We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:

Download:

Current browse context:

cs.CR
< prev | next >
new | recent | 2004

Change to browse by:

cs

References & Citations

DBLP - CS Bibliography

listing | bibtex

Bookmark

(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo

Computer Science > Cryptography and Security

Title: A "Final" Security Bug

Authors: Quan Thoi Minh Nguyen
(Submitted on 3 Apr 2020)
Abstract: This article discusses a fixed critical security bug in Google Tink's Ed25519 Java implementation. The bug allows remote attackers to extract the private key with only two Ed25519 signatures. The vulnerability comes from the misunderstanding of what "final" in Java programming language means. The bug was discovered during security review before Google Tink was officially released. It reinforces the challenge in writing safe cryptographic code and the importance of the security review process even for the code written by professional cryptographers.
Subjects: Cryptography and Security (cs.CR)
Cite as: arXiv:2004.01403 [cs.CR]
  (or arXiv:2004.01403v1 [cs.CR] for this version)

Submission history

From: Quan Thoi Minh Nguyen [view email]
[v1] Fri, 3 Apr 2020 07:17:39 GMT (5kb)
Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)

Link back to: arXiv, form interface, contact.