Enhancing WebCrypto with BigNums for Advanced Cryptography

1. BigNums, BigNums, BigNums Brian A. LaMacchiaDirector, Security & CryptographyMicrosoft Research Technologies

2. Announcing the v1.2 release of the MSR JavaScript Cryptography Library • MSR’s implementation of Web Cryptography API • Written in JavaScript, so polyfill-ready • Supports several browsers (tested with Chrome, Firefox, Safari and IE 8,9,10,11) • http://research.microsoft.com/projects/msrjscrypto/ • Now released under Apache 2.0 license • New in v1.2: • Added support for wrapKey and unwrapKey • Bug fixes Comments, questions, feedback, bug reports? Please send to msrsc@microsoft.com.

3. Why WebCrypto needs BigNums • There are important use cases that need raw BigNum access (both finite field and ECC operations). Examples include: • Anonymous credentials (e.g U-Prove) • Our U-Prove JS client library builds on the MSR JSCL to implement blinded signatures • Anonymous voting schemes • New elliptic curves and associated curve arithmetic • Performant implementations of new algorithms • Alternative signature schemes (e.g. Schnorr) • Bilinear pairing • Anyone who wants to implement a new algorithm without patching the underlying platform

4. Why BigNums belong in WebCrypto • “This should go to ECMAScript…” • No, WebCrypto is the right place for BigNums: • Not all JavaScript clients will implement WebCrypto, so they won’t all have finite field and ECC operations • But all WebCrypto implementations will have these functions in native (if they implement any useful set of algorithms…) • BigNum math (including both finite field and ECC curve arithmetic) are fundamental building blocks for all the asymmetric algorithms currently defined in the Web Cryptography API specification • Polyfills are possible (MSR JSCL being a prime example) but for the best performance you want access to the platform’s native implementation of these fundamental math operations.

5. Questions?