AI Chat AI Image Generator AI Video Text to Speech

A "Final" Security Bug

04/03/2020
by   Quan Thoi Minh Nguyen, et al.
0

This article discusses a fixed critical security bug in Google Tink's Ed25519 Java implementation. The bug allows remote attackers to extract the private key with only two Ed25519 signatures. The vulnerability comes from the misunderstanding of what "final" in Java programming language means. The bug was discovered during security review before Google Tink was officially released. It reinforces the challenge in writing safe cryptographic code and the importance of the security review process even for the code written by professional cryptographers.

READ FULL TEXT

page 1

page 2

page 3

page 4

Related Research

research
03/16/2021

Identifying Bug Patterns in Quantum Programs

Bug patterns are erroneous code idioms or bad coding practices that have...
0 Pengzhan Zhao, et al.
research
12/15/2021

XCheck: a Simple, Effective and Extensible Bug Finder using micro-grammar

We propose a simple and effective bug finder, XCheck, which is a proof o...
0 Hanwen Zhu, et al.
research
12/19/2021

Early Detection of Security-Relevant Bug Reports using Machine Learning: How Far Are We?

Bug reports are common artefacts in software development. They serve as ...
0 Arthur D. Sawadogo, et al.
research
04/13/2021

Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

A good amount of effort has been dedicated to surveying and systematizin...
0 Aleksandar Kircanski, et al.
research
11/28/2019

Using Distributed Representation of Code for Bug Detection

Recent advances in neural modeling for bug detection have been very prom...
0 Jón Arnar Briem, et al.
research
01/21/2020

Information Leaks via Safari's Intelligent Tracking Prevention

Intelligent Tracking Prevention (ITP) is a privacy mechanism implemented...
0 Artur Janc, et al.
research
05/05/2022

The Race to the Vulnerable: Measuring the Log4j Shell Incident

The critical remote-code-execution (RCE) Log4Shell is a severe vulnerabi...
0 Raphael Hiesgen, et al.

Please sign up or login with your details

Forgot password? Click here to reset

Out of credits

Refill your membership to continue using DeepAI

Stripe
Paypal