EE Student Information

The Department of Electrical Engineering supports Black Lives Matter. Read more.

• • • • •

EE Student Information, Spring Quarter through Academic Year 2020-2021: FAQs and Updated EE Course List.

Updates will be posted on this page, as well as emailed to the EE student mail list.

Please see Stanford University Health Alerts for course and travel updates.

As always, use your best judgement and consider your own and others' well-being at all times.

Dan Boneh’s Hidden Number Problem helps solve Raccoon attack

image of Prof Dan Boneh
September 2020

Professor Dan Boneh's Hidden Number Problem helped academic researchers identify and resolve a vulnerability. Dan leads the Applied Cryptography Group.

The attack – known as Raccoon – affects TLS 1.2 and previous versions, which specify that any leading bytes beginning with zero in the premaster secret are stripped out. The premaster secret is the shared key used by the client and server to compute the subsequent TLS keys for each session.

"Since the resulting premaster secret is used as an input into the key derivation function, which is based on hash functions with different timing profiles, precise timing measurements may enable an attacker to construct an oracle from a TLS server. This oracle tells the attacker whether a computed premaster secret starts with zero or not," the description of the attack says.

"Based on the server timing behavior, the attacker can find values leading to premaster secrets starting with zero. In the end, this helps the attacker to construct a set of equations and use a solver for the Hidden Number Problem (HNP) to compute the original premaster secret established between the client and the server."

Excerpted from "Raccoon Attack can Compromise Some TLS Connections", by Dennis Fisher


In addition to leading the applied cryptography group, Dan co-directs the computer security lab. His research focuses on applications of cryptography to computer security. His work includes cryptosystems with novel properties, web security, security for mobile devices, and cryptanalysis.

Related News