雙橢圓曲線確定性隨機位元生成器
雙橢圓曲線確定性隨機位元生成器(Dual Elliptic Curve Deterministic Random Bit Generator,Dual_EC_DRBG)[1] ,是一種使用橢圓曲線密碼學實現的密碼學安全偽亂數生成器(CSPRNG)。該演算法自2006年6月左右被公開,儘管受到了大量密碼學家們的批評,並被認為存在潛在的後門,但直到2017年被復原之前,Dual_EC_DRBG在七年的時間內都是NIST SP 800-90A定義的4個(現為3個)標準的CSPRNG之一。
參見
參考文獻
- ^ Recommendations for Random Number Generation Using Deterministic Random Bit Generators (Revised) (PDF). National Institute of Standards and Technology. January 2012 [2018-03-03]. NIST SP 800-90. (原始內容存檔 (PDF)於2013-10-09).
- ^ How the CIA used Crypto AG encryption devices to spy on countries for decades - Washington Post. www.washingtonpost.com. 2020-02-11 [2020-02-13]. (原始內容存檔於2020-02-11).
外部連結
- NIST SP 800-90A - Recommendation for Random Number Generation Using Deterministic Random Bit Generators(頁面存檔備份,存於互聯網檔案館)
- Dual EC DRBG(頁面存檔備份,存於互聯網檔案館) - Collection of Dual_EC_DRBG information, by Daniel J. Bernstein, Tanja Lange, and Ruben Niederhagen.
- On the Practical Exploitability of Dual EC in TLS Implementations(頁面存檔備份,存於互聯網檔案館) - Key research paper by Stephen Checkoway et al.
- The prevalence of kleptographic attacks on discrete-log based cryptosystems(頁面存檔備份,存於互聯網檔案館) - Adam L. Young, Moti Yung (1997)
- United States Patent Application Publication US 2007189527,Brown, Daniel R. L. & Vanstone, Scott A.,「Elliptic curve random number generation」 on the Dual_EC_DRBG backdoor, and ways to negate the backdoor.
- Comments on Dual-EC-DRBG/NIST SP 800-90, Draft December 2005 Kristian Gjøsteen's March 2006 paper concluding that Dual_EC_DRBG is predictable, and therefore insecure.
- A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator(頁面存檔備份,存於互聯網檔案館) Daniel R. L. Brown and Kristian Gjøsteen's 2007 security analysis of Dual_EC_DRBG. Though at least Brown was aware of the backdoor (from his 2005 patent), the backdoor is not explicitly mentioned. Use of non-backdoored constants and a greater output bit truncation than Dual_EC_DRBG specifies are assumed.
- On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng(頁面存檔備份,存於互聯網檔案館) Dan Shumow and Niels Ferguson's presentation, which made the potential backdoor widely known.
- The Many Flaws of Dual_EC_DRBG(頁面存檔備份,存於互聯網檔案館) - Matthew Green's simplified explanation of how and why the backdoor works.
- A few more notes on NSA random number generators(頁面存檔備份,存於互聯網檔案館) - Matthew Green
- Sorry, RSA, I'm just not buying it(頁面存檔備份,存於互聯網檔案館) - Summary and timeline of Dual_EC_DRBG and public knowledge.
- [//web.archive.org/web/20160818132539/http://www.ietf.org/mail-archive/web/cfrg/current/msg03651.html 頁面存檔備份,存於互聯網檔案館) [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]] A December 2013 email by Daniel R. L. Brown defending Dual_EC_DRBG and the standard process.