cryptographic backdoors: breaking the rsa

CRYPTOGRAPHIC BACKDOORS:BREAKING THE RSA

Adhokshaj Mishra

http://adhokshajmishraonline.in

WHO AM I?

A hobbyist C, C++, assembly programmer Independent Security Researcher with

primary interest in cryptography, virology, crypto-virology, kleptography and mutation.

Facebook: AdhokshajMishra Twitter: @adhokshajmishra Blog: http://adhokshajmishraonline.in

TOPICS TO BE COVERED

RSA Revisited A Trivial RSA Backdoor Significance of PRNG Based Backdoors Backdoored PRNG for RSA Why AES + CTR? Proof of Correctness Proof of Concept (DEMO)

RSA REVISITED

Prime numbers: p, q N = p x q Phi = (p-1) x (q-1) e: 1 < e < Phi, gcd(e, Phi) = 1 d: (d x e) mod Phi = 1 Public Key: (N, e) Private Key: (N, d)

A TRIVIAL RSA BACKDOOR

RSA requires two randomly chosen prime numbers.

Keep one of them fixed for all keys :D GCD (N1, N2) = p constant Easily detectable and no forward secrecy

IMPROVING THE ATTACK:PRNG BASED BACKDOOR

WHY PRNG?

Sweet and safe spot for backdoors Backdoors become very hard to detect They don’t raise eyebrows when in use

PRNG BACKDOOR

Each PRNG instance contains set of parameters unique to itself.

Seed is the only input that changes with time.

Only seed is relayed to the attacker.

PRNG BACKDOOR DEMYSTIFIED

COMMON USES

PRNG is used in a lot of crypto algorithms. Backdoor the PRNG and all of them are screwed

Air-force fighter jets and Navy ships use Zero Knowledge Proofs. ZKP itself works on PRNG

PRNG backdoor can render SSL useless. Whole traffic can be recorded in plaintext, and even worse, it can be modified while in progress.

GOT ANY QUESTIONS?

THANK YOU