In need of an EllipticCurve example (jdk1.5)

Discussion in 'Java' started by marty.gagnon@imagenow.com, Mar 1, 2006.

  1. Guest

    This post probably get's my name on the NSA watch list but I'm in need
    of
    an example on how to use the java.security.spec.EllipticCurve class.

    It's been in the jdk since 1.5 but cannot find any examples on how to
    use it.


    Thanks
    Marty
    , Mar 1, 2006
    #1
    1. Advertising

  2. Oliver Wong Guest

    <> wrote in message
    news:...
    > This post probably get's my name on the NSA watch list but I'm in need
    > of
    > an example on how to use the java.security.spec.EllipticCurve class.
    >
    > It's been in the jdk since 1.5 but cannot find any examples on how to
    > use it.
    >

    I could tell you... but then I'd have to kill you.

    See the following:

    http://forum.java.sun.com/thread.jspa?threadID=694124&tstart=135
    http://www.bouncycastle.org/
    http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/ecc
    http://www.peterindia.net/ECCLinks.html
    http://www.bmsi.com/java/#EC

    - Oliver
    Oliver Wong, Mar 1, 2006
    #2
    1. Advertising

  3. <> wrote in message
    news:...
    > This post probably get's my name on the NSA watch list but I'm in need
    > of
    > an example on how to use the java.security.spec.EllipticCurve class.
    >
    > It's been in the jdk since 1.5 but cannot find any examples on how to
    > use it.


    Elliptic curves are expected to fall with RSA to quantum computers.

    And the way to get on the NSA list is by sending daily encrypted messages to
    Arab militant groups - not asking for info ;)

    --
    LTP

    :)
    Luc The Perverse, Mar 2, 2006
    #3
  4. Roedy Green Guest

    On Wed, 1 Mar 2006 20:01:06 -0700, "Luc The Perverse"
    <> wrote, quoted or indirectly
    quoted someone who said :

    >Elliptic curves are expected to fall with RSA to quantum computers.
    >
    >And the way to get on the NSA list is by sending daily encrypted messages to
    >Arab militant groups - not asking for info ;)


    If anyone is serious about encryption and does not want the folks at
    homeland security potentially cracking it, go with a one time pad.
    With CDs to distribute the keys, it could be made relatively simple
    and foolproof to use.

    Your biggest problem is spyware at both ends.
    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Java custom programming, consulting and coaching.
    Roedy Green, Mar 2, 2006
    #4
  5. Roedy Green wrote:

    > If anyone is serious about encryption and does not want the folks at
    > homeland security potentially cracking it, go with a one time pad.
    > With CDs to distribute the keys, it could be made relatively simple
    > and foolproof to use.
    >
    > Your biggest problem is spyware at both ends.


    That, and actually finding a BSS. Either you have a very good hardware
    generator, or it all collapses down to the seed of your PRNG, which is,
    lets face it, usually not that hard to guess.

    That being said, current symetric and asymetric methods look pretty
    good. Quantum computing might have a say in the matter, but it is still
    in its infancy.
    Stefan Schulz, Mar 2, 2006
    #5
  6. Oliver Wong Guest

    "Roedy Green" <> wrote in
    message news:...
    > On Wed, 1 Mar 2006 20:01:06 -0700, "Luc The Perverse"
    > <> wrote, quoted or indirectly
    > quoted someone who said :
    >
    >>Elliptic curves are expected to fall with RSA to quantum computers.
    >>
    >>And the way to get on the NSA list is by sending daily encrypted messages
    >>to
    >>Arab militant groups - not asking for info ;)

    >
    > If anyone is serious about encryption and does not want the folks at
    > homeland security potentially cracking it, go with a one time pad.
    > With CDs to distribute the keys, it could be made relatively simple
    > and foolproof to use.
    >
    > Your biggest problem is spyware at both ends.


    I'd figure the biggest problem is getting the key to the intended
    recipient without a man-in-the-middle attack.

    My recommendation is to stick with traditional (quantum-weak) encryption
    for now, and when quantum computing becomes available, switch to quantum
    encryption (which is currently believed to be impossible to crack; not
    "merely" infeasible to crack).

    - Oliver
    Oliver Wong, Mar 2, 2006
    #6
  7. Roedy Green Guest

    On Thu, 02 Mar 2006 14:34:16 GMT, "Oliver Wong" <>
    wrote, quoted or indirectly quoted someone who said :

    >
    > I'd figure the biggest problem is getting the key to the intended
    >recipient without a man-in-the-middle attack.


    You would send a secure courier around once a year with a stack of CDs
    with true random numbers on them. If there is any hint that is
    compromised, you send another guy out with a stack of CDs.

    This is roughly how the Russians handled embassy transmissions even
    back in the 60s. The did not mess around with the unknown of American
    computational muscle.

    You have the same problem distributing bug-free software (in both
    senses). You pretty well must have it delivered by secure courier on
    CD. Digital signing will stop your average hacker but I would not
    trust it to stop the CIAs of the world.

    If I were working for the government try to crack a terrorist ring
    using one-time pads, the vulnerabilities to go for are:

    1. intercept the courier and convince him something awful will happen
    if he ever lets on. You make copies of the CDs.

    2. You take advantage of the fact Windows is such a crappy OS. You
    get Mr. Gates to smuggle in the code you need in the next official MS
    update.

    3. On the off chance someone slips, you create email viruses and porn
    viewers that report back to Momma if they ever find themselves on a
    computer with "interesting" software installed.

    4. You install EMF tracking to read the screens of people viewing the
    messages.

    5. you use traditional bugging, including keyboard bugs that record
    keystrokes.

    6. You become a manufacturer of high security message exchange
    software. If they are dumb enough to accept complex software without
    source that they compile....

    7. You prevail on Sun to insert backdoor code in compiled programs
    under certain circumstances.


    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Java custom programming, consulting and coaching.
    Roedy Green, Mar 2, 2006
    #7
  8. James McGill Guest

    On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
    >
    > > I'd figure the biggest problem is getting the key to the

    > intended
    > >recipient without a man-in-the-middle attack.

    >
    > You would send a secure courier around once a year with a stack of CDs
    > with true random numbers on them. If there is any hint that is
    > compromised, you send another guy out with a stack of CDs.


    The courier is the "man in the middle" and thus, the avenue of "attack."
    James McGill, Mar 2, 2006
    #8
  9. James Westby Guest

    James McGill wrote:
    > On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
    >
    >>> I'd figure the biggest problem is getting the key to the

    >>
    >>intended
    >>
    >>>recipient without a man-in-the-middle attack.

    >>
    >>You would send a secure courier around once a year with a stack of CDs
    >>with true random numbers on them. If there is any hint that is
    >>compromised, you send another guy out with a stack of CDs.

    >
    >
    > The courier is the "man in the middle" and thus, the avenue of "attack."
    >


    That isn't a man-in-the-middle attack in the usual sense of the term.
    It's just attacking the transmission medium. A man-in-the-middle attack
    doesn't require a man to be in the middle of the transmission, it places
    a "man" there to break the security of the system in some way.


    James
    James Westby, Mar 2, 2006
    #9
  10. Oliver Wong Guest

    "James Westby" <> wrote in message
    news:pfFNf.99934$...
    > James McGill wrote:
    >> On Thu, 2006-03-02 at 15:02 +0000, Roedy Green wrote:
    >>

    [I, Oliver, wrote:]
    >>>> I'd figure the biggest problem is getting the key to the
    >>>> intended recipient without a man-in-the-middle attack.
    >>>
    >>>You would send a secure courier around once a year with a stack of CDs
    >>>with true random numbers on them. If there is any hint that is
    >>>compromised, you send another guy out with a stack of CDs.

    >>
    >>
    >> The courier is the "man in the middle" and thus, the avenue of "attack."
    >>

    >
    > That isn't a man-in-the-middle attack in the usual sense of the term. It's
    > just attacking the transmission medium. A man-in-the-middle attack doesn't
    > require a man to be in the middle of the transmission, it places a "man"
    > there to break the security of the system in some way.
    >


    I think we're all thinking of the same situation, though. You have a CD.
    You want to give it to a particular person named Alice, and you don't want
    anyone other than Alice having access to the CD between the time when it
    leaves your possession and enters Alice's possessions.

    Here, the Courier MIGHT be the man in the middle. Or maybe someone will
    beat up the courier, take the CD, make a copy of it, and then give the
    original to Alice (or give a completely new CD to Alice or whatever).

    They say to always concentrate on the least secure point of your system.
    One-time pads are pretty strong, and I think the weakest part of this
    particular system is the part where you have to give the pad (i.e. the CD)
    to the courier, and then the courier is out of your sight for a while, and
    then the courier (perhaps the same one, perhaps a different one) shows up in
    front of Alice, and hands her a CD (perhaps the same one, perhaps a
    different one).

    - Oliver
    Oliver Wong, Mar 2, 2006
    #10
  11. In article <>,
    "Luc The Perverse" <> wrote:

    > <> wrote in message
    > news:...
    > > This post probably get's my name on the NSA watch list but I'm in need
    > > of
    > > an example on how to use the java.security.spec.EllipticCurve class.
    > >
    > > It's been in the jdk since 1.5 but cannot find any examples on how to
    > > use it.

    >
    > Elliptic curves are expected to fall with RSA to quantum computers.


    Perhaps, but I will believe it when I see it.

    Of course, anyone who really wants secure messages might want to read
    Between Silk and Cyanide and In Obedience to Orders in order to get an
    idea of just what a professional code breaking organization can do and
    how they think. The techniques change, but the sheer drive and
    sneakiness of the people doing that work does not.

    > And the way to get on the NSA list is by sending daily encrypted messages to
    > Arab militant groups - not asking for info ;)


    I betcha asking your local Korean embassy for Kim Jong Il's books of
    poetry and philosophy will do it even faster.

    Scott

    --
    Scott Ellsworth

    Java and database consulting for the life sciences
    Scott Ellsworth, Mar 2, 2006
    #11
  12. Roedy Green Guest

    On Thu, 02 Mar 2006 17:53:22 GMT, "Oliver Wong" <>
    wrote, quoted or indirectly quoted someone who said :

    > They say to always concentrate on the least secure point of your system.
    >One-time pads are pretty strong, and I think the weakest part of this
    >particular system is the part where you have to give the pad (i.e. the CD)
    >to the courier, and then the courier is out of your sight for a while, and
    >then the courier (perhaps the same one, perhaps a different one) shows up in
    >front of Alice, and hands her a CD (perhaps the same one, perhaps a
    >different one).
    >
    > - Oliver


    If you are a diplomat you can get around that by locking the CD case
    is such a way that if it is opened you can tell, perhaps it self
    destructs if not opened at the correct time. Ordinary folk though
    have trouble passing sealed cases over international boundaries. You
    could ship them by ordinary Fedex and if they are ever opened and
    examined, just do it over till you get a shipment through unmolested.

    They appear to anyone to be just CDs of highly compressed data.

    You also could send 10 sets of cds all by independent methods and use
    all ten XORed together. Even if one if them were not compromised, you
    are still safe.

    Shannon's theorem says you can get create a trustworthy system out of
    untrustworthy components if you use sufficient redundancy.

    As a cover, you could run a CD of the month club, and ship special CDs
    to certain customers and also to randomly selected perfectly innocent
    people who will complain and get a replacement. Your conspirators can
    behave the same way. No great harm is done sending a CD of random
    numbers to anyone but it could keep those trying to intercept very
    busy.

    I think most spooks would say "screw it" and concentrate on getting
    the data lying around unencrypted at either end.


    --
    Canadian Mind Products, Roedy Green.
    http://mindprod.com Java custom programming, consulting and coaching.
    Roedy Green, Mar 3, 2006
    #12
  13. "Roedy Green" <> wrote in
    message news:...
    > On Wed, 1 Mar 2006 20:01:06 -0700, "Luc The Perverse"
    > <> wrote, quoted or indirectly
    > quoted someone who said :
    >
    >>Elliptic curves are expected to fall with RSA to quantum computers.
    >>
    >>And the way to get on the NSA list is by sending daily encrypted messages
    >>to
    >>Arab militant groups - not asking for info ;)

    >
    > If anyone is serious about encryption and does not want the folks at
    > homeland security potentially cracking it, go with a one time pad.
    > With CDs to distribute the keys, it could be made relatively simple
    > and foolproof to use.
    >
    > Your biggest problem is spyware at both ends.


    I believe very few codes are broken brute force or through backdoors. I do
    not believe AES is hackable for instance.

    As such, the key is the weak point - and a OTP suffers from the same
    vulnerability as any other reasonably complex key scheme.

    --
    LTP

    :)
    Luc The Perverse, Mar 3, 2006
    #13
  14. "Roedy Green" <> wrote in
    message news:...
    > On Thu, 02 Mar 2006 17:53:22 GMT, "Oliver Wong" <>
    > wrote, quoted or indirectly quoted someone who said :
    >
    >> They say to always concentrate on the least secure point of your system.
    >>One-time pads are pretty strong, and I think the weakest part of this
    >>particular system is the part where you have to give the pad (i.e. the CD)
    >>to the courier, and then the courier is out of your sight for a while, and
    >>then the courier (perhaps the same one, perhaps a different one) shows up
    >>in
    >>front of Alice, and hands her a CD (perhaps the same one, perhaps a
    >>different one).
    >>
    >> - Oliver

    >
    > If you are a diplomat you can get around that by locking the CD case
    > is such a way that if it is opened you can tell, perhaps it self
    > destructs if not opened at the correct time. Ordinary folk though
    > have trouble passing sealed cases over international boundaries. You
    > could ship them by ordinary Fedex and if they are ever opened and
    > examined, just do it over till you get a shipment through unmolested.
    >
    > They appear to anyone to be just CDs of highly compressed data.
    >
    > You also could send 10 sets of cds all by independent methods and use
    > all ten XORed together. Even if one if them were not compromised, you
    > are still safe.
    >
    > Shannon's theorem says you can get create a trustworthy system out of
    > untrustworthy components if you use sufficient redundancy.
    >
    > As a cover, you could run a CD of the month club, and ship special CDs
    > to certain customers and also to randomly selected perfectly innocent
    > people who will complain and get a replacement. Your conspirators can
    > behave the same way. No great harm is done sending a CD of random
    > numbers to anyone but it could keep those trying to intercept very
    > busy.
    >
    > I think most spooks would say "screw it" and concentrate on getting
    > the data lying around unencrypted at either end.


    Um that is a little insane.

    I say use an aggregate of tried and true RSA with a "supposedly"
    quantum-safe asymmetric key cipher (like NTRU or DFE) and use it to transmit
    a private key along with a hashed pre-arranged passphrase. You can have
    just as much trouble communicating the passphrase initially, but with the
    added bonus of being able to use it more than once :)

    If you do not believe that a TLA is capable or willing [to try] to
    impersonate you, then you could simply do the above, and then call the
    person on the phone and verify the already transmitted passphrase by having
    the user re-hash it on his end.

    I've thought about this a lot, which is one of my primary interests for a
    large scale application in Java. But alas! all quantum safe asymmetric
    algorithms of which I am aware demand exhorbant (sp?) licensing fees.

    --
    LTP

    :)
    Luc The Perverse, Mar 3, 2006
    #14
  15. Oliver Wong wrote:
    > My recommendation is to stick with traditional (quantum-weak)
    > encryption for now, and when quantum computing becomes available, switch
    > to quantum encryption (which is currently believed to be impossible to
    > crack; not "merely" infeasible to crack).


    My understanding is that one-time pads have been used with good results
    for ages. That for example combined with one-way communication like
    http://en.wikipedia.org/wiki/Numbers_station All pretty much tried and
    trusted low-tech, compared to systems requiring computers and a lot of
    processing power - but limited to not to long messages.

    /Thomas
    --
    The comp.lang.java.gui FAQ:
    ftp://ftp.cs.uu.nl/pub/NEWS.ANSWERS/computer-lang/java/gui/faq
    http://www.uni-giessen.de/faq/archiv/computer-lang.java.gui.faq/
    Thomas Weidenfeller, Mar 3, 2006
    #15
  16. Oliver Wong Guest

    "Thomas Weidenfeller" <> wrote in message
    news:du907f$nd6$...
    > Oliver Wong wrote:
    >> My recommendation is to stick with traditional (quantum-weak)
    >> encryption for now, and when quantum computing becomes available, switch
    >> to quantum encryption (which is currently believed to be impossible to
    >> crack; not "merely" infeasible to crack).

    >
    > My understanding is that one-time pads have been used with good results
    > for ages. That for example combined with one-way communication like
    > http://en.wikipedia.org/wiki/Numbers_station All pretty much tried and
    > trusted low-tech, compared to systems requiring computers and a lot of
    > processing power - but limited to not to long messages.
    >


    One-time pads work well for communicating with spies, because usually
    when you first hire a spy, you can arrange for a physical meeting, and
    directly hand her the one time pad.

    One-time pads (or rather, key-transmission in general) becomes a problem
    when you need to send the key to a remote location during which enemies can
    intercept the key (perhaps without you being able to detect this
    interception).

    - Oliver
    Oliver Wong, Mar 3, 2006
    #16
  17. Oliver Wong Guest

    "Roedy Green" <> wrote in
    message news:...
    >
    > If you are a diplomat you can get around that by locking the CD case
    > is such a way that if it is opened you can tell, perhaps it self
    > destructs if not opened at the correct time. Ordinary folk though
    > have trouble passing sealed cases over international boundaries. You
    > could ship them by ordinary Fedex and if they are ever opened and
    > examined, just do it over till you get a shipment through unmolested.


    Okay, that might work in practice, so let me just give out a disclaimer
    now that most of my protests will be of the fun, theoretical, "let's imagine
    wild conspiracy theories" nature. (I think we entered that realm as soon as
    someone said "But what about quantum computers?")

    The problem with the above is that you now have to trust FedEx (which
    implies trusting everybody that FedEx trust; e.g. each individual courier,
    and trusting that the couriers won't ask their friends to make a delivery
    for them or otherwise that those friends are trustworthy, etc.)

    But even if you assume FedEx is trustworthy, there's the problem of
    authentification. If you walk into a building with a big "FedEx" logo over
    it, and hand your CD to a clerk behind the counter wearing a uniform that
    says "FedEx" on it... are you really sure that you're giving your CD to
    FedEx, and not a man-in-the-middle in disguise?

    >
    > They appear to anyone to be just CDs of highly compressed data.
    >
    > You also could send 10 sets of cds all by independent methods and use
    > all ten XORed together. Even if one if them were not compromised, you
    > are still safe.


    There's the problem of detecting compromises as mentioned above (perhaps
    all 10 have been compromised, but because of the various transmission
    methods, you only detect 2 compromisations, and figured it would be safe to
    continue using the pads).

    Some encryptions methods get by this by being secure even if all
    messages have been compromised (e.g. public-key exchange). The problem is
    that public-key exchange is "vulnerable" to brute force, while one-time-pads
    are not vulnerable to brute force.

    Another possibility I could imagine is for the attacker to bombard your
    recipient with a ton of CDs with random contents. The recipient would be
    unable to tell which of the CDs are from you, and which are from the
    attackers. The recipient would then have to contact you, and perhaps send a
    hash of all the CDs he has (or you send him a hash) to determine which CDs
    are valid or not.

    But if the attacker sends a sufficiently high number of CDs, the the
    hash will eventually have to be so long as to be equal to the entire
    contents of the CDs themselves, thus forcing you to publicly broadcast your
    private keys.


    >
    > Shannon's theorem says you can get create a trustworthy system out of
    > untrustworthy components if you use sufficient redundancy.


    I think Shannon's "trustworthy vs untrustworthy" has to do with
    reliability of the medium (e.g. dropped packets, noise, etc.), and not
    "trustworthy" in the cryptographical sense.

    >
    > As a cover, you could run a CD of the month club, and ship special CDs
    > to certain customers and also to randomly selected perfectly innocent
    > people who will complain and get a replacement. Your conspirators can
    > behave the same way. No great harm is done sending a CD of random
    > numbers to anyone but it could keep those trying to intercept very
    > busy.


    If one particular customer ALWAYS gets a bad CD, that might raise
    suspicion, so you occasionally need to send out bad CDs to random innocent
    customers without sending to your target.

    Depending on how often you needed to communicate with your target, you
    might be sending out a lot of bad CDs, and then get fewer and fewer
    subscribers, also thus raising the suspicion around the one client (your
    target) who maintains the subscription despite the bad service.

    If you wanted to go this route, I recommend hiding the data within the
    CDs so as not to alert the casual user at all. I'm assuming these are normal
    audio CDs that can be played in standard CD players. These CDs have a lot of
    error correction facility so that if you have bad sectors, the CD is still
    playable.

    Just put your one time pad in those bad sectors, and the innocent
    clients will still have playable CDs, and won't complain or ask for returns
    or anything like that.

    A standard CD encodes the information as pits and grooves; i.e. in
    binary. If you have the sophisticated equipment, you could encode your CDs
    in trinary, perhaps with 2 kinds of pits, of slightly differing depth, but
    within the engineering tolerance of the standards for CDs, so they seem to
    play perfectly normally.

    Your target has specialized equipment to be able to distinguish between
    the 2 kinds of pits to pick up the extra hidden data.

    - Oliver
    Oliver Wong, Mar 3, 2006
    #17
  18. James McGill Guest

    On Fri, 2006-03-03 at 09:54 +0100, Thomas Weidenfeller wrote:
    > My understanding is that one-time pads have been used with good
    > results for ages.


    As long as your soldiers in the field can be made to understand that
    reusing the pad is completely unacceptable (it has happened). And if
    the key pad is out of your hands, how do you know when you're
    transmitting the message, that someone hasn't intercepted the key?
    James McGill, Mar 3, 2006
    #18
  19. James McGill Guest

    On Fri, 2006-03-03 at 17:19 +0000, Oliver Wong wrote:
    >
    > Just put your one time pad in those bad sectors, and the innocent
    > clients will still have playable CDs, and won't complain or ask for
    > returns
    > or anything like that.


    Oops. You've replaced one secret (the pad) with another secret (the
    location to which you've sent the pad).
    James McGill, Mar 3, 2006
    #19
  20. Oliver Wong Guest

    "James McGill" <> wrote in message
    news:...
    > On Fri, 2006-03-03 at 17:19 +0000, Oliver Wong wrote:
    >>
    >> Just put your one time pad in those bad sectors, and the innocent
    >> clients will still have playable CDs, and won't complain or ask for
    >> returns
    >> or anything like that.

    >
    > Oops. You've replaced one secret (the pad) with another secret (the
    > location to which you've sent the pad).


    I'd say it's an addition of a secret, rather than a replacement. The one
    time pad is still present.

    - Oliver
    Oliver Wong, Mar 3, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michal M
    Replies:
    7
    Views:
    776
    Andrew Thompson
    Aug 2, 2005
  2. Replies:
    3
    Views:
    5,145
    Bjorn Abelli
    Mar 30, 2006
  3. manzur
    Replies:
    5
    Views:
    488
    Chris Uppal
    Nov 9, 2006
  4. Replies:
    0
    Views:
    713
  5. Mark Rafn
    Replies:
    17
    Views:
    1,367
    Andreas Leitgeb
    Jul 5, 2009
Loading...

Share This Page