A Study of Cryptographic Backdoors in Cryptographic Primitives

  title={A Study of Cryptographic Backdoors in Cryptographic Primitives},
  author={Chuck Easttom},
  journal={Electrical Engineering (ICEE), Iranian Conference on},
  • Chuck Easttom
  • Published 8 May 2018
  • Computer Science, Mathematics
  • Electrical Engineering (ICEE), Iranian Conference on
Since the revelations of Edward Snowden in 2013, the topic of cryptographic backdoors has been popular in both cyber security and popular culture. However, such backdoors were well known in the cryptology community well before 2013. There are a variety of mechanisms for modifying cryptographic primitives so that the resultant modified algorithm is more easily compromised, but the change in the algorithm is not immediately obvious. This paper provides a review of several modifications to… 

Figures from this paper

Attacks and Defenses for Single-Stage Residue Number System PRNGs
A conditional entropy analysis is developed and demonstrated that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters in problems where the multiplicative RNS characteristic is too large to obtain aPriori state transitions.
Achieving a Covert Channel over an Open Blockchain Network
Kleptography technology is used to design a blockchain covert data transmission scheme to achieve high-concealment and high-performance data transmission under open network conditions and is practically applied to many popular blockchain systems.
Cryptographic Backdoors


Controlled Randomness - A Defense Against Backdoors in Cryptographic Devices
The black box random number generators enable creating backdoors, so effectively the signing keys may be stolen, authentication protocol can be broken enabling impersonation, confidentiality of encrypted communication is not guaranteed anymore.
A Formal Treatment of Backdoored Pseudorandom Generators
We provide a formal treatment of backdoored pseudorandom generators (PRGs). Here a saboteur chooses a PRG instance for which she knows a trapdoor that allows prediction of future (and possibly past)
Mathematical Backdoors in Symmetric Encryption Systems - Proposal for a Backdoored AES-like Block Cipher
This paper presents BEA-1, a block cipher algorithm which is similar to the AES and which contains a mathematical backdoor enabling an operational and effective cryptanalysis, and presents a challenge to assess whether the backdoor is easily detectable and exploitable or not.
How to Backdoor Diffie-Hellman
  • David Wong
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2016
Two ways of building a Nobody-But-Us (NOBUS) Diffie-Hellman backdoor are presented: a composite modulus with a hidden subgroup (CMHS) and a composite model with a smooth order (CMSO) that can be implemented and exploited in a local copy of an open source library using the TLS protocol.
Malicious Keccak
  • P. Morawiecki
  • Mathematics, Computer Science
    IACR Cryptol. ePrint Arch.
  • 2015
This paper proposes a malicious variant of the Keccak function, where new round constants are introduced, and shows that for such the variant, collision and preimage attacks are possible.
Malicious Cryptography: Kleptographic Aspects
In this paper the power of kleptography is demonstrated by illustrating a carefully designed attack against RSA key generation by designing a set of attacks that employ cryptography itself against cryptographic systems in such a way that the attack possesses unique properties.
Indiscreet Logs: Persistent Diffie-Hellman Backdoors in TLS
The potential for TLS backdoors is systematic and will persist until either until better parameter hygiene is taken up by the community, or finite field based cryptography is eliminated altogether.
Malicious Hashing: Eve's Variant of SHA-1
This proof-of-concept demonstrates the exploitability of custom SHA-1 versions for malicious purposes, such as the injection of user surveillance features, and proposes definitions of malicious hash functions and of associated security notions.
Backdoors in Pseudorandom Number Generators: Possibility and Impossibility Results
This paper revisits the backdoored PRG setting of Dodis et al., and gives efficient constructions of BPRGs for which, given a single generator output, Big Brother can recover the initial state and, therefore, all outputs of the BPRG.
New Pseudorandom Number Generators from Block Ciphers
This paper proposes two classes of new pseudorandom number generators from block ciphers, called HTR and HBC, which are provably secure in the PRG-CIA (pseudorandom generator against chosen-input-attacks) sense, and test the randomness of output sequences by an integrated software package provided by NIST.