[Cryptography] Curated Cryptology Compendium

Steven M. Bellovin smb at cs.columbia.edu
Sat Jan 31 08:33:36 EST 2026 

I'd include this Usenix Security paper: 
https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway 
"On the Practical Exploitability of Dual EC in TLS Implementations" and 
https://dl.acm.org/citation.cfm?id=2978395: A systematic analysis of the 
Juniper Dual EC incident from ACM SIGSAC.

On 30 Jan 2026, at 9:55, Jason Cooper via cryptography wrote:

> Hi Tony! On Wed, Jan 28, 2026 at 04: 45: 27PM -0500, Tony Patti 
> wrote: > I have created a "Curated Cryptology Compendium" at > 
> https: //urldefense. com/v3/__https: //cryptosystemsjournal. com/curated-cryptology-compendium. html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$
>
> ZjQcmQRYFpfptBannerStart
>
> This Message Is From an External Sender
>
> This message came from outside your organization.
>
>
>
> ZjQcmQRYFpfptBannerEnd
>
> Hi Tony!
>
> On Wed, Jan 28, 2026 at 04:45:27PM -0500, Tony Patti wrote:
>> I have created a "Curated Cryptology Compendium" at
>> https://urldefense.com/v3/__https://cryptosystemsjournal.com/curated-cryptology-compendium.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$ 
>> ...
>
>> I intend this to be a living project, and I'd appreciate feedback -- 
>> if you
>> have additions or corrections, let's make this the best resource 
>> possible
>> for the community!
>
> Just spotted something missing, Dual-EC DRBG compromise.  I'm not sure 
> what
> should be considered a canonical writeup of the incident, but here's a 
> few to
> get started:
>
> Harvard Law Journal, "Dueling over Dual-EC DRBG: The Consequences of 
> Corrupting
> a Cryptographic Standardization Process"
> https://urldefense.com/v3/__https://journals.law.harvard.edu/nsj/wp-content/uploads/sites/82/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTcQTfTHo$ 
> IACR, "Dual EC: A Standardized Backdoor"
> https://urldefense.com/v3/__https://eprint.iacr.org/2015/767.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTenMnpzo$ 
> There's a slew of them, and imo, would be a great addition to the 
> Compendium.
>
> And more specifically, The Juniper compromise really shined a light on 
> the
> Dual-EC DRBG weakness:
> https://urldefense.com/v3/__https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTFzxIc4E$ 
> In short, Juniper used Dual-EC DRBG in their VPN gateway.  Someone 
> broke in and
> changed the Q value so the attackers could leverage the backdoor.
>
> From the article:
>
>> In its 2012 probe, Juniper learned that the hackers had stolen a file
>> containing NetScreen’s ScreenOS source code from an engineer’s 
>> computer. The
>> company didn’t realize that the hackers returned a short time 
>> later, accessed
>> a server where new versions of ScreenOS were prepared before being 
>> made
>> available to customers and altered the code, according to the two 
>> people
>> involved in the 2015 investigation and the document. The hackers' 
>> tweak
>> involved changing the Q value that the NSA algorithm used — the 
>> very same
>> vulnerability that Microsoft researchers had identified years 
>> earlier. The
>> hack allowed them to potentially bypass customers' encryption and 
>> eavesdrop
>> on their communications.
>
> thx,
>
> Jason.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> https://urldefense.com/v3/__https://www.metzdowd.com/mailman/listinfo/cryptography__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTExR2Z_E$



         --Steve Bellovin, https://www.cs.columbia.edu/~smb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20260131/72f83bb6/attachment.htm>

More information about the cryptography mailing list