Elligator: Elliptic-curve points indistinguishable from uniform random strings
The 2013 ACM SIGSAC conference paper discusses challenges faced by censorship-circumvention tools in avoiding detection by censors. It introduces high-security elliptic-curve systems to enhance privacy and security in communication networks.
Read original article
The paper "Elligator: elliptic-curve points indistinguishable from uniform random strings" presented at the 2013 ACM SIGSAC conference on Computer & Communications Security addresses the challenges faced by censorship-circumvention tools in evading detection by censors. These tools aim to match their traffic patterns with unblocked programs to avoid identification through traffic profiling. However, censors deploy sophisticated deep-packet inspection techniques to counter these efforts. The paper introduces high-security elliptic-curve systems where points are encoded to appear as random strings, enhancing privacy and security. It also introduces a bijection between strings and curve points, offering guidelines for constructing secure curves. The research aims to prevent censorship by making elliptic-curve cryptography patterns indistinguishable from random data, thus enhancing privacy and security in communication networks.
Related
Reconstructing Public Keys from Signatures
The blog delves into reconstructing public keys from signatures in cryptographic schemes like ECDSA, RSA, Schnorr, and Dilithium. It highlights challenges, design choices, and security considerations, emphasizing the complexity and importance of robust security measures.
The Magic of Participatory Randomness
Randomness is vital in cryptography, gaming, and civic processes. Techniques like "Finger Dice" enable fair outcomes through participatory randomness, ensuring transparency and trust in provably fair games.
Confidentiality in the Face of Pervasive Surveillance
RFC 7624 addresses confidentiality threats post-2013 surveillance revelations. It defines attacker models, vulnerabilities, and encryption's role in protecting against eavesdropping, emphasizing Internet security enhancements against pervasive surveillance.
Did a broken random number generator in Cuba help expose an espionage network?
A cryptologic mystery involving a broken random number generator in Cuba exposes a Russian espionage network. Anomalies in encrypted shortwave radio transmissions lead to the arrest of Russian spies, highlighting vulnerabilities in one-time pad ciphers.
Syd the perhaps most sophisticated sandbox for Linux
A course covers security topics like Chrome vulnerabilities, Amazon's "Stuffer Concept," Rust language safety. Tools include GCC 14, BOLT, Google Closure Compiler. Emphasizes firewalls, Seccomp, eBPF, Syd sandbox, F*, CompCert, TCC compilers.
8 commentsElligator implementations have a history of subtle bugs, arguably because there was not a spec, only a paper, although it looks like there are some third-party test vectors now.
In general the "inverse map" from random bytes to point is used only for censorship-resistance use cases, but the "direct map" turning random bytes (like a CSPRNG output or a hash) into a point is useful for a number of purposes in cryptography, like VRFs. That led to the direct map being specified more rigorously, like in https://www.rfc-editor.org/rfc/rfc9496.html#name-element-der... and https://datatracker.ietf.org/doc/html/rfc9380.
IMHO a map from a fixed amount of random bytes should be part of the fundamental group abstraction, and that's what Ristretto provides. The CFRG approach is slightly different, providing full domain-separated hash "suites" that go straight into a curve point.
It’s over 10 years since but it would be nice if important research like this at least touched on the egalitarian issues rather than presenting a partisan agenda. E.g. someone somewhere who has to deal with private data now also has to deal with even stricter restrictions, without any doubt.
Sometimes I worry about researchers working on important issues with apparently blinders on. If we don’t self-supervise we just outsource the work, and in this case that means we are back to square one.
Related
Reconstructing Public Keys from Signatures
The blog delves into reconstructing public keys from signatures in cryptographic schemes like ECDSA, RSA, Schnorr, and Dilithium. It highlights challenges, design choices, and security considerations, emphasizing the complexity and importance of robust security measures.
The Magic of Participatory Randomness
Randomness is vital in cryptography, gaming, and civic processes. Techniques like "Finger Dice" enable fair outcomes through participatory randomness, ensuring transparency and trust in provably fair games.
Confidentiality in the Face of Pervasive Surveillance
RFC 7624 addresses confidentiality threats post-2013 surveillance revelations. It defines attacker models, vulnerabilities, and encryption's role in protecting against eavesdropping, emphasizing Internet security enhancements against pervasive surveillance.
Did a broken random number generator in Cuba help expose an espionage network?
A cryptologic mystery involving a broken random number generator in Cuba exposes a Russian espionage network. Anomalies in encrypted shortwave radio transmissions lead to the arrest of Russian spies, highlighting vulnerabilities in one-time pad ciphers.
Syd the perhaps most sophisticated sandbox for Linux
A course covers security topics like Chrome vulnerabilities, Amazon's "Stuffer Concept," Rust language safety. Tools include GCC 14, BOLT, Google Closure Compiler. Emphasizes firewalls, Seccomp, eBPF, Syd sandbox, F*, CompCert, TCC compilers.