GMP as a entry point for an attacker

Christian Folini christian.folini at netnea.com
Tue May 26 12:47:53 UTC 2020


Dear all,

I'm new to this list and I subscribed, because I have a conceptual
question, where I hope you can give me some guidance.

For the last few months, I have been working on a high security project
where math / cryptography plays a key role. It's a long term project
and we're doing a lot of threat modeling.

We have been discussing diversity / alternative implementations of
redundant systems to push security even higher. However, while we can
reimplement the protocol in question with a different programming
language, run the 2nd implementation on a different OS, etc. we have a
hard time to see an alternative to your GMP library. SSL is already
challenging, but with GMP, it's really tough. The maturity of your
library and the quality of the maintenance (based on my impression
after browsing your archives) are clearly valuable assets. But let's
say an imaginary attacker with the necessary means and know how tries
to exploit GMP in order to break our system. It may sound like a movie
plot, but we are serious about mitigating this and many other scenarios.

Question 1: What is your take on this single point of failure idea?
Are our project members to focused to see the alternatives?

Question 2: If we accept GMP as the single point of failure, we could
still make it more difficult for an attacker. Would using a different
2nd processor architecture or a different OS lead to a substantially
different part of GMP being used? If yes, what is substantial by
your estimation? Or is this a futile exercise and we should just
stick to what we got and use standard CPU?

Thanks in advance for your consideration and thank you for your good
work on this project.

Christian Folini

-- 
The Universe is made of stories, not of atoms.
-- Muriel Rukeyser


More information about the gmp-discuss mailing list