ECDSA Teletrust Kurve Brainpool

Schneier: "Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can." Quelle: http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance

Artikel "The Strange Story of Dual_EC_DRBG" https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html


Genau um diese Konstanten zu umgehen, zeige ich wie einfach es ist, die Brainpool Kurven von Teletrust zu verwenden.

Hierzu gibt es sehr interessante Dokumente
Request for Comments Nr. 5639 http://www.rfc-editor.org/rfc/rfc5639.txt
ECC Brainpool Standard Curves and Curve Generation http://www.ecc-brainpool.org/download/Domain-parameters.pdf


Interessant ist auch die Stärke von ECDSA.

Siehe: http://www.keylength.com/en/compare/


Mit dem Framwork von bouncy castle kann man sehr einfach eine Brainpool Kurve implementieren, hier z.b. die brainpoolP512r1.

Code:

        private static AsymmetricCipherKeyPair GreateKeyPair()
        {
            // ECC 512 = AES 256 = RSA 15360
            // List of alle curve in BC http://www.bouncycastle.org/wiki/display/JA1/Supported+Curves+%28ECDSA+and+ECGOST%29
            var ecP = TeleTrusTNamedCurves.GetByName("brainpoolP512r1");
            var ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed());

            IAsymmetricCipherKeyPairGenerator aliceGenerator = GeneratorUtilities.GetKeyPairGenerator("ECDH");
            aliceGenerator.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom()));
            AsymmetricCipherKeyPair aliceKeyPair = aliceGenerator.GenerateKeyPair();
            return aliceKeyPair;
        }

Hier ein schnell runtergeschriebenes Beispiel

Code:

// For faster Unit Tests, of course we use 4096 Bit
// var rsaKeySize = 4096;
var rsaKeySize = 1024;

var stamp0 = DateTime.UtcNow;

// Alice - Prepaired
var aliceStaticKeyPair = new RSACryptoServiceProvider(rsaKeySize);
aliceStaticKeyPair.PersistKeyInCsp = false;
var aliceTemp = aliceStaticKeyPair.ToXmlString(true);

// Bob - Prepaired

var bobStaticKeyPair = new RSACryptoServiceProvider(rsaKeySize);
bobStaticKeyPair.PersistKeyInCsp = false;
var bobTemp = bobStaticKeyPair.ToXmlString(true);

Console.WriteLine((DateTime.UtcNow - stamp0) + " - Generate Static Key Pairs");
var stamp1 = DateTime.UtcNow;


// Alice - Start Key Agreement

var enc = new UTF8Encoding();
var secretPlain = "This is a secret.";
var secretPlainBytes = enc.GetBytes(secretPlain);

var aliceKeyPair = GreateKeyPair();
var aliceBasicAgreement = GetBasicAgreement(aliceKeyPair);

// Alice - Prepair Public Key

var aliceContainer = new KeyAgreementContainer(aliceKeyPair.Public);
aliceContainer.Sign(aliceStaticKeyPair);
aliceContainer.SetFingerprint(aliceStaticKeyPair);

var aliceMessage = Serialize(aliceContainer);

// Bob - Start Key Agreement

AsymmetricCipherKeyPair bobKeyPair = GreateKeyPair();
IBasicAgreement bobBasicAgreement = GetBasicAgreement(bobKeyPair);

Console.WriteLine((DateTime.UtcNow - stamp1) + " - Generate Key Pairs");
var stamp2 = DateTime.UtcNow;

// Bob - Prepair Public Key

var bobContainer = new KeyAgreementContainer(bobKeyPair.Public);
bobContainer.Sign(bobStaticKeyPair);
bobContainer.SetFingerprint(bobStaticKeyPair);

var bobMessage = Serialize(bobContainer);

// generate shared key

var k1 = bobBasicAgreement.CalculateAgreement(aliceKeyPair.Public).ToByteArray();
var k2 = aliceBasicAgreement.CalculateAgreement(bobKeyPair.Public).ToByteArray();

Console.WriteLine((DateTime.UtcNow - stamp2) + " - Calculate Agreements");

IsByteArrayEqual(k1, k2);

var stamp3 = DateTime.UtcNow;


// AES-Twofish-Serpent
// Each of the cascaded ciphers uses its own key.
// see http://www.truecrypt.org/docs/cascades
byte[] salt = new byte[2048];
new RNGCryptoServiceProvider().GetBytes(salt);

// hash it against weak bit
// see http://download.certicom.com/pdfs/corr98-05.pdf
Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(k1, salt, 20000);
byte[] answers = pbkdf2.GetBytes(96);

var aesKey = new byte[32];
var aesSalt = new byte[16];
new RNGCryptoServiceProvider().GetBytes(aesSalt);

var twofishKey = new byte[32];
var twofishSalt = new byte[16];
new RNGCryptoServiceProvider().GetBytes(twofishSalt);

var serpentKey = new byte[32];
var serpentSalt = new byte[16];
new RNGCryptoServiceProvider().GetBytes(serpentSalt);

Array.Copy(answers, 0, aesKey, 0, 32);
Array.Copy(answers, 32, twofishKey, 0, 32);
Array.Copy(answers, 64, serpentKey, 0, 32);

Console.WriteLine((DateTime.UtcNow - stamp3) + " - Calculate Encryption Keys");
var stamp4 = DateTime.UtcNow;

// Alice encrypt secret

// Todo: use XTS mode, not this useless junk
var encryptedSecretAes = Encrypt(secretPlainBytes, aesKey, aesSalt, Algorithm.Aes);
var encryptedSecretTwofish = Encrypt(encryptedSecretAes, twofishKey, twofishSalt, Algorithm.Twofish);
var encryptedSecretSerpent = Encrypt(encryptedSecretTwofish, serpentKey, serpentSalt, Algorithm.Serpent);

Console.WriteLine((DateTime.UtcNow - stamp4) + " - Encrypt");
var stamp5 = DateTime.UtcNow;

// Bob decrypt Secret

var decryptSecrectSerpent = Decrypt(encryptedSecretSerpent, serpentKey, serpentSalt, Algorithm.Serpent);
var decryptSecrectTwofish = Decrypt(decryptSecrectSerpent, twofishKey, twofishSalt, Algorithm.Twofish);
var decryptSecrectAes = Decrypt(decryptSecrectTwofish, aesKey, aesSalt, Algorithm.Aes);

Console.WriteLine((DateTime.UtcNow - stamp5) + " - Decrypt");

Console.WriteLine((DateTime.UtcNow - stamp0) + " - Overall Time");

IsByteArrayEqual(secretPlainBytes, decryptSecrectAes);

var bobPlainFromAlice = enc.GetString(decryptSecrectAes);
if (secretPlain != bobPlainFromAlice)
{
    throw new Exception("Plain text is not equal.");
}

Weitere Alternativen

Interessant ist auch, dass jetzt nach der NSA Affäre auch Silent Circle seine Kurven gewechselt hat.
Die haben sich für die Curve3617 entscheiden. http://silentcircle.wordpress.com/tag/elliptic-curve/
Ich denke, dass die Amerikaner einfach keine deutsche elliptic curve verwenden wollten.