Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fluffytail.org/objects/311f57cb-f4f5-41b5-a4f4-730fe160fe7e">Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 07:48:23 JST</a><a href="https://fluffytail.org/users/phnt" title="phnt@fluffytail.org"><img src="https://gnusocial.jp/avatar/158739-48-20230808204705.webp" width="48" height="48" alt="Phantasm" style="position: absolute; left: 0; top: 0;">Phantasm</a><div><a href="https://new.asbestos.cafe/objects/1ca4f44b-2fd6-45ca-91ca-acf80e4a89bf" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><a href="https://new.asbestos.cafe/users/meso">@meso</a> It's basically as you've said. Instead of a prime factor, there was a chance that the points P and Q for the curve chosen by the NSA had a secret relation with a number that only the NSA knew. And with that knowledge it was trivially simple to go back through the random bits and get into the state of the generator which would compromise all future random bits.<br><br>Instead of a prime factor, it was a simple number (d) with which you would multiply Q and it would give you P. (dQ = P). The reason why this simple fact compromises the whole algorithm is somewhat complex, but Computerphile also made a video about that called the Elliptic Curve Back Door.<br><br><a href="https://www.youtube.com/watch?v=nybVFJVXbww">https://www.youtube.com/watch?v=nybVFJVXbww</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4667964#notice-9139664">In conversation</a><time datetime="2025-03-04T07:48:23+09:00" title="Tuesday, 04-Mar-2025 07:48:23 JST">about 6 days ago</time> <span>from <span><a href="https://fluffytail.org/objects/311f57cb-f4f5-41b5-a4f4-730fe160fe7e" rel="external" title="Sent from fluffytail.org via ActivityPub">fluffytail.org</a></span></span><a href="https://fluffytail.org/objects/311f57cb-f4f5-41b5-a4f4-730fe160fe7e">permalink</a><h4>Attachments</h4><ol><li><article><header><img height="128" width="128" src="https://gnusocial.jp/thumbnail/4236790?w=128&amp;h=128"><h5><a href="https://www.youtube.com/watch?v=nybVFJVXbww">Elliptic Curve Back Door - Computerphile</a></h5><div> from <span>Computerphile</span></div></header><div>The back door that may not be a back door... The suspicion about Dual_EC_DRBG - The Dual Elliptic Curve Deterministic Random Bit Generator - with Dr Mike Pou...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 07:48:23 JSTPhantasm
in reply to
- meso
@meso It's basically as you've said. Instead of a prime factor, there was a chance that the points P and Q for the curve chosen by the NSA had a secret relation with a number that only the NSA knew. And with that knowledge it was trivially simple to go back through the random bits and get into the state of the generator which would compromise all future random bits.

Instead of a prime factor, it was a simple number (d) with which you would multiply Q and it would give you P. (dQ = P). The reason why this simple fact compromises the whole algorithm is somewhat complex, but Computerphile also made a video about that called the Elliptic Curve Back Door.

https://www.youtube.com/watch?v=nybVFJVXbww
In conversationabout 6 days ago from fluffytail.orgpermalink
Attachments
1. Elliptic Curve Back Door - Computerphile
  from Computerphile
  The back door that may not be a back door... The suspicion about Dual_EC_DRBG - The Dual Elliptic Curve Deterministic Random Bit Generator - with Dr Mike Pou...

Public

Embed Notice

HTML Code

Corresponding Notice