This is the second of two sets we generated after the original 6.
This set focuses on abstract algebra, including DH, GCM, and (most importantly) elliptic curve cryptography. Fair warning - it's really tough! There's a ton of content here, and it's more demanding than anything we've released so far. By the time you're done, you will have written an ad hoc, informally-specified, bug-ridden, slow implementation of one percent of SageMath.
- Diffie-Hellman Revisited: Small Subgroup Confinement
- Pollard's Method for Catching Kangaroos
- Elliptic Curve Diffie-Hellman and Invalid-Curve Attacks
- Single-Coordinate Ladders and Insecure Twists
- Duplicate-Signature Key Selection in ECDSA (and RSA)
- Key-Recovery Attacks on ECDSA with Biased Nonces
- Key-Recovery Attacks on GCM with Repeated Nonces
- Key-Recovery Attacks on GCM with a Truncated MAC
- Truncated-MAC GCM Revisited: Improving the Key-Recovery Attack via Ciphertext Length Extension
- Exploiting Implementation Errors in Diffie-Hellman