Skip to main content

The Dark Side of “Black-Box” Cryptography or: Should We Trust Capstone?

Part of the Lecture Notes in Computer Science book series (LNCS,volume 1109)


The use of cryptographic devices as “black boxes”, namely trusting their internal designs, has been suggested and in fact Capstone technology is offered as a next generation hardware-protected escrow encryption technology. Software cryptographic servers and programs are being offered as well, for use as library functions, as cryptography gets more and more prevalent in computing environments. The question we address in this paper is how the usage of cryptography as a black box exposes users to various threats and attacks that are undetectable in a black-box environment. We present the SETUP (Secretly Embedded Trapdoor with Universal Protection) mechanism, which can be embedded in a cryptographic black-box device. It enables an attacker (the manufacturer) to get the user’s secret (from some stage of the output process of the device) in an unnoticeable fashion, yet protects against attacks by others and against reverse engineering (thus, maintaining the relative advantage of the actual attacker). We also show how the SETUP can, in fact, be employed for the design of “auto-escrowing key” systems. We present embeddings of SETUPs in RSA, El-Gamal, DSA, and private key systems (Kerberos). We implemented an RSA key-generation based SETUP that performs favorably when compared to PGP, a readily available RSA implementation. We also relate message-based SETUPs and subliminal channel attacks. Finally, we reflect on the potential implications of “trust management” in the context of the design and production of cryptosystems.

Key words

  • Cryptanalytic attacks
  • hardware
  • software
  • RSA
  • DSA
  • ElGamal
  • Kerberos
  • Private key
  • Public Key
  • applied systems
  • design and manufacturing of cryptographic devices and software
  • Capstone
  • key escrow
  • auto-escrowing keys
  • subliminal channels
  • randomness
  • pseudorandomness


  1. W. Alexi, B. Chor, O. Goldreich and C. Schnorr. RSA and Rabin Functions: Certain Parts are as Hard as the Whole. In SIAM Journal of Computing, volume 17, n. 2, pages 194–209, April 1988.

    MATH  CrossRef  MathSciNet  Google Scholar 

  2. G. E. Andrews, “Number Theory,” page 100, 1971. Dover Publications Inc.

    Google Scholar 

  3. E. Bach. How To Generate Factored Random Numbers. In SIAM Journal of Computing, volume 17, n. 2, April 1988.

    Google Scholar 

  4. M. Blaze, J. Feigenbaum and F.T. Leighton. Masterkey Cryptosystems, CRYPTO 95 Rump session, Aug. 1995.

    Google Scholar 

  5. Yvo Desmedt. Abuses in Cryptography and How to Fight Them. In Advances in Cryptology—CRYPTO’ 88, pages 375–389, Berlin, 1990. Springer-Verlag.

    Google Scholar 

  6. W. Diffie, Personal Communication.

    Google Scholar 

  7. Proposed Federal Information Processing Standard for Digital Signature Standard (DSS). In volume 56, n. 169 of Federal Register, pages 42980–42982, 1991.

    Google Scholar 

  8. T. ElGamal. A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. In Advances in Cryptology—CRYPTO’ 84, pages 10–18, Berlin, 1985. Springer-Verlag.

    Google Scholar 

  9. Matthew B. Hastings, private communication.

    Google Scholar 

  10. J. Killian and F. T. Leighton. Fair Cryptosystems Revisited. In Advances in Cryptology—CRYPTO’ 95, pages 208–221, Berlin, 1995. Springer-Verlag.

    Google Scholar 

  11. J. Lacy, D. Mitchell, W. Schell. CryptoLib: Cryptography in Software. AT&T Bell Laboratories, section 2.2.1.

    Google Scholar 

  12. D. Mitchell, M. Blaze. truerand.c, AT&T Laboratories, 1995.

    Google Scholar 

  13. B. C. Neuman, T. Ts’o. Kerberos: An Authentication Service for Computer Networks. In IEEE Communications Magazine, pages 33–38, Sept. 1994.

    Google Scholar 

  14. M. Rabin. A Public-key and Signature Scheme as Secure as Factoring, MIT Tech. Report, 1978.

    Google Scholar 

  15. R. Rivest, A. Shamir, L. Adleman. A method for obtaining Digital Signatures and Public-Key Cryptosystems. In Communications of the ACM, volume 21, n. 2, pages 120–126, 1978.

    MATH  CrossRef  MathSciNet  Google Scholar 

  16. G. J. Simmons. The Subliminal Channel and Digital Signatures. In Advances in Cryptology—EUROCRYPT’ 84, pages 51–57, Berlin, 1985. Springer-Verlag.

    Google Scholar 

  17. G. J. Simmons. Subliminal Channels: Past and Present. In European Trans. on Telecommunication, 5(4), 1994, PAGES 459–473.

    CrossRef  Google Scholar 

  18. K. Thompson. Reflections on Trusting Trust. In Communications of the ACM, volume 27, n. 8, August 1984.

    Google Scholar 

  19. D. Wheeler, R. Needham. Tiny Encryption Algorithm (TEA). In Fast Software Encryption: second international workshop, volume 1008 of Lecture Notes in computer science, Dec. 1994. Springer.

    Google Scholar 

  20. Phil Zimmerman. PGP User’s Guide, 4 Dec. 1992.

    Google Scholar 

Download references

Author information

Authors and Affiliations


Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 1996 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Young, A., Yung, M. (1996). The Dark Side of “Black-Box” Cryptography or: Should We Trust Capstone?. In: Koblitz, N. (eds) Advances in Cryptology — CRYPTO ’96. CRYPTO 1996. Lecture Notes in Computer Science, vol 1109. Springer, Berlin, Heidelberg.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-61512-5

  • Online ISBN: 978-3-540-68697-2

  • eBook Packages: Springer Book Archive