Communications of the ACM
Suspect Nist Crypto Standard Long Thought to Have a Back Door
The Dual Elliptic Curve Deterministic Random Bit Generation standard for elliptic curve cryptography has long been suspected of having a back door.
Credit: Thinkstock
The U.S. National Institute of Standards and Technology is strongly advising against using the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) standard for elliptic curve cryptography.
Adopted in 2006, Dual_EC_DRBG was long suspected by cryptographers to have a back door, but The New York Times recently reported that the U.S. National Security Agency installed a back door during the standard's development.
In 2006, ProPublica reported researchers in the Netherlands published a paper saying the algorithm was insecure and could be hacked from an ordinary PC. The following year, cryptographer Bruce Schneier wrote about the algorithm's slow speed and small bias in generating random numbers, favoring some numbers over others, making them more predictable. He also pointed to a paper by Dan Shumow and Niels Ferguson presented at the CRYPTO 2007 conference showing a secret set of numbers linked to the numbers used to generate the elliptical curve, and noting that the algorithm could be exploited if someone knew the second set of numbers.
Such issues, coupled with Dual_EC_DRBG's slow speed, would appear to make it unlikely to be used very often.
From Government Computer News
View Full Article
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found