Backdoored PRNG

Exploit a backdoor in an elliptic curve based PRNG



anton

Staff
March 13, 2016, 2:24 a.m.

It is interesting to note that in this case (and the FIPS standard), P is a generator point for P-256, so if Q lies on the curve P-256 then there must exist some d such that dQ = P. In other words, for all Dual_EC implementations where P is a generator, the backdoor exists.

jshmendes

37 solved
April 22, 2016, 3:13 p.m.

Hello there, Can you suggest a good python library for EC arithmetics ?

anton

Staff
April 24, 2016, 7:33 a.m.

The ecdsa library should work just fine for doing EC arithmetic. $ pip install ecdsa.