[Cryptography] Techniques for malevolent crypto hardware

John Kelsey crypto.jmk at gmail.com
Sun Sep 8 16:21:55 EDT 2013

In principle, the malevolent crypto accellerator could flip into weak mode (however that happens) only upon receiving a message for decryption with some specific value or property.  That would defeat any testing other than constant observation.  This is more or less the attack that keeps parallel testing of electronic voting machines from being a good answer to the security concerns about them.


More information about the cryptography mailing list