-rw-r--r-- 5138 lib25519-20240928/doc/security.md raw
Security model: X25519 is designed to be strong as a component of
various well-known "hashed DH" applications, and in particular is
designed to make the CDH problem difficult with respect to the standard
base. Ed25519 is designed to provide EUF-CMA, the standard notion of
unforgeability of a signature system under chosen-message attacks.
However, some applications need other security notions that are not
provided by X25519 and Ed25519.
Security level: X25519 and Ed25519 are more difficult to break by any
known attacks than a typical 128-bit cipher. They have an extremely
stable security track record, with two decades of research changing
security levels by only a fraction of a bit. They also proactively avoid
various potential risks. However, large quantum computers will break
both X25519 and Ed25519.
Software verification: lib25519 is intended to become a central target
for verification of full functional correctness of implementations of
X25519 and Ed25519. However, only certain portions have been verified so
far, and at this point the code should be presumed to have critical
bugs.
API safety: The lib25519 API is systematically designed to simplify
correct use and complicate incorrect use. As in the SUPERCOP/NaCl API,
inputs and outputs are in wire format rather than requiring conversion
to an internal format; signing a message uses simply a secret key, not
taking the public key as a separate input; and verification recovers a
message from a signed message, not treating the signature as a separate
object that one can forget to verify.
Timing attacks: lib25519 is designed to avoid all data flow from secret
data to memory addresses and branch conditions. lib25519 uses operations
that naturally avoid such data flow, and includes valgrind tests (based
on TIMECOP from SUPERCOP) designed to catch any such data flow
introduced by compilers. Fully protecting the user against timing
attacks requires addressing more issues, such as the following:
* Other common instructions used by lib25519 take variable time on
some CPUs. For example, there are some CPUs, especially embedded
CPUs, where integer multiplication takes variable time.
* Many CPUs include dynamic frequency-selection mechanisms such as
Turbo Boost, exposing power information via timing information.
Fortunately, these CPUs are normally shipped with simple options to
disable Turbo Boost etc., closing this leak; unfortunately, Turbo
Boost is enabled by default on CPUs that support it.
* Cryptographic keys are normally handled by cryptographic software,
but other user secrets are handled by many different pieces of
software.
See [https://timing.attacks.cr.yp.to](https://timing.attacks.cr.yp.to)
for a timing-attack survey and many references.
Speculative-execution attacks: Some countermeasures against
speculative-execution attacks are planned but are not included in the
current version of lib25519. Full protection again requires addressing
issues at other system layers.
Further side-channel attacks: Even if all legitimate user sensors are
successfully kept isolated from attackers, attackers can set up their
own power sensors, electromagnetic sensors, acoustic sensors, etc.
Keeping cryptographic operations physically separated from sensors tends
to make such attacks much more expensive but is often infeasible.
"Masking" cryptographic computations seems to help and can be
affordable, although the security of masking is difficult to evaluate
and there are many broken masked implementations. Currently lib25519
does not include any masked implementations, so presumably it is easily
breakable by power attacks in environments where attackers can see power
consumption.
Further attacks: lib25519 creates an Ed25519 signing nonce as a hash of
the message, a long-term secret, and new randomness (specifically, the
nonce is a keyed hash of the message, where the key is the hash of the
long-term secret and new randomness). The literature identifies various
advantages and disadvantages of including these hash inputs:
* Including the message and a long-term secret protects against
signing-time RNG failures. This is a standard feature of Ed25519
signers.
* To the extent that the RNG works, including new randomness has the
advantage of stopping (e.g.) fault attacks that rely on a nonce
being reused for multiple signatures of the same message.
* Including new randomness has the disadvantage of requiring state
for the RNG. However, lib25519 runs within an OS that in any case
maintains state and provides an RNG.
* Including new randomness also has the disadvantage of interfering
with the use of test vectors. This disadvantage does not apply to
lib25519: lib25519's test vectors already handle randomness.
lib25519 includes a few further steps that could be useful in stopping
fault attacks (for example, signature verification internally converts
invalid public keys to the key (...,26), which does not have a known
discrete logarithm), but in general lib25519 should be presumed
breakable by fault attacks.