BigNums, BigNums, BigNums

Brian A. LaMacchiaDirector, Security & CryptographyMicrosoft Research Technologies

Announcing the v1.2 release of the MSR JavaScript Cryptography Library

• MSR’s implementation of Web Cryptography API– Written in JavaScript, so polyfill-ready– Supports several browsers (tested with Chrome, Firefox, Safari and IE

8,9,10,11)– http://research.microsoft.com/projects/msrjscrypto/

• Now released under Apache 2.0 license• New in v1.2:

– Added support for wrapKey and unwrapKey– Bug fixes

Comments, questions, feedback, bug reports? Please send to msrsc@microsoft.com.

Why WebCrypto needs BigNums

• There are important use cases that need raw BigNum access (both finite field and ECC operations). Examples include:

• Anonymous credentials (e.g U-Prove)– Our U-Prove JS client library builds on the MSR JSCL to implement

blinded signatures• Anonymous voting schemes • New elliptic curves and associated curve arithmetic• Performant implementations of new algorithms

– Alternative signature schemes (e.g. Schnorr)– Bilinear pairing– Anyone who wants to implement a new algorithm without patching

the underlying platform

Why BigNums belong in WebCrypto

• “This should go to ECMAScript…”• No, WebCrypto is the right place for BigNums:

– Not all JavaScript clients will implement WebCrypto, so they won’t all have finite field and ECC operations

– But all WebCrypto implementations will have these functions in native (if they implement any useful set of algorithms…)

– BigNum math (including both finite field and ECC curve arithmetic) are fundamental building blocks for all the asymmetric algorithms currently defined in the Web Cryptography API specification

• Polyfills are possible (MSR JSCL being a prime example) but for the best performance you want access to the platform’s native implementation of these fundamental math operations.

Questions?