The 2020 Pwnie Nominee For Best Cryptographic Attack

The Curious Case of WebCrypto Diffie-Hellman on Firefox – Small Subgroups Key Recovery Attack on Diffie-Hellman

Antonio Sanso

Mozilla Firefox prior to version 72 suffers from the Small Subgroups Key Recovery Attack on DH in the WebCrypto API. Firefox is the only browser to implement DH over finite fields in their WebCrypto API. The Firefox’s team fixed the issue removing completely support for DH over finite fields.

The Curious Case of WebCrypto Diffie-Hellman on Firefox – Small Subgroups Key Recovery Attack on Diffie-Hellman