, HTTPS Top Million w/ active downgrade, vol.45

, HTTPS Top Million

, 8%) 3,410,000 (23.8%) HTTPS Trusted 1,000 (0.0%), HTTPS Trusted w/ active downgrade 489,000 (3.4%) 556,000 (3.9%) 1, vol.840, p.0

, We used Internet-wide scanning to estimate the number of real-world servers for which typical connections could be compromised by attackers with various levels of computational resources. For HTTPS, we provide figures with and without downgrade attacks on the chosen ciphersuite. All others are passive attacks. 19. The CADO-NFS Development Team. CADO-NFS, an implementation of the number field sieve algorithm, p.2017

E. Thomé, Subquadratic computation of vector generating polynomials and improvement of the block Wiedemann algorithm, J. Symbolic Comput, vol.33, pp.757-775, 2002.

, Fielded capability: End-to-end VPN SPIN 9 design review. Media

, Intro to the VPN exploitation process. Media leak, 2010.

, SPIN 15 VPN story

T. Vpn-processing-;-beurdouche, B. Bhargavan, K. Delignat-lavaud, A. Fournet, C. Kohlweiss et al., A messy state of the union: Taming the composite state machines of TLS, IEEE Symposium on Security and Privacy, 2009.

C. Bouvier, P. Gaudry, L. Imbert, H. Jeljeli, and E. Thomé, New record for discrete logarithm in a prime finite field of 180 decimal digits, 2014.

R. Canetti and H. Krawczyk, Security analysis of IKE's signature-based key-exchange protocol, Crypto, 2002.

D. Coppersmith, Solving linear equations over GF(2) via block Wiedemann algorithm, Math. Comp, vol.62, p.205, 1994.
DOI : 10.2307/2153413

W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Trans. Inform. Theory, vol.22, pp.644-654, 1976.
DOI : 10.1109/tit.1976.1055638

Z. Durumeric, E. Wustrow, and J. A. Halderman, ZMap: Fast Internet-wide scanning and its security applications, Usenix Security, 2013.

W. Geiselmann, H. Kopfer, R. Steinwandt, and E. Tromer, Improved routing-based linear algebra for the number field sieve, Information Technology: Coding and Computing, 2005.
DOI : 10.1109/itcc.2005.173

URL : http://www.wisdom.weizmann.ac.il/~tromer/papers/lawrap.pdf

W. Geiselmann and R. Steinwandt, Non-wafer-scale sieving hardware for the NFS: Another attempt to cope with 1024-bit, Eurocrypt, 2007.

D. M. Gordon, Discrete logarithms in GF(p) using the number field sieve

S. J. , Discrete Math, vol.6, p.1, 1993.

D. Harkins and D. Carrel, The Internet key exchange (IKE). RFC 2409, 1998.

A. Joux and R. Lercier, Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the Gaussian integer method, Math. Comp, vol.72, pp.953-967, 2003.
URL : https://hal.archives-ouvertes.fr/hal-01102016

T. Kleinjung, K. Aoki, J. Franke, A. K. Lenstra, E. Thomé et al., Factorization of a 768-bit RSA modulus, Crypto, 2010.
URL : https://hal.archives-ouvertes.fr/inria-00444693

T. Kleinjung, C. Diem, A. K. Lenstra, C. Priplata, and C. Stahlke, Computation of a 768-bit prime field discrete logarithm, 2017.

M. Lipacis, Semiconductors: Moore stress = structural industry shift, 2012.

C. Meadows, Analysis of the Internet key exchange protocol using the NRL protocol analyzer, IEEE Symposium on Security and Privacy, 1999.

H. Orman, The Oakley key determination protocol. RFC 2412, 1998.

O. Schirokauer, Virtual logarithms, J. Algorithms, vol.57, pp.140-147, 2005.