In need of an EllipticCurve example (jdk1.5)

[marty.gagnon]

This post probably get's my name on the NSA watch list but I'm in need
of
an example on how to use the java.security.spec.EllipticCurve class.

It's been in the jdk since 1.5 but cannot find any examples on how to
use it.


Thanks
Marty

 

[Oliver Wong]

This post probably get's my name on the NSA watch list but I'm in need
of
an example on how to use the java.security.spec.EllipticCurve class.

It's been in the jdk since 1.5 but cannot find any examples on how to
use it.

I could tell you... but then I'd have to kill you.

See the following:

http://forum.java.sun.com/thread.jspa?threadID=694124&tstart=135
http://www.bouncycastle.org/
http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/ecc
http://www.peterindia.net/ECCLinks.html
http://www.bmsi.com/java/#EC

- Oliver

 

[Luc The Perverse]

This post probably get's my name on the NSA watch list but I'm in need
of
an example on how to use the java.security.spec.EllipticCurve class.

It's been in the jdk since 1.5 but cannot find any examples on how to
use it.

Elliptic curves are expected to fall with RSA to quantum computers.

And the way to get on the NSA list is by sending daily encrypted messages to
Arab militant groups - not asking for info

 

[Roedy Green]

Elliptic curves are expected to fall with RSA to quantum computers.

And the way to get on the NSA list is by sending daily encrypted messages to
Arab militant groups - not asking for info

If anyone is serious about encryption and does not want the folks at
homeland security potentially cracking it, go with a one time pad.
With CDs to distribute the keys, it could be made relatively simple
and foolproof to use.

Your biggest problem is spyware at both ends.

 

[Stefan Schulz]

If anyone is serious about encryption and does not want the folks at
homeland security potentially cracking it, go with a one time pad.
With CDs to distribute the keys, it could be made relatively simple
and foolproof to use.

Your biggest problem is spyware at both ends.

That, and actually finding a BSS. Either you have a very good hardware
generator, or it all collapses down to the seed of your PRNG, which is,
lets face it, usually not that hard to guess.

That being said, current symetric and asymetric methods look pretty
good. Quantum computing might have a say in the matter, but it is still
in its infancy.

 

[Oliver Wong]

If anyone is serious about encryption and does not want the folks at
homeland security potentially cracking it, go with a one time pad.
With CDs to distribute the keys, it could be made relatively simple
and foolproof to use.

Your biggest problem is spyware at both ends.

I'd figure the biggest problem is getting the key to the intended
recipient without a man-in-the-middle attack.

My recommendation is to stick with traditional (quantum-weak) encryption
for now, and when quantum computing becomes available, switch to quantum
encryption (which is currently believed to be impossible to crack; not
"merely" infeasible to crack).

- Oliver

 

[Roedy Green]

I'd figure the biggest problem is getting the key to the intended
recipient without a man-in-the-middle attack.

You would send a secure courier around once a year with a stack of CDs
with true random numbers on them. If there is any hint that is
compromised, you send another guy out with a stack of CDs.

This is roughly how the Russians handled embassy transmissions even
back in the 60s. The did not mess around with the unknown of American
computational muscle.

You have the same problem distributing bug-free software (in both
senses). You pretty well must have it delivered by secure courier on
CD. Digital signing will stop your average hacker but I would not
trust it to stop the CIAs of the world.

If I were working for the government try to crack a terrorist ring
using one-time pads, the vulnerabilities to go for are:

1. intercept the courier and convince him something awful will happen
if he ever lets on. You make copies of the CDs.

2. You take advantage of the fact Windows is such a crappy OS. You
get Mr. Gates to smuggle in the code you need in the next official MS
update.

3. On the off chance someone slips, you create email viruses and porn
viewers that report back to Momma if they ever find themselves on a
computer with "interesting" software installed.

4. You install EMF tracking to read the screens of people viewing the
messages.

5. you use traditional bugging, including keyboard bugs that record
keystrokes.

6. You become a manufacturer of high security message exchange
software. If they are dumb enough to accept complex software without
source that they compile....

7. You prevail on Sun to insert backdoor code in compiled programs
under certain circumstances.

 

[James McGill]

You would send a secure courier around once a year with a stack of CDs
with true random numbers on them. If there is any hint that is
compromised, you send another guy out with a stack of CDs.

The courier is the "man in the middle" and thus, the avenue of "attack."

 

[James Westby]

The courier is the "man in the middle" and thus, the avenue of "attack."

That isn't a man-in-the-middle attack in the usual sense of the term.
It's just attacking the transmission medium. A man-in-the-middle attack
doesn't require a man to be in the middle of the transmission, it places
a "man" there to break the security of the system in some way.


James

 

[Oliver Wong]

]

I'd figure the biggest problem is getting the key to the
intended recipient without a man-in-the-middle attack.

You would send a secure courier around once a year with a stack of CDs
with true random numbers on them. If there is any hint that is
compromised, you send another guy out with a stack of CDs.

The courier is the "man in the middle" and thus, the avenue of "attack."

That isn't a man-in-the-middle attack in the usual sense of the term. It's
just attacking the transmission medium. A man-in-the-middle attack doesn't
require a man to be in the middle of the transmission, it places a "man"
there to break the security of the system in some way.

I think we're all thinking of the same situation, though. You have a CD.
You want to give it to a particular person named Alice, and you don't want
anyone other than Alice having access to the CD between the time when it
leaves your possession and enters Alice's possessions.

Here, the Courier MIGHT be the man in the middle. Or maybe someone will
beat up the courier, take the CD, make a copy of it, and then give the
original to Alice (or give a completely new CD to Alice or whatever).

They say to always concentrate on the least secure point of your system.
One-time pads are pretty strong, and I think the weakest part of this
particular system is the part where you have to give the pad (i.e. the CD)
to the courier, and then the courier is out of your sight for a while, and
then the courier (perhaps the same one, perhaps a different one) shows up in
front of Alice, and hands her a CD (perhaps the same one, perhaps a
different one).

- Oliver

 

[Scott Ellsworth]

Elliptic curves are expected to fall with RSA to quantum computers.

Perhaps, but I will believe it when I see it.

Of course, anyone who really wants secure messages might want to read
Between Silk and Cyanide and In Obedience to Orders in order to get an
idea of just what a professional code breaking organization can do and
how they think. The techniques change, but the sheer drive and
sneakiness of the people doing that work does not.

And the way to get on the NSA list is by sending daily encrypted messages to
Arab militant groups - not asking for info

I betcha asking your local Korean embassy for Kim Jong Il's books of
poetry and philosophy will do it even faster.

Scott

 

[Roedy Green]

They say to always concentrate on the least secure point of your system.
One-time pads are pretty strong, and I think the weakest part of this
particular system is the part where you have to give the pad (i.e. the CD)
to the courier, and then the courier is out of your sight for a while, and
then the courier (perhaps the same one, perhaps a different one) shows up in
front of Alice, and hands her a CD (perhaps the same one, perhaps a
different one).

- Oliver

If you are a diplomat you can get around that by locking the CD case
is such a way that if it is opened you can tell, perhaps it self
destructs if not opened at the correct time. Ordinary folk though
have trouble passing sealed cases over international boundaries. You
could ship them by ordinary Fedex and if they are ever opened and
examined, just do it over till you get a shipment through unmolested.

They appear to anyone to be just CDs of highly compressed data.

You also could send 10 sets of cds all by independent methods and use
all ten XORed together. Even if one if them were not compromised, you
are still safe.

Shannon's theorem says you can get create a trustworthy system out of
untrustworthy components if you use sufficient redundancy.

As a cover, you could run a CD of the month club, and ship special CDs
to certain customers and also to randomly selected perfectly innocent
people who will complain and get a replacement. Your conspirators can
behave the same way. No great harm is done sending a CD of random
numbers to anyone but it could keep those trying to intercept very
busy.

I think most spooks would say "screw it" and concentrate on getting
the data lying around unencrypted at either end.

 

[Luc The Perverse]

If anyone is serious about encryption and does not want the folks at
homeland security potentially cracking it, go with a one time pad.
With CDs to distribute the keys, it could be made relatively simple
and foolproof to use.

Your biggest problem is spyware at both ends.

I believe very few codes are broken brute force or through backdoors. I do
not believe AES is hackable for instance.

As such, the key is the weak point - and a OTP suffers from the same
vulnerability as any other reasonably complex key scheme.

 

[Luc The Perverse]

If you are a diplomat you can get around that by locking the CD case
is such a way that if it is opened you can tell, perhaps it self
destructs if not opened at the correct time. Ordinary folk though
have trouble passing sealed cases over international boundaries. You
could ship them by ordinary Fedex and if they are ever opened and
examined, just do it over till you get a shipment through unmolested.

They appear to anyone to be just CDs of highly compressed data.

You also could send 10 sets of cds all by independent methods and use
all ten XORed together. Even if one if them were not compromised, you
are still safe.

Shannon's theorem says you can get create a trustworthy system out of
untrustworthy components if you use sufficient redundancy.

As a cover, you could run a CD of the month club, and ship special CDs
to certain customers and also to randomly selected perfectly innocent
people who will complain and get a replacement. Your conspirators can
behave the same way. No great harm is done sending a CD of random
numbers to anyone but it could keep those trying to intercept very
busy.

I think most spooks would say "screw it" and concentrate on getting
the data lying around unencrypted at either end.

Um that is a little insane.

I say use an aggregate of tried and true RSA with a "supposedly"
quantum-safe asymmetric key cipher (like NTRU or DFE) and use it to transmit
a private key along with a hashed pre-arranged passphrase. You can have
just as much trouble communicating the passphrase initially, but with the
added bonus of being able to use it more than once

If you do not believe that a TLA is capable or willing [to try] to
impersonate you, then you could simply do the above, and then call the
person on the phone and verify the already transmitted passphrase by having
the user re-hash it on his end.

I've thought about this a lot, which is one of my primary interests for a
large scale application in Java. But alas! all quantum safe asymmetric
algorithms of which I am aware demand exhorbant (sp?) licensing fees.

 

[Thomas Weidenfeller]

My recommendation is to stick with traditional (quantum-weak)
encryption for now, and when quantum computing becomes available, switch
to quantum encryption (which is currently believed to be impossible to
crack; not "merely" infeasible to crack).

My understanding is that one-time pads have been used with good results
for ages. That for example combined with one-way communication like
http://en.wikipedia.org/wiki/Numbers_station All pretty much tried and
trusted low-tech, compared to systems requiring computers and a lot of
processing power - but limited to not to long messages.

/Thomas

 

[Oliver Wong]

My understanding is that one-time pads have been used with good results
for ages. That for example combined with one-way communication like
http://en.wikipedia.org/wiki/Numbers_station All pretty much tried and
trusted low-tech, compared to systems requiring computers and a lot of
processing power - but limited to not to long messages.

One-time pads work well for communicating with spies, because usually
when you first hire a spy, you can arrange for a physical meeting, and
directly hand her the one time pad.

One-time pads (or rather, key-transmission in general) becomes a problem
when you need to send the key to a remote location during which enemies can
intercept the key (perhaps without you being able to detect this
interception).

- Oliver

 

[Oliver Wong]

If you are a diplomat you can get around that by locking the CD case
is such a way that if it is opened you can tell, perhaps it self
destructs if not opened at the correct time. Ordinary folk though
have trouble passing sealed cases over international boundaries. You
could ship them by ordinary Fedex and if they are ever opened and
examined, just do it over till you get a shipment through unmolested.

Okay, that might work in practice, so let me just give out a disclaimer
now that most of my protests will be of the fun, theoretical, "let's imagine
wild conspiracy theories" nature. (I think we entered that realm as soon as
someone said "But what about quantum computers?")

The problem with the above is that you now have to trust FedEx (which
implies trusting everybody that FedEx trust; e.g. each individual courier,
and trusting that the couriers won't ask their friends to make a delivery
for them or otherwise that those friends are trustworthy, etc.)

But even if you assume FedEx is trustworthy, there's the problem of
authentification. If you walk into a building with a big "FedEx" logo over
it, and hand your CD to a clerk behind the counter wearing a uniform that
says "FedEx" on it... are you really sure that you're giving your CD to
FedEx, and not a man-in-the-middle in disguise?

They appear to anyone to be just CDs of highly compressed data.

You also could send 10 sets of cds all by independent methods and use
all ten XORed together. Even if one if them were not compromised, you
are still safe.

There's the problem of detecting compromises as mentioned above (perhaps
all 10 have been compromised, but because of the various transmission
methods, you only detect 2 compromisations, and figured it would be safe to
continue using the pads).

Some encryptions methods get by this by being secure even if all
messages have been compromised (e.g. public-key exchange). The problem is
that public-key exchange is "vulnerable" to brute force, while one-time-pads
are not vulnerable to brute force.

Another possibility I could imagine is for the attacker to bombard your
recipient with a ton of CDs with random contents. The recipient would be
unable to tell which of the CDs are from you, and which are from the
attackers. The recipient would then have to contact you, and perhaps send a
hash of all the CDs he has (or you send him a hash) to determine which CDs
are valid or not.

But if the attacker sends a sufficiently high number of CDs, the the
hash will eventually have to be so long as to be equal to the entire
contents of the CDs themselves, thus forcing you to publicly broadcast your
private keys.

Shannon's theorem says you can get create a trustworthy system out of
untrustworthy components if you use sufficient redundancy.

I think Shannon's "trustworthy vs untrustworthy" has to do with
reliability of the medium (e.g. dropped packets, noise, etc.), and not
"trustworthy" in the cryptographical sense.

As a cover, you could run a CD of the month club, and ship special CDs
to certain customers and also to randomly selected perfectly innocent
people who will complain and get a replacement. Your conspirators can
behave the same way. No great harm is done sending a CD of random
numbers to anyone but it could keep those trying to intercept very
busy.

If one particular customer ALWAYS gets a bad CD, that might raise
suspicion, so you occasionally need to send out bad CDs to random innocent
customers without sending to your target.

Depending on how often you needed to communicate with your target, you
might be sending out a lot of bad CDs, and then get fewer and fewer
subscribers, also thus raising the suspicion around the one client (your
target) who maintains the subscription despite the bad service.

If you wanted to go this route, I recommend hiding the data within the
CDs so as not to alert the casual user at all. I'm assuming these are normal
audio CDs that can be played in standard CD players. These CDs have a lot of
error correction facility so that if you have bad sectors, the CD is still
playable.

Just put your one time pad in those bad sectors, and the innocent
clients will still have playable CDs, and won't complain or ask for returns
or anything like that.

A standard CD encodes the information as pits and grooves; i.e. in
binary. If you have the sophisticated equipment, you could encode your CDs
in trinary, perhaps with 2 kinds of pits, of slightly differing depth, but
within the engineering tolerance of the standards for CDs, so they seem to
play perfectly normally.

Your target has specialized equipment to be able to distinguish between
the 2 kinds of pits to pick up the extra hidden data.

- Oliver

 

[James McGill]

My understanding is that one-time pads have been used with good
results for ages.

As long as your soldiers in the field can be made to understand that
reusing the pad is completely unacceptable (it has happened). And if
the key pad is out of your hands, how do you know when you're
transmitting the message, that someone hasn't intercepted the key?

 

[James McGill]

Just put your one time pad in those bad sectors, and the innocent
clients will still have playable CDs, and won't complain or ask for
returns
or anything like that.

Oops. You've replaced one secret (the pad) with another secret (the
location to which you've sent the pad).

 

[Oliver Wong]

Oops. You've replaced one secret (the pad) with another secret (the
location to which you've sent the pad).

I'd say it's an addition of a secret, rather than a replacement. The one
time pad is still present.

- Oliver