On the Practical Exploitability of Dual EC in TLS Implementations.
Stephen CheckowayRuben NiederhagenAdam EverspaughMatthew GreenTanja LangeThomas RistenpartDaniel J. BernsteinJake MaskiewiczHovav ShachamMatthew FredriksonPublished in: USENIX Security Symposium (2014)