Flawed implemented cryptographic algorithm in the Microsoft ecosystem

Stefan Pocarovsky – Martin Koppl – Milos Orgon

   With the continuous development in the electronic chip field, the requirements for the security of IT infrastructures are also increasing. The need for ever-increasing key lengths in cryptography to maintain security cannot grow indefinitely. One of the solutions in the field of cryptography for using shorter keys while maintaining security is cryptography based on the principle of elliptic curves. Asymmetric elliptic curve cryptosystems lies in solving the discrete logarithm problem on an elliptic curve. However, not only secure algorithm but also its correct implementation is important. In this paper, we discuss an incorrect implementation of the ECC algorithm in the crypt32.dll library (Microsoft Windows) and the possibilities of its misuse.

Keywords: ECC, cryptographic, security, crypt32. dll, ECCDSA

[full-paper]