CVE-2017-7781/CVE-2017-10176:Issue with elliptic curve addition in mixed Jacobian-affine coordinates in Firefox/Java http://blog.intothesymmetry.com/2017/08/cve-2017-7781cve-2017-10176-issue-with.html …pic.twitter.com/54Xh5y3mmo
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
interesting....
Note in OpenSSL this is also used in ECDSA verification for the base point mul (interleaved wNAF isn't used), not just ECDH base point mul.
it would for sure deserve a closer look if you ask me... :S
I'm only super interested in the P-256 & P-384 cases where the point was already verified to be on the curve (so no invalid curve attack).
here is a P-521 example (no invalid curve attack needed) https://gist.github.com/asanso/6d33e91a9f85f3d4dba4ec519eece6e9 …
See https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_nistp521.c#L1255 … and https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_nistp521.c#L1160-L1162 … (“This case never happens during single point multiplication, so...”)
well my example shows that that sentence is wrong (at least using 5-wnaf)
You can see the P-521 precomputation table used here: https://github.com/openssl/openssl/blob/master/crypto/ec/ecp_nistp521.c#L1318 …. It may not be what your code assumes; I didn't look closely.
Note that these tables are probably in a different form than what NSS and OpenJDK were using, which may make an attack easier and/or harder.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.