[Cryptography] Dual_EC_DRBG backdoor: a proof of concept
dj at deadhat.com
dj at deadhat.com
Fri Jan 3 10:50:27 EST 2014
> If we replaced dual ec drbg's output function by taking the parity of the
> output point's scalar value, it looks to me like we'd have a secure drbg
> despite the potentially evil choice of P and Q, with whatever good
> theoretical properties came from dual ec drbg.
>
> --John
> _______________________________________________
>
Is NIST seriously considering this?
Has anyone proposed this?
I notice that the comment period on SP800-90A/B/C has long been closed,
but the comments have not been published. So it's hard to tell what is
going on.
A little more transparency would go a long way.
More information about the cryptography
mailing list