This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Security B-Sides London 2015

3rd of June 2015
ILEC Conference Centre 47 Lillie Road, London, SW6 1UD
View analytic
Wednesday, June 3 • 1:30pm - 2:15pm
Elliptic Curve Cryptography for those who are afraid of maths

Sign up or log in to save this to your schedule and see who's attending!

Elliptic Curve Cryptography (ECC) is hot. Far better scalable than traditional encryption, more and more data and networks are being protected using ECC. Not many people know the gory details of ECC though, which given its increasing prevalence is a very bad thing. In this presentation I will turn all members of the audience into ECC experts who will be able to implement the relevant algorithms and also audit existing implementations to find weaknesses or backdoors.

Actually, I won't.

To fully understand ECC to a point where you could use it in practice, you would need to spend years inside university lecture rooms to study number theory, geometry and software engineering. And then you can probably still be fooled by a backdoored implementation.

What I will do, however, is explain the basics of ECC. I'll skip over the gory maths (it will help if you can add up, but that's about the extent of it) and explain how this funny thing referred to as "point addition on curves" can be used to exchange a secret code between two entities over a public connection.

I will also explain how the infamous backdoor in Dual_EC_DRGB (a random number generator that uses the same kind of maths) worked.

At the end of the presentation, you'll still not be able to find such backdoors yourselves and you probably realise you never will. But you will be able to understand articles about ECC a little better. And, hopefully, you will be convinced it is important that we educate more people to become ECC-experts.


Martijn Grooten

Martijn Grooten once dreamed of a career in algebraic geometry, a beautiful area of mathematics, yet also one that has little practical relevance. Or so he thought. After rebooting his career to become a security professional (he ran spam filter tests for Virus Bulletin; he still does so, but his business card now says "Editor") he discovered that some of those curves he used to come across do actually have a lot of practical relevance. He has... Read More →

Wednesday June 3, 2015 1:30pm - 2:15pm
a. Track 1