[Cryptography] Curated Cryptology Compendium

Tony Patti crypto at glassblower.info
Sat Jan 31 10:37:09 EST 2026 

Thank you both Steven and Jason, I have added all five of your references about NIST’s Dual EC pseudorandom number generator at:

https://cryptosystemsjournal.com/curated-cryptology-compendium.html#dual-ec-drbg

 

Also thanks to Ralf Senderek for recommended adding: “Security Engineering”, a Turing Award Lecture, and a Dan Boneh paper.

 

Our compendium has now grown to 410 downloadable PDF’s (29,123 pages) & more.

https://cryptosystemsjournal.com/curated-cryptology-compendium.html

 

For those who have not yet visited, the Table of Contents contains these sections:

 


Highly Recommended

Foundational Papers

Mathematical Cryptography

Cryptanalysis & Attack Methodologies

Dual EC pseudorandom number generator

Randomness, Entropy, and Statistical Testing

Zero-Knowledge Proofs & Interactive Systems

Side-Channel Analysis & Hardware Attacks

Secret Sharing: The Threshold of Trust

Steganography & Covert Communications

Network Anonymity & Traffic Analysis

First Crypto War (1977-1999)

Bletchley Park WWII Reports 

NSA Modern Publications

NSA Declassified Manuals & Books

NSA Vietnam

NSA-Snowden

NSA Special Research Histories (SRH)

NSA Internal Periodicals & Technical Journals

NSA CryptoComics

NSA/CCH Calendars

NIST Technical Standards

Cryptographic Mailing Lists & Communities

Expert Cryptographer's Blogs

Quantum & Post-Quantum

Encryption Products

Foundational Cryptographic Patents

Books (on Amazon)

 

To reiterate: I welcome suggested additions, to make this the best possible resource for the community.

 

Tony Patti

 

From: cryptography <cryptography-bounces+crypto=glassblower.info at metzdowd.com> On Behalf Of Steven M. Bellovin
Sent: Saturday, January 31, 2026 8:34 AM
To: Jason Cooper <cryptography at lakedaemon.net>
Cc: Tony Patti <crypto at glassblower.info>; cryptography at metzdowd.com
Subject: Re: [Cryptography] Curated Cryptology Compendium

 

I'd include this Usenix Security paper:  <https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway> https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/checkoway "On the Practical Exploitability of Dual EC in TLS Implementations" and  <https://dl.acm.org/citation.cfm?id=2978395> https://dl.acm.org/citation.cfm?id=2978395: A systematic analysis of the Juniper Dual EC incident from ACM SIGSAC.

On 30 Jan 2026, at 9:55, Jason Cooper via cryptography wrote:

Hi Tony! On Wed, Jan 28, 2026 at 04: 45: 27PM -0500, Tony Patti wrote: > I have created a "Curated Cryptology Compendium" at > https: //urldefense. com/v3/__https: //cryptosystemsjournal. com/curated-cryptology-compendium. html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$

ZjQcmQRYFpfptBannerStart




This Message Is From an External Sender 


This message came from outside your organization. 

ZjQcmQRYFpfptBannerEnd

Hi Tony!
 
On Wed, Jan 28, 2026 at 04:45:27PM -0500, Tony Patti wrote:
> I have created a "Curated Cryptology Compendium" at
> https://urldefense.com/v3/__https://cryptosystemsjournal.com/curated-cryptology-compendium.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$ <https://urldefense.com/v3/__https:/cryptosystemsjournal.com/curated-cryptology-compendium.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTMstkyEY$>  
 
...
 
> I intend this to be a living project, and I'd appreciate feedback -- if you
> have additions or corrections, let's make this the best resource possible
> for the community!
 
Just spotted something missing, Dual-EC DRBG compromise.  I'm not sure what
should be considered a canonical writeup of the incident, but here's a few to
get started:
 
Harvard Law Journal, "Dueling over Dual-EC DRBG: The Consequences of Corrupting
a Cryptographic Standardization Process"
https://urldefense.com/v3/__https://journals.law.harvard.edu/nsj/wp-content/uploads/sites/82/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTcQTfTHo$ <https://urldefense.com/v3/__https:/journals.law.harvard.edu/nsj/wp-content/uploads/sites/82/2022/06/Vol13Iss2_Kostyuk-Landau_Dual-EC-DRGB.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTcQTfTHo$> 
 
IACR, "Dual EC: A Standardized Backdoor"
https://urldefense.com/v3/__https://eprint.iacr.org/2015/767.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTenMnpzo$ <https://urldefense.com/v3/__https:/eprint.iacr.org/2015/767.pdf__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTenMnpzo$> 
 
There's a slew of them, and imo, would be a great addition to the Compendium.
 
And more specifically, The Juniper compromise really shined a light on the
Dual-EC DRBG weakness:
https://urldefense.com/v3/__https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTFzxIc4E$ <https://urldefense.com/v3/__https:/finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTFzxIc4E$> 
 
In short, Juniper used Dual-EC DRBG in their VPN gateway.  Someone broke in and
changed the Q value so the attackers could leverage the backdoor.
 
>From the article:
 
> In its 2012 probe, Juniper learned that the hackers had stolen a file
> containing NetScreen’s ScreenOS source code from an engineer’s computer. The
> company didn’t realize that the hackers returned a short time later, accessed
> a server where new versions of ScreenOS were prepared before being made
> available to customers and altered the code, according to the two people
> involved in the 2015 investigation and the document. The hackers' tweak
> involved changing the Q value that the NSA algorithm used — the very same
> vulnerability that Microsoft researchers had identified years earlier. The
> hack allowed them to potentially bypass customers' encryption and eavesdrop
> on their communications.
 
thx,
 
Jason.
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com <mailto:cryptography at metzdowd.com> 
https://urldefense.com/v3/__https://www.metzdowd.com/mailman/listinfo/cryptography__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTExR2Z_E$ <https://urldefense.com/v3/__https:/www.metzdowd.com/mailman/listinfo/cryptography__;!!BDUfV1Et5lrpZQ!Rz0I4-ZQnm0LsoayhaMlborV0oCKqj3rkvgezed7qHsiYZKCesTmvAUuuVr7dN0CZKjP4pMc3P0073auFgbTExR2Z_E$> 

 

--Steve Bellovin,  <https://www.cs.columbia.edu/~smb> https://www.cs.columbia.edu/~smb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20260131/19fcd8b0/attachment.htm>

More information about the cryptography mailing list