log in

Thread 'Could this project be used to expose Diffie-Hellman groups that are booby trapped?'

Message boards : NFS Discussion : Could this project be used to expose Diffie-Hellman groups that are booby trapped?
Message board moderation

To post messages, you must log in.

AuthorMessage
Jesse Viviano

Send message
Joined: 1 Jan 15
Posts: 18
Credit: 10,902,664
RAC: 0
Message 1714 - Posted: 13 Oct 2016, 21:18:29 UTC

Please see http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/ and http://eprint.iacr.org/2016/961 for a background. I do not understand the math behind the research paper that I cited with the second link, but I noticed that the paper mentions the terms GNFS and SNFS, which I have seen that this project executes. Could someone who understands the math better see if this project could be used to expose bad Diffie-Hellman groups to see if they are secret back doors? See https://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml#ipsec-registry-10 and https://www.iana.org/assignments/ikev2-parameters/ikev2-parameters.xhtml#ikev2-parameters-8 for lists of Diffie-Hellman and other groups used in IPsec, IKE, and other standards. The research paper mentions standard numbers generated by various government standards bodies as possibly suspect. If one or more of these numbers are proven to be back doors, you could possibly contact the Internet Research Task Force's Crypto Forum Research Group's mailing list at https://www.irtf.org/mailman/listinfo/cfrg to let it know of your results so that future standards can prohibit the use of groups that are back doors.
ID: 1714 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jesse Viviano

Send message
Joined: 1 Jan 15
Posts: 18
Credit: 10,902,664
RAC: 0
Message 1718 - Posted: 16 Oct 2016, 17:37:10 UTC

Another mailing list to discuss Diffie-Hellman groups is at https://www.ietf.org/mailman/listinfo/saag. I had mistakenly omitted it in my earlier post.
ID: 1718 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
jasonp

Send message
Joined: 5 Nov 13
Posts: 10
Credit: 368,336
RAC: 0
Message 1719 - Posted: 19 Oct 2016, 0:09:16 UTC

The booby trap requires a discrete logarithm computation and not a big factorization. The only software that's publicly available and has any hope of performing a really big discrete log job is CADO-NFS, which NFS@Home does not use.
ID: 1719 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote
Jesse Viviano

Send message
Joined: 1 Jan 15
Posts: 18
Credit: 10,902,664
RAC: 0
Message 1720 - Posted: 25 Oct 2016, 17:53:53 UTC - in response to Message 1719.  

Thank you for this information. I guess that this could be a good idea for the future to kill off any possible kleptography which is basically backdoored cryptography.
ID: 1720 · Rating: 0 · rate: Rate + / Rate - Report as offensive     Reply Quote

Message boards : NFS Discussion : Could this project be used to expose Diffie-Hellman groups that are booby trapped?


Home | My Account | Message Boards