diff options
| author | J08nY | 2018-04-28 19:47:47 +0200 |
|---|---|---|
| committer | J08nY | 2018-04-28 19:47:47 +0200 |
| commit | ea6cc551158e9e124e2ad82cb29948ea547acf2b (patch) | |
| tree | 9ea16d8af612e111eafd6af27b6a950e2807a781 /docs | |
| parent | d61af849107b1f872bdd01438d6c406db3d24124 (diff) | |
| download | ECTester-ea6cc551158e9e124e2ad82cb29948ea547acf2b.tar.gz ECTester-ea6cc551158e9e124e2ad82cb29948ea547acf2b.tar.zst ECTester-ea6cc551158e9e124e2ad82cb29948ea547acf2b.zip | |
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/CURVES.md | 6 | ||||
| -rw-r--r-- | docs/TESTS.md | 15 |
2 files changed, 20 insertions, 1 deletions
diff --git a/docs/CURVES.md b/docs/CURVES.md index a815c5c..a0454a3 100644 --- a/docs/CURVES.md +++ b/docs/CURVES.md @@ -62,6 +62,12 @@ These points can be used to attack some implementations. Generated using [ecgen](https://github.com/J08nY/ecgen). +### degenerate +Contains pre-generated points on the line `Y: x = 0`. These points are constructed from elements of prime +order in the multiplicative group F_p given a curve over it. + +Generate manually using [PARI/GP](http://pari.math.u-bordeaux.fr/). + ### cofactor Contains curves that are composite order, with points not on the subgroup generated by the generator. diff --git a/docs/TESTS.md b/docs/TESTS.md index d2eb500..bd70206 100644 --- a/docs/TESTS.md +++ b/docs/TESTS.md @@ -6,9 +6,10 @@ - `composite` - `invalid` - `twist` + - `degenerate` - `cofactor` -**NOTE: The `wrong`, `composite`, `invalid`,`twist` and `cofactor` test suites caused temporary/permanent DoS of some cards. These test suites prompt you for +**NOTE: The `wrong`, `composite`, `invalid`,`twist`, `cofactor` and `degenerate` test suites caused temporary/permanent DoS of some cards. These test suites prompt you for confirmation before running, be cautious.** ## Default @@ -103,6 +104,18 @@ For example: java -jar ECTester.jar -t twist ``` +## Degenerate +Tests using known named curves froms several categories(SECG/NIST) against pre-generated points on the degenerate line +`Y: x = 0`. ECDH should fail, a success here might mean the card does not check that the point lies on the correct curve +and uses a curve model vulnerable to such degenerate points. + +See [Degenerate Curve Attachs - Extending Invalid Curve Attacks to Edwards Curves and Other Models](https://eprint.iacr.org/2015/1233.pdf) for more information. + +For example: +```bash +java -jar ECTester.jar -t degenerate +``` + ## Cofactor Tests whether the card correctly rejects points that lie on the curve but not on the subgroup generated by the specified generator during ECDH. |