Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
public:papers:primality_esorics20 [2020-09-11 12:51] – [Selected conclusions] x408178 | public:papers:primality_esorics20 [2021-12-04 20:28] (current) – [Summarizing video] x408178 | ||
---|---|---|---|
Line 22: | Line 22: | ||
<button type=" | <button type=" | ||
\_ | \_ | ||
- | <popover trigger=" | + | <button icon=" |
- | <button icon=" | + | |
- | </ | + | |
\_ | \_ | ||
<button collapse=" | <button collapse=" | ||
Line 52: | Line 50: | ||
<button type=" | <button type=" | ||
+ | ===== Summarizing video ===== | ||
+ | |||
+ | {{ youtube> | ||
===== Selected conclusions ===== | ===== Selected conclusions ===== | ||
Line 59: | Line 60: | ||
* Issues found were responsibly disclosed to the affected vendors, but the vulnerability is not easily mitigated for the already deployed smartcards. The code responsible for the domain parameter validation is often stored in a read only memory without the possibility for an update. In addition, the missing primality testing function in the API prevents the developer the check the parameters on-card. | * Issues found were responsibly disclosed to the affected vendors, but the vulnerability is not easily mitigated for the already deployed smartcards. The code responsible for the domain parameter validation is often stored in a read only memory without the possibility for an update. In addition, the missing primality testing function in the API prevents the developer the check the parameters on-card. | ||
* Besides allowing API primality testing, full domain parameter validation and supporting only named curves (though this limits future flexibility) should mitigate the vulnerability. On a lower level, using either Miller-Rabin with random bases or the Baillie-PSW primality test should detect all composites. | * Besides allowing API primality testing, full domain parameter validation and supporting only named curves (though this limits future flexibility) should mitigate the vulnerability. On a lower level, using either Miller-Rabin with random bases or the Baillie-PSW primality test should detect all composites. | ||
+ | |||
+ | ===== Acknowledgements ===== | ||
+ | J. Jancar was supported by the grant MUNI/ |