Profile picture
Sean Devlin @spdevlin
, 21 tweets, 7 min read Read on Twitter
I’m in
Let me be more specific: I'm willing to prepare two artisanally-crafted crypto challenges for the low price of $10,000 (each) donated to the Great Slate. That's $20k total. secure.actblue.com/donate/great_s…
These problems will focus on some joint work I did with @FiloSottile: events.ccc.de/congress/2017/…. It's a really cool (in my opinion) exploit of a carry bug in Golang's P256 implementation.
The first problem will be a simplified version of the attack: we'll implement a buggy ECC scalar multiplication routine, fuzz it offline, and send crafted queries to recover the private key from a static ECDH server.
The second problem will add in all the bells and whistles from the real implementation and attack: windowed multiplication, booth encoding, an improved method for finding the first limb, and finishing the key recovery with Pollard's kangaroo.
Again: two problems, $10k each. Donate to the Great Slate today!

secure.actblue.com/donate/great_s…
And when you do donate, tweet me a screenshot of your receipt!
$9k to go for the first problem thanks to a very generous donation by @reaperhulk!
$8.75k to go for the first problem! Thanks @astrange_e!
$7.75k to go! Thanks @paulsmith!
Wow! Incredible generosity from @dguido! The first problem is fully paid for! Now let’s get another $10k to unlock the second one!
Another generous donation, this time from @analogist_net! Thanks! $9880 left to commission the second challenge!
After another generous donation from @irons we’re down to uhhh $6683.01 to go on the second problem? I think.
$792 from @EthanIsMumbling brings us to $5891.01 left! Thanks Ethan!
$75 from @jpterracina! Thanks! $5816.01 left for the second challenge!
I'm reviving this thread with a SPECIAL OFFER! Donate to Greg Edwards NOW to unlock this second crypto challenge. We were sitting at around $5800 when we left off, but let's round down and call it an even $5000.

All donations to the Great Slate are appreciated, but only donations to Greg Edwards can unlock this challenge!
For those just joining us: the first challenge (already unlocked, writing it now) is a simple exploit of a software fault in an ECDH implementation.
The second challenge is the real-world version of the attack based on an ACTUAL bug in Golang's P-256 implementation! Joint work with @FiloSottile, who explains it here: media.ccc.de/v/34c3-9021-sq…
This one has all the bells and whistles: windowed multiplication, Booth encoding, a fun method for finding the first limb, and finishing the attack with Pollard's kangaroo!
Act now! The second challenge can ONLY be unlocked by your donations to Greg Edwards! Once again, $5000 is the number we need to hit!
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Sean Devlin
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!