双椭圆曲线确定性随机比特生成器(Dual Elliptic Curve Deterministic Random Bit Generator,Dual_EC_DRBG)[1] ,是一种使用椭圆曲线密码学实现的密码学安全伪随机数生成器(CSPRNG)。该算法自2006年6月左右被公开,尽管受到了大量密码学家们的批评,并被认为存在潜在的后门,但直到2017年被撤销之前,Dual_EC_DRBG在七年的时间内都是NIST SP 800-90A定义的4个(现为3个)标准的CSPRNG之一。
^Recommendations for Random Number Generation Using Deterministic Random Bit Generators (Revised) (PDF). National Institute of Standards and Technology. January 2012 [2018-03-03]. NIST SP 800-90. (原始内容 (PDF)于2013-10-09).
^How the CIA used Crypto AG encryption devices to spy on countries for decades - Washington Post. www.washingtonpost.com. 2020-02-11 [2020-02-13]. (原始内容于2020-02-11).
外部链接编辑
NIST SP 800-90A - Recommendation for Random Number Generation Using Deterministic Random Bit Generators(页面存档备份,存于互联网档案馆)
Dual EC DRBG(页面存档备份,存于互联网档案馆) - Collection of Dual_EC_DRBG information, by Daniel J. Bernstein, Tanja Lange, and Ruben Niederhagen.
On the Practical Exploitability of Dual EC in TLS Implementations(页面存档备份,存于互联网档案馆) - Key research paper by Stephen Checkoway et al.
The prevalence of kleptographic attacks on discrete-log based cryptosystems(页面存档备份,存于互联网档案馆) - Adam L. Young, Moti Yung (1997)
United States Patent Application Publication US 2007189527,Brown, Daniel R. L. & Vanstone, Scott A.,「Elliptic curve random number generation」 on the Dual_EC_DRBG backdoor, and ways to negate the backdoor.
Kristian Gjøsteen's March 2006 paper concluding that Dual_EC_DRBG is predictable, and therefore insecure.
A Security Analysis of the NIST SP 800-90 Elliptic Curve Random Number Generator(页面存档备份,存于互联网档案馆) Daniel R. L. Brown and Kristian Gjøsteen's 2007 security analysis of Dual_EC_DRBG. Though at least Brown was aware of the backdoor (from his 2005 patent), the backdoor is not explicitly mentioned. Use of non-backdoored constants and a greater output bit truncation than Dual_EC_DRBG specifies are assumed.
On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng(页面存档备份,存于互联网档案馆) Dan Shumow and Niels Ferguson's presentation, which made the potential backdoor widely known.
The Many Flaws of Dual_EC_DRBG(页面存档备份,存于互联网档案馆) - Matthew Green's simplified explanation of how and why the backdoor works.
A few more notes on NSA random number generators(页面存档备份,存于互联网档案馆) - Matthew Green
Sorry, RSA, I'm just not buying it(页面存档备份,存于互联网档案馆) - Summary and timeline of Dual_EC_DRBG and public knowledge.
[//web.archive.org/web/20160818132539/http://www.ietf.org/mail-archive/web/cfrg/current/msg03651.html 页面存档备份,存于互联网档案馆) [Cfrg] Dual_EC_DRBG ... [was RE: Requesting removal of CFRG co-chair]] A December 2013 email by Daniel R. L. Brown defending Dual_EC_DRBG and the standard process.
十二月 02, 2023
双椭圆曲线确定性随机比特生成器, dual, elliptic, curve, deterministic, random, generator, dual, drbg, 是一种使用椭圆曲线密码学实现的密码学安全伪随机数生成器, csprng, 该算法自2006年6月左右被公开, 尽管受到了大量密码学家们的批评, 并被认为存在潜在的后门, 但直到2017年被撤销之前, dual, drbg在七年的时间内都是nist, 90a定义的4个, 现为3个, 标准的csprng之一, 参见, 编辑密码学安全伪随机数生成器, . 双椭圆曲线确定性随机比特生成器 Dual Elliptic Curve Deterministic Random Bit Generator Dual EC DRBG 1 是一种使用椭圆曲线密码学实现的密码学安全伪随机数生成器 CSPRNG 该算法自2006年6月左右被公开 尽管受到了大量密码学家们的批评 并被认为存在潜在的后门 但直到2017年被撤销之前 Dual EC DRBG在七年的时间内都是NIST SP 800 90A定义的4个 现为3个 标准的CSPRNG之一 参见 编辑密码学安全伪随机数生成器 随机数生成器攻击 Crypto AG 一家主要从事通信和信息安全的瑞士公司 该公司长期受美国中央情报局与德国联邦情报局的直接控制 并在其加密机中插入后门 2 参考文献 编辑 Recommendations for Random Number Generation Using Deterministic Random Bit Generators Revised PDF National Institute of Standards and Technology January 2012 2018 03 03 NIST SP 800 90 原始内容存档 PDF 于2013 10 09 How the CIA used Crypto AG encryption devices to spy on countries for decades Washington Post www washingtonpost com 2020 02 11 2020 02 13 原始内容存档于2020 02 11 外部链接 编辑NIST SP 800 90A Recommendation for Random Number Generation Using Deterministic Random Bit Generators 页面存档备份 存于互联网档案馆 Dual EC DRBG 页面存档备份 存于互联网档案馆 Collection of Dual EC DRBG information by Daniel J Bernstein Tanja Lange and Ruben Niederhagen On the Practical Exploitability of Dual EC in TLS Implementations 页面存档备份 存于互联网档案馆 Key research paper by Stephen Checkoway et al The prevalence of kleptographic attacks on discrete log based cryptosystems 页面存档备份 存于互联网档案馆 Adam L Young Moti Yung 1997 United States Patent Application Publication US 2007189527 Brown Daniel R L amp Vanstone Scott A Elliptic curve random number generation on the Dual EC DRBG backdoor and ways to negate the backdoor Comments on Dual EC DRBG NIST SP 800 90 Draft December 2005 Kristian Gjosteen s March 2006 paper concluding that Dual EC DRBG is predictable and therefore insecure A Security Analysis of the NIST SP 800 90 Elliptic Curve Random Number Generator 页面存档备份 存于互联网档案馆 Daniel R L Brown and Kristian Gjosteen s 2007 security analysis of Dual EC DRBG Though at least Brown was aware of the backdoor from his 2005 patent the backdoor is not explicitly mentioned Use of non backdoored constants and a greater output bit truncation than Dual EC DRBG specifies are assumed On the Possibility of a Back Door in the NIST SP800 90 Dual Ec Prng 页面存档备份 存于互联网档案馆 Dan Shumow and Niels Ferguson s presentation which made the potential backdoor widely known The Many Flaws of Dual EC DRBG 页面存档备份 存于互联网档案馆 Matthew Green s simplified explanation of how and why the backdoor works A few more notes on NSA random number generators 页面存档备份 存于互联网档案馆 Matthew Green Sorry RSA I m just not buying it 页面存档备份 存于互联网档案馆 Summary and timeline of Dual EC DRBG and public knowledge web archive org web 20160818132539 http www ietf org mail archive web cfrg current msg03651 html 页面存档备份 存于互联网档案馆 Cfrg Dual EC DRBG was RE Requesting removal of CFRG co chair A December 2013 email by Daniel R L Brown defending Dual EC DRBG and the standard process 取自 https zh wikipedia org w index php title 双椭圆曲线确定性随机比特生成器 amp oldid 73294115, 维基百科,wiki,书籍,书籍,图书馆,
