Land Mines, Dragons and Dinosaurs with Laser Guns

Cofactors in Prime Groups

Preface

In the Python Cryptography library, the module which contains most of the functions is given the name of “Hazmat”, which is short for “Hazardous Materials”. For this, it is defined that:

You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

The warning is highly significant, and proper cryptography is often a difficult subject which needs a good deal of experience in both theory and practice. And, so, I spend a good deal of time in the guts of programs and finding problems which weaken the system. Just last week, I said to a developer, “Did you know I can add a point to your signature and still produce a valid signature?” “Sorry, what?” I then showed how I could easily octal-spend on a transaction and produce another seven valid Ed25519 signatures from a single valid one.

So what’s the problem? Well, in a highly secure environment, developers need to fully understand the methods they are using and in the same way that a bridge architecture needs to understand the law of mechanics.

So, let’s dive into the wonderful Curve 25519 and find out its weaknesses.