The Strange Tale of Dual_EC_DRBG

Julian Assange being arrested recently brought back memories of how he leaked Edward Snowden’s memos around the possible existence of an NSA-sourced cryptographic backdoor — the Dual EC standard (Dual_EC_DRBG). So let’s dive into the method and the trap door, and see the “magic” behind it.

With Elliptic Curve methods, we take an elliptic curve (y²=x³+ax+b), and then use a base point (G). Next we generate a random number (n) and determine a point (P) by adding the point n times (G+G…+G). We represent this as:

P = n G

The point P is our public key, and n is…

CBOR, COSE and RSA Key Pairs

In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [1]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…

ECDH and CEK (Content Encryption Key) using COSE and CBOR

In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [1]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…

The Wonderful World of Tokens and Claims: CWT — CBOR Web Tokens

As we go back to work, we might have to get someone to sign a claim that we are allowed back into our offices. For this, we might get someone trusted to sign a document (an issuer), and then we show this to a verifier at the front door, in order to gain access. We thus make a claim to something, and where the signature is trusted by the verifier. There then doesn’t have to be any contact between the issuer and the verifier, as the signature is known and trusted. But what about our digital world?

Well, basically, we…

In IoT, How Can We Represent Binary Data Objects and Integrate Security?

Concise Binary Object Representation — Symmetric Key

In computer security, we often have to represent binary data, in single values or groups of characters, bytes, words, long words, signed integers, floating-point values, double-precision floating-point values, and so on. This might be in the form of a data object, a signature or even encrypted content. For this, the ANS.1 DER format is often used, such as presenting digital certificates and signatures. An improvement on this for small messages with security is Concise Binary Object Representation (CBOR) — and which is defined in RFC8949 [here]. While JSON represents text-based data objects CBOR focuses on binary objects. It has been…

Scottish QR Code Vaccination Status and EU Green Pass

Well, there’s a QR code doing the rounds that has the potential to open up our world of travel in a more trusted way. This is the green pass, and which has been adopted in Scotland. The morals and ethics of this can be debated endlessly, but from a cryptography point-of-view, it is great to see a start towards building more trustworthy digital ways in allowing people to travel. A great thing is that it looks like the NHS have adopted the EU Green Pass format for vaccine status data.

So What Is Base-45, And Where Is It Used?

If you are into Cybersecurity, Base-64 should be a well-known format, and often used to convert binary data into a text format. In Bitcoin, we use Base-58 for the Bitcoin address. But, what is Base-45?

Well, yesterday, Scotland released their vaccination passport. It contains a QR code, and which uses Base-45 format for the data coding [article]. With Base-45 format, we have 45 characters defined. The encoding table is [here]:

`Value Encoding  Value Encoding  Value Encoding  Value Encoding   00 0            12 C…`

Less haste, more speed: Base45, zlib and Vaccine Passports

Well, we now live in a strange world. Our world has been damaged over the past 18 months, and, for the sake of our next generation, we must now rebuild our economic infrastructure, and look to rebuild our links between countries.

And so we have reached the point of rebuilding trust between the regions and nations of the world, and enabling safe travel must be a key way forward. For this, a concrete proof (eg vaccine status verification) at our borders seems to be the best way forward for the nations and regions of the world to rebuild trust. The…

Dominic Cummings and Instant Auditing/Accounting

We have a problem in blockchain/distributed ledgers (call it what want you want, but basically it’s a whole lot of transactions that have been digitally signed), and that we have really failed to articulate the new economic models that can be created, and all that many can see are the faults of Bitcoin or with the nature of public blockchains. It can be just a few public keys placed on a ledger and which provides the root of trust for an organisation or could be the complete ledger record of the whole of the UK banking industry.

And so, I…

Prof Bill Buchanan OBE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Living by the sea. Old World Breaker. New World Creator.

Get the Medium app