 Please give a warm welcome to Alan. Thank you. Good afternoon. My name is Alan. I'm now working for Chiu 360 in Beijing. And today I'm so glad to be here to present a quick talk about critical graphic battle in OpenSL. And I'll show you how to build a battle in OpenSL. So before the presentation, I'd like to introduce ourselves briefly. The idea of this presentation was conceived by two people, Slay and me. And Slay is the main implementer of this idea. He's not only my colleague who is a keeper of mathematics, but also a viability hunter in the Intel CPU architecture, kernel and OpenSL. And now he has found about 10 OpenSL viability, including the SSL desktop alerts. And this is the picture of our team's office. It's cool. So we are about to let's look at the outline of this topic. In the first part, I'll introduce the cryptographic battle and something about the architecture of the OpenSL source code. In the second part, I'll show you how to build a new method of cryptographic battle in OpenSL. And then I'll show you two demos. In the first part, we think this type of battle can be used in supply chain attack scenarios. So firstly, as we all know, the most common example of a cryptographic battle is using weak random, such as the dual EC, DRBG, and surrender number generator. However, it's really to notice that there's another kind of battle, which is called the battle of mathematics. And security, are you really looking for viabilities in cryptographic implementation instead of paying more attention to machine battle? Maybe because fighting machine battle needs a high level mathematics skill. In fact, general developers do not have the same level of mathematics skills as the deniers of machine battle. So it is hard to detect the machine battle that is well-designed, well-designed and logical. And you know, OpenSL is the right step for future toolkit for TRS and SSL protocols. So let's do a little digging into the architecture of OpenSL source code. The OpenSL technology framework is mainly composed of three parts, BIO, EVP, and SSL. The source code is mainly encrypted, engine, SSL, three directories. And the application layer in the opposite directory. The most important things are crypt and SSL. The directory of crypt includes ASN1 code interface through the random number generator, engine mechanism, EVP-Cypher algorithm interface of a unified cryptographic algorithm, large number operation interface, private key information syntax, asymmetric cryptographic algorithm, and it's sort of... On the other hand, the directory of SSL is the implementation of SSL TRS protocol. And today I will build a bad dog in IC algorithm, because IC algorithm is quite clear. I first need stack two prime numbers P and Q and computing. And after that, we can get a public key and a private key. The second step is the encryption. We can get a self-attector C. And finally, after the decryption, we can get a planned text. So let's see a simple bad dog in IC algorithm. In the key generation algorithm of IC, it's easy to learn from separate security papers that the difference between two prime numbers in IC should not be too small. Otherwise, you will be unsafe. But this definition is too vague. In particular, general developers could hardly know how small it is will be insecure as well. How much insecure is there for a given difference? Therefore, we can think of the security as the reason of adding check patch to key generation factors. I say generate a key in the open SSL. And firstly, to give an unsafe prime time, normal is even possible to set the time complexity during which we can crack a private key as we wish. So let's see the yellow patch. In this patch, by limiting the range of generated prime difference, we can crack the private key as we in one of the time complexity. The picture is too small. And I will upload this example to the GitHub in a later. So let's look at another compacted example. Imagine that we can catch a faster prime generation algorithm in order to generate primers with special departure and the specific mathematical principle. Equally, we are able to control difficulty for cracking the private key through for generating primes that are not as strong as now, such as generating a prime number of a particular family, a prime time that generates a special range of difference. Even if the difference is large enough, indeed, the prime time doesn't seem to have any problem at all, but will be unsafe after certain transformation. So now it is our small conclusion. As far as I'm concerned, the problem comes from the lack of our understanding for the security principle of RSA afternoon. Its safety have not been proven mathematically yet. The question is, what kind of primes are safer and how to evaluate them? So when we have no come out with a straight, mathematically judgment for this situation, unless you see the demos, I will show two demos. In the first demo, I will show the mandatory inspection patch is added. So there are the difference between the two prime numbers output by the generator processing is the in-phase security boundary, which allows us to set time complexity to achieve a violating cracking. So first, we will generate a keypad, a public key. After that, we kill the private key, and then we will try to crack the private key version. Yeah, we can print the information of the public key and then we crack it. That is quite faster. So let's look at the second demo. In the second demo, it allows the generator processing to output the two primes that appear to be okay, but it will become insecure after some transformation. In our case, we can acquire one prime number P after 1,826 lines of transformation. Let's say as the last one, we generate a keypad. Yeah, we can crack here after transformation. Yeah, it's quite faster and easier if it can be controlled. So as I said, we think this kind of battle can be used in supply chain attack. Imagine that many of us may have used the public key generator in the SSL, in the SSL private key management, such as Excel. If the attacker, such as in attacking the compiler environment of a target software company, they can modify the generation algorithm of the keypad, which is harder to detect. So this is what the industry needs to reveal. Last term, as the job number set, the biggest problem with the network difference is that it defends the thinking, this attack thinking graphics, as long as this is true, attacks one. And last year, because it's a lot of attack methods related to cryptographic battles. So it's necessary for us to pay more attention to the source code security and the cryptographic security. And I also recorded to GitHub after this meeting. So thanks for your listening.