryptography (ECC) Brainpool Standard Curves and Curve Generation. IETF RFC 5639. http://tools.ietf.org/html/rfc5639
14. Bundesamt für Sicherheit in der Informationstechnik. 2009. Elliptic Curve Cryptography. BSI TR 03111. http://www.bsi.de/literat/tr/tr03111/BSI-TR-03111.pdf
15. C.D.Cannière,, F.Mendel, and C.Rechberger. 2007. Collisions for 70-step SHA-1: On the Full Cost of Collision Search, Lecture Notes in Computer Science, 4876:56–73.
16. H.Dobbertin,, A.Bosselaers, and B.Preneel. 1996. RIPEMD-160: A Strengthened Version of RIPEMD, Lecture Notes in Computer Science, 1039:71–82.
17. J.D.Dworkin,, M.J.Torla, P.M.Glaser, A.Vadekar, R.J.Lambert, and S.A.Vanstone. 2001. Circuit and Method for Decompressing Compressed Elliptic Curve Points. US Patent 6,199,086.
18. T.Elo, 2000. Lessons Learned on Implementing ECDSA on a Java Smart Card. In Proceedings of Nord Sec 2000. Reykjavik, Iceland, p. 1–12.
19. V.Gayoso Martínez,, F.Hernández Álvarez, L.Hernández Encinas, and C.Sánchez Ávila. 2010. A Comparison of the Standardized Versions of ECIES. In Sixth International Conference on Information Assurance and Security (IAS 2010), Atlanta, GA, USA, p. 1–4.
20. V.Gayoso Martínez,, F.Hernández Álvarez, L.Hernández Encinas, and C.Sánchez Ávila. 2011. Analysis of ECIES and Other Cryptosystems Based on Elliptic Curves, International Journal of Information Assurance and Security, 6(4):285–293.
21. V.Gayoso Martínez,, and L.Hernández Encinas. 2013. Implementing the ECC Brainpool Curve Generation Procedure Using Open Source Software. In WorldComp 2013—International Conference on Security & Management (SAM'13), 22–25 July 2013, Las Vegas, CA, pp. 162–197.
22. V.Gayoso Martínez,, L.Hernández Encinas, and C.Sánchez Ávila. 2010. A Java Implementation of the Elliptic Curve Integrated Encryption Scheme. In WorldComp 2010—International Conference on Security & Management (SAM'10), 12–15 July 2010, Vol. II, Las Vegas, CA, pp. 495–501.
23. S.Gueron,, S.Johnson, and J.Walker. 2010. SHA-512/256. Cryptology ePrint Archive, Report 2010/548. http://eprint.iacr.org/2010/548.pdf
24. D.Hankerson,, A.J.Menezes, and S.Vanstone. 2004. Guide to Elliptic Curve Cryptography. New York: Springer-Verlag.
25. Institute of Electrical and Electronics Engineers. 2004. Standard Specifications for Public Key Cryptography—Amendment 1: Additional Techniques. IEEE 1363a.
26. International Organization for Standardization / International Electrotechnical Commission. 2004. Information Technology – Security Techniques – Hash-functions – Part 3: Dedicated Hash-functions. ISO/IEC 10118–3.
27. International Organization for Standardization / International Electrotechnical Commission. 2006. Information Technology – Security Techniques – Encryption Algorithms – Part 2: Asymmetric Ciphers. ISO/IEC 18033–2.
28. Z.Jia,, and Y.Zhang. 2006. An Elliptic Curve Based User Authentication Scheme with Smart Cards, Journal of Information Assurance and Security, 1:283–292.
29. D.Khovratovich,, C.Rechberger, and A.Savelieva. 2012. Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family, Lecture Notes in Computer Science, 7549:244–263.
30. N.Koblitz, 1987. Elliptic Curve Cryptosystems, Mathematics of Computation, 48:203–209.
31. H.Krawczyk,, M.Bellare, and R.Canetti. 1997. HMAC: Keyed Hashing for Message Authentication. Internet Engineering Task Force, RFC 2104. http://www.ietf.org/rfc/rfc2104.txt
32. H.J.Lee,, S.J.Lee, J.H.Yoon, D.H.Cheon, and J.I.Lee. 2005. The SEED Encryption Algorithm. Internet Engineering Task Force, RFC 4269. http://www.ietf.org/rfc/rfc4269.txt
33. H.Lipmaa,, P.Rogaway, and D.Wagner. 2000. Comments to NIST Concerning AES Modes of Operations: CTR-mode Encryption. National Institute of Standards and Technology. http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/ctr/ctr-spec.pdf
34. A.J.Menezes, 1993. Elliptic Curve Public Key Cryptosystems. Boston, MA: Kluwer Academic Publishers.
35. V.S.Miller, 1986. Use of elliptic curves in cryptography, in H.C.Williams, Ed., Advances in Cryptology: CRYPTO '85 Proceedings, Lecture Notes in Computer Science, Vol. 218, Springer, Berlin, 1986, pp. 417–426.
36. National Institute of Standards and Technology. 2001. Advanced Encryption Standard. NIST FIPS 197.
37. National Institute of Standards and Technology. 2002. The Keyed-hash Message Authentication Code. NIST FIPS 198.
38. National Institute of Standards and Technology. 2005. NIST Comments on Cryptanalytic Attacks on SHA-1. http://csrc.nist.gov/groups/ST/hash/statement.html
39. National Institute of Standards and Technology. 2005. Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST SP 800–38B.
40. National Institute of Standards and Technology. 2005. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher. NIST SP 800–67.
41. National Institute of Standards and Technology. 2007. Recommendation for Key Management. Part 1: General. NIST SP 800–57.
42. National Institute of Standards and Technology. 2012. NIST Selects Winner of Secure Hash Algorithm (SHA-3) Competition. http://www.nist.gov/itl/csd/sha-100212.cfm
43. National Institute of Standards and Technology. 2012. Secure Hash Standard. NIST FIPS 180–4.
44. National Institute of Standards and Technology. 2013. Recommendation for Pair-wise Key Establishment Schemes Using Discrete Logarithm Cryptography. NIST SP 800–56A rev. 2.
45. H.Ohta,, and M.Matsui. 2000. A Description of the MISTY1 Encryption Algorithm. Internet Engineering Task Force, RFC 2994. http://www.ietf.org/rfc/rfc2994.txt
46. Oracle Corp. 2013. Java Card Classic Platform SE 6. — System. http://docs.oracle.com/javase/6/docs/api/java/lang/System.html#nanoTime%28%29.
47. Oracle Corp. 2013. Java Technology. http://java.com/en/about.
48. Oracle Corp. 2013. Oracle Java Archieve http://www.oracle.com/technetwork/java/archive-139210.html
49. Oracle Corporation. 2012. Java Card Classic Platform Specification 3.0.4 http://www.oracle.com/technetwork/java/javame/javacard/download/specs-jsp-136430.html
50. Oracle Corporation. 2012. Java Card Platform Specification 2.2.2. http://www.oracle.com/technetwork/java/javacard/specs-138637.html
51. J.Quisquater,, and F.Koeune. 2002. ECIES — Security Evaluation of the Encryption Scheme and Primitives. Cryptrec. http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1015_ECIES_report.pdf
52. C.Rackoff,, and D.R.Simon. 1992. Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext attack, Lecture Notes in Computer Science, 576:433–444.
53. B.Rice,, and B.Yankosky. 2009. Elliptic Curve Cryptography with the TI-83, Cryptologia, 33(2):125–141.
54. S.Sanadhya,, and P.Sarkar. 2008. New Collision Attacks Against up to 24-Step SHA-2, Lecture Notes in Computer Science, 5365:91–103.
55. B.Schneier, 2011. Schneier on Security. http://www.schneier.com/blog/archives/2011/08/new_attack_on_a_1.html
56. G.Seroussi, 2001. Compression and Decompression of Elliptic Curve Data Points. US Patent 6,252,960.
57. V.Shoup, 2001. A Proposal for an ISO Standard for Public Key Encryption. Cryptology ePrint Archive, Report 2001/112. http://www.shoup.net/papers/iso-2_1.pdf
58. Standards for Efficient Cryptography Group. 1999. Test Vectors for SEC 1. SECG GEC 2. http://www.secg.org/download/aid-390/gec2.pdf
59. Standards for Efficient Cryptography Group. 2009. Recommended Elliptic Curve Domain Parameters. SECG SEC 1 ver. 2. http://www.secg.org/download/aid-780/sec1-v2.pdf
60. J.Stern, 2002. Evaluation Report on the ECIES Cryptosystem. Cryptrec. http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1016_Stern.ECIES.pdf
61. S.A.Vanstone,, R.C.Mullin, and G.B.Agnew. 2000. Elliptic Curve Encryption Systems. US Patent 6,141,420.
62. X.Wang,, D.Feng, X.Lai, and H.Yu. 2004. Collisions for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD. Cryptology ePrint Archive, Report 2004/199. http://eprint.iacr.org/2004/199.pdf
63. X.Wang,, X.Lai, D.Feng, H.Chen, and X.Yu. 2005. Cryptanalysis of the Hash Functions MD4 and RIPEMD, Lecture Notes in Computer Science, 3494:1–18.
64. X.Wang,, Y.Yin, and H.Yu. 2005. Finding Collisions in the Full SHA-1, Lecture Notes in Computer Science, 3621:17–36.