- https://github.com/MystenLabs/ed25519-unsafe-libs/
- It’s 255:19AM. Do you know what your validation criteria are?
- Crypto Gotchas!
- Digital Signatures Do Not Guarantee Exclusive Ownership
Coze is narrowly concerned with substitution of the value of alg itself.
ASA is more general, where any component of the scheme is substituted for a malicious version. Most ASA work appears concerned with primitives/crypto libraries, not directly relevant to the work of Coze.
- ASAP: Algorithm Substitution Attacks on Cryptographic Protocols
- "forward secrecy and post-compromise security - imply the applicability of ASAs"
Search for more works: https://scholar.google.com/scholar?hl=en&as_sdt=0%2C6&as_vis=1&q=Algorithm+Substitution+attacks&btnG=
Appears kleptography oriented:
-
Self-Guarding Cryptographic Protocols against Algorithm Substitution Attacks
-
Algorithm Substitution Attacks: State Reset Detection and Asymmetric Modifications
-
Subvert KEM to Break DEM: Practical Algorithm-Substitution Attacks on Public-Key Encryption
(Not as relevant): Practical algorithm substitution attack on extractable signatures
https://safecurves.cr.yp.to/rigid.html (Be aware, the NIST p curves are not rigid)
Initial impact report about this week's EdDSA Double-PubKey Oracle attack in 40 affected crypto libs
- https://old.reddit.com/r/crypto/comments/vfl2se/initial_impact_report_about_this_weeks_eddsa
- Great historical summary of other Ed25519 design omissions/implementation variations.
Key Substitution Attacks on Lattice Signature Schemes Based on SIS Problem