Controlled Randomness – A Defense Against Backdoors in Cryptographic Devices

  • Lucjan Hanzlik
  • Kamil Kluczniak
  • Mirosław Kutyłowski
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10311)


Security of many cryptographic protocols is conditioned by quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in black box solutions. Unfortunately, the black box random number generators enable creating backdoors. So effectively the signing keys may be stolen, authentication protocol can be broken enabling impersonation, confidentiality of encrypted communication is not guaranteed anymore.

In this paper we deal with this problem. The solution proposed is a generation of random parameters such that: (a) the protocols are backwards compatible (a protocol participant gets additional data that can be ignored), (b) verification of randomness might be executed any time without any notice, so a device is forced to behave honestly, (c) the solution makes almost no change in the existing protocols and therefore is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that otherwise might be able to predict the output of the generator and break the protocol. We give a few application examples of this technique for standard schemes.


Cryptographic device Pseudorandom number generator Backdoor Discrete logarithm Signature Audit Provable security 


  1. 1.
    Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 431–448. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_28 CrossRefGoogle Scholar
  2. 2.
    Bender, J., Fischlin, M., Kügler, D.: The PACE|CA protocol for machine readable travel documents. In: Bloem, R., Lipp, P. (eds.) INTRUST 2013. LNCS, vol. 8292, pp. 17–35. Springer, Cham (2013). doi: 10.1007/978-3-319-03491-1_2 CrossRefGoogle Scholar
  3. 3.
    Bernstein, D.J., Chang, Y.-A., Cheng, C.-M., Chou, L.-P., Heninger, N., Lange, T., Someren, N.: Factoring RSA keys from certified smart cards: coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-42045-0_18 CrossRefGoogle Scholar
  4. 4.
    Błaśkiewicz, P., Kubiak, P., Kutyłowski, M.: Two-head dragon protocol: preventing cloning of signature keys. In: Chen, L., Yung, M. (eds.) INTRUST 2010. LNCS, vol. 6802, pp. 173–188. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25283-9_12 CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Ding, X., Tsudik, G., Wong, C.M.: Instantenous revocation of security capabilities. In: USENIX Security Symposium (2001)Google Scholar
  6. 6.
    BSI. Advanced Security Mechanisms for Machine Readable Travel Documents 2.11. Technische Richtlinie TR-03110-3 (2013)Google Scholar
  7. 7.
    Checkoway, S., Fredrikson, M., Niederhagen, R., Green, M., Lange, T., Ristenpart, T., Bernstein, D.J., Maskiewicz, J., Shacham, H.: On the practical exploitability of Dual EC DRBG in TLS implementations (2014)Google Scholar
  8. 8.
    Damgård, I.: Towards practical public key systems secure against chosen ciphertext attacks. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 445–456. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_36 Google Scholar
  9. 9.
    Gołȩbiewski, Z., Kutyłowski, M., Zagórski, F.: Stealing secrets with SSL/TLS and SSH – kleptographic attacks. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 191–202. Springer, Heidelberg (2006). doi: 10.1007/11935070_13 CrossRefGoogle Scholar
  10. 10.
    Goyal, V., O’Neill, A., Rao, V.: Correlated-input secure hash functions. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 182–200. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19571-6_12 CrossRefGoogle Scholar
  11. 11.
    ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization. Supplemental access control for machine readable travel documents. Technical report, 2014. version 1.1, April 2014Google Scholar
  12. 12.
    Itkis, G., Reyzin, L.: SiBIR: signer-base intrusion-resilient signatures. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 499–514. Springer, Heidelberg (2002). doi: 10.1007/3-540-45708-9_32 CrossRefGoogle Scholar
  13. 13.
    Juels, A., Guajardo, J.: RSA key generation with verifiable randomness. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 357–374. Springer, Heidelberg (2002). doi: 10.1007/3-540-45664-3_26 CrossRefGoogle Scholar
  14. 14.
    King, C.: Dual_EC_DRBG output using untrusted curve constants may be predictable (2013).
  15. 15.
    Kucner, D., Kutyłowski, M.: Stochastic kleptography detection. In: Alster, K., Urbanowicz, J., Williams, H.C. (eds.) Public-Key Cryptography and Computational Number Theory (Warsaw 2000), pp. 137–149. Walter de Gruyter Inc., Birmingham (2001)Google Scholar
  16. 16.
    Kutyłowski, M., Hanzlik, L., Kluczniak, K., Kubiak, P., Krzywiecki, Ł.: Forbidden city model – towards a practice relevant framework for designing cryptographic protocols. In: Huang, X., Zhou, J. (eds.) ISPEC 2014. LNCS, vol. 8434, pp. 42–59. Springer, Cham (2014). doi: 10.1007/978-3-319-06320-1_5 CrossRefGoogle Scholar
  17. 17.
    Nicolosi, A., Krohn, M.N., Dodis, Y., Mazières, D.: Proactive two-party signatures for user authentication. In: Proceedings of the Network and Distributed System Security Symposium, NDSS 2003, San Diego, California, USA. The Internet Society (2003)Google Scholar
  18. 18.
    NIST. Random Number Generation (2010)Google Scholar
  19. 19.
    Pfitzmann, B.: Digital Signature Schemes, General Framework and Fail-Stop Signatures, vol. 1100. Springer, Heidelberg (1996)CrossRefzbMATHGoogle Scholar
  20. 20.
    Shumow, D., Ferguson, N.: On the possibility of a back door in the NIST SP800-90 Dual EC PRNG. In: CRYPTO Rump Session Presentation (2007)Google Scholar
  21. 21.
    Wang, Y., Nicol, T.: Statistical properties of pseudo random sequences and experiments with PHP and Debian OpenSSL. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 454–471. Springer, Cham (2014). doi: 10.1007/978-3-319-11203-9_26 Google Scholar
  22. 22.
    Yilek, S., Rescorla, E., Shacham, H., Enright, B., Savage, S.: When private keys are public: results from the 2008 Debian OpenSSL vulnerability. In: Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference, IMC 2009, pp. 15–27. ACM, New York (2009)Google Scholar
  23. 23.
    Young, A.L., Yung, M.: Malicious Cryptography - Exposing Cryptovirology. Wiley, Hoboken (2004)Google Scholar
  24. 24.
    Young, A.L., Yung, M.: A timing-resistant elliptic curve backdoor in RSA. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 427–441. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-79499-8_33 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Lucjan Hanzlik
    • 1
  • Kamil Kluczniak
    • 1
  • Mirosław Kutyłowski
    • 1
  1. 1.Faculty of Fundamental Problems of TechnologyWrocław University of Science and TechnologyWrocławPoland

Personalised recommendations