Baby Sharks: Small-Subgroup Attacks to Disrupt Large Distributed Systems

Presented at Black Hat USA 2021, Aug. 5, 2021, 11:20 a.m. (40 minutes).

Elliptic-curve cryptography is now a common choice by practitioners, implementing cryptographic primitives that require a group of large prime order. However, for some elliptic curves, the prime order group is a subgroup of a larger composite-order group. Two such examples are Curve25519 and the pairing friendly curve BLS12-381.

Protocols that are implemented with these curves are susceptible to small subgroup attacks where a point from the composite-order group is used instead of the prime-order group. Such attacks were previously demonstrated in the wild for Curve25519, e.g. CryptoNote double spend vulnerability.

In this talk, we focus on small subgroup attacks in implementations that are based on threshold cryptography: proactive secret sharing, distributed key generation, and threshold signatures. Such protocols involve interaction between distrusting parties, usually with a requirement to communicate elliptic curve points. Due to the overhead in complexity, we notice that implementers occasionally forget to "sanitize" inputs, .i.e. the received points. We look at applications such as consensus, distributed randomness beacon, cryptocurrency wallet, and proof-of-stake validator. We show how injecting small order subgroup elements can bypass the security for cryptographic primitives used in threshold cryptography such as verifiable secret sharing, sigma protocols, and digital signatures. We discuss the potential damage of our attacks on the mentioned applications and demonstrate it is possible with little effort to break "liveness" for some critical real world systems.


Presenters:

  • Omer Shlomovits - Co-founder, Cryptography, ZenGo
    Omer Shlomovits (<span style="font-style: inherit;" data-mce-style="font-style: inherit;">@OmerShlomovits</span>) is the co-founder and VP of Research of ZenGo (founded 2018), a Tel-Aviv based company building products for consumers in the blockchain space. He also runs ZenGo X, a 500+ member research community. In 2019 Omer co-founded MPC-Alliance, a consortium of 50+ companies collaborating to advance MPC technology. He currently serves as a board-member and head of the technical committee. Omer co-founded Zero-Knowledge TLV, a 750+ member applied cryptography community in Israel that is now part of ZK-Global. Omer codes mostly in Rust\Go and is passionate about implementing complex crypto-systems. His research focus is aimed to tackle real world, hard problems, using novel cryptography. He consults various companies on safe usage and integration of crypto. Omer is a member of OpenMined MPC team, applying secure computation to machine learning.

Links:

Similar Presentations: