Crypto Challenge Set 8

This is the second of two sets we generated after the original 6.

This set focuses on abstract algebra, including DH, GCM, and (most importantly) elliptic curve cryptography. Fair warning - it's really tough! There's a ton of content here, and it's more demanding than anything we've released so far. By the time you're done, you will have written an ad hoc, informally-specified, bug-ridden, slow implementation of one percent of SageMath.

  1. Diffie-Hellman Revisited: Small Subgroup Confinement
  2. Pollard's Method for Catching Kangaroos
  3. Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
  4. Single-Coordinate Ladders and Insecure Twists
  5. Duplicate-Signature Key Selection in ECDSA (and RSA)
  6. Key-Recovery Attacks on ECDSA with Biased Nonces
  7. Key-Recovery Attacks on GCM with Repeated Nonces
  8. Key-Recovery Attacks on GCM with a Truncated MAC
  9. Truncated-MAC GCM Revisited: Improving the Key-Recovery Attack via Ciphertext Length Extension
  10. Exploiting Implementation Errors in Diffie-Hellman
Cryptography Services | NCC Group