120 likes | 297 Views
Cryptographic Backdoors: Breaking the RSA. Adhokshaj Mishra http://adhokshajmishraonline.in. Who am I?. A hobbyist C, C++, assembly programmer Independent Security Researcher with primary interest in cryptography, virology, crypto-virology, kleptography and mutation.
E N D
Cryptographic Backdoors:Breaking the RSA AdhokshajMishra http://adhokshajmishraonline.in
Who am I? • A hobbyist C, C++, assembly programmer • Independent Security Researcher with primary interest in cryptography, virology, crypto-virology, kleptography and mutation. • Facebook: AdhokshajMishra • Twitter: @adhokshajmishra • Blog: http://adhokshajmishraonline.in
Topics To Be Covered • RSA Revisited • A Trivial RSA Backdoor • Significance of PRNG Based Backdoors • Backdoored PRNG for RSA • Why AES + CTR? • Proof of Correctness • Proof of Concept (DEMO)
RSA Revisited • Prime numbers: p, q • N = p x q • Phi = (p-1) x (q-1) • e: 1 < e < Phi, gcd(e, Phi) = 1 • d: (d x e) mod Phi = 1 • Public Key: (N, e) • Private Key: (N, d)
A Trivial RSA Backdoor • RSA requires two randomly chosen prime numbers. • Keep one of them fixed for all keys :D • GCD (N1, N2) = p constant • Easily detectable and no forward secrecy
Why PRNG? • Sweet and safe spot for backdoors • Backdoors become very hard to detect • They don’t raise eyebrows when in use
PRNG Backdoor • Each PRNG instance contains set of parameters unique to itself. • Seed is the only input that changes with time. • Only seed is relayed to the attacker.
Common Uses • PRNG is used in a lot of crypto algorithms. Backdoor the PRNG and all of them are screwed • Air-force fighter jets and Navy ships use Zero Knowledge Proofs. ZKP itself works on PRNG • PRNG backdoor can render SSL useless. Whole traffic can be recorded in plaintext, and even worse, it can be modified while in progress.