Could this project be used to expose Diffie-Hellman groups that are booby trapped?
Message boards :
NFS Discussion :
Could this project be used to expose Diffie-Hellman groups that are booby trapped?
Message board moderation
Author | Message |
---|---|
Send message Joined: 1 Jan 15 Posts: 18 Credit: 10,902,664 RAC: 0 |
Please see http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/ and http://eprint.iacr.org/2016/961 for a background. I do not understand the math behind the research paper that I cited with the second link, but I noticed that the paper mentions the terms GNFS and SNFS, which I have seen that this project executes. Could someone who understands the math better see if this project could be used to expose bad Diffie-Hellman groups to see if they are secret back doors? See https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-10 and https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8 for lists of Diffie-Hellman and other groups used in IPsec, IKE, and other standards. The research paper mentions standard numbers generated by various government standards bodies as possibly suspect. If one or more of these numbers are proven to be back doors, you could possibly contact the Internet Research Task Force's Crypto Forum Research Group's mailing list at https://www.irtf.org/mailman/listinfo/cfrg to let it know of your results so that future standards can prohibit the use of groups that are back doors. |
Send message Joined: 1 Jan 15 Posts: 18 Credit: 10,902,664 RAC: 0 |
Another mailing list to discuss Diffie-Hellman groups is at https://www.ietf.org/mailman/listinfo/saag. I had mistakenly omitted it in my earlier post. |
Send message Joined: 5 Nov 13 Posts: 10 Credit: 368,336 RAC: 0 |
The booby trap requires a discrete logarithm computation and not a big factorization. The only software that's publicly available and has any hope of performing a really big discrete log job is CADO-NFS, which NFS@Home does not use. |
Send message Joined: 1 Jan 15 Posts: 18 Credit: 10,902,664 RAC: 0 |
Thank you for this information. I guess that this could be a good idea for the future to kill off any possible kleptography which is basically backdoored cryptography. |