Chaos Communication Congress
Chaos Communication Congress
Squeezing a key through a carry bit (34x15)
: 27, 2017
Speaker: Filippo Valsorda
The Go implementation of the P-256 elliptic curve had a small bug due to a misplaced carry bit affecting less than 0.00000003% of field subtraction operations. We show how to build a full practical key recovery attack on top of it, capable of targeting JSON Web Encryption.