Bitcoin Forum
November 16, 2024, 01:44:32 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Government Trapdoors Spying Tool Could Decrypt Millions of Cryptographic Keys  (Read 351 times)
Chronobank (OP)
Sr. Member
****
Offline Offline

Activity: 1081
Merit: 251


Formerly known as Chronobank, now Chrono.tech


View Profile WWW
October 16, 2016, 02:22:58 PM
 #1

Law enforcement agencies and government organizations including the NSA could place trapdoors on millions of Diffie-Hellman-generated cryptographic keys to decrypt websites, applications, and encrypted messaging tools.

It was revealed in a new study led by a team of University of Pennsylvania researchers.

Since early 2000, the Diffie-Hellman (DH) key exchange has been considered as the backbone of many cryptographic systems due to its unique simultaneous key generation technique. During a DH exchange, two parties create a key together, which later can be used to encrypt the traffic.

Systematically, it is virtually impossible to figure out the encryption key even through advanced analysis and investigation.

Vulnerabilities & Creation of Elliptic Curve Cryptography

As most Bitcoin users know by now, Bitcoin as well as many other cryptocurrencies are based on elliptic curve cryptography that utilizes algebraic curves to generate keys, instead of modular arithmetic which is used in the DH exchange.

The comparably simplistic encryption and key generation method of DH exchange can lead to a series of vulnerabilities that can be targeted by computationally inexpensive attacks as seen in the Logjam attack, which compromised a wide range of internet services and applications to drain confidential data.

Authors of the Logjam attacks, which mainly consists of computer scientists at CNRS, estimate that the NSA could easily break the DH cryptography within its budget. That means, top 1 mln domains on the HTTPS protocol, which accounts for 8.4% of all domains, are vulnerable to Logjam attacks.

“We show that we are never going to be able to detect primes that have been properly trapdoored. However, right now we know exactly how the trapdoor works, and [we] can quantify the massive advantage it gives to the attacker. So, people should start asking pointed questions about how the opaque primes in some implementations and standards were generated,” University of Pennsylvania researcher said in an interview.

Elliptic Curve Cryptography was introduced for this precise reason, to cover up the vulnerabilities in the widely used DH exchange. Cryptocurrencies like Bitcoin and any other advanced cryptographic networks are completely safe from government trapdoors, which have been described as a massive spying tool that could exploit most implemented encrypted systems.

https://cointelegraph.com/news/government-trapdoors-spying-tool-could-decrypt-millions-of-cryptographic-keys-bitcoin-is-safe

Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
October 16, 2016, 02:51:34 PM
 #2

Elliptic Curve Cryptography was introduced for this precise reason, to cover up the vulnerabilities in the widely used DH exchange. Cryptocurrencies like Bitcoin and any other advanced cryptographic networks are completely safe from government trapdoors, which have been described as a massive spying tool that could exploit most implemented encrypted systems.

Not too sure about this part. A Bitcoin dev (possibly Peter Todd, IIRC) shed some serious doubt on the robustness of the NIST recommended elliptic curve scheme, after wondering why Satoshi decided to use the more obscure (and less studied) Koblitz elliptical curve scheme for Bitcoin. It wasn't some kind of questionable prime number (as in the criticism of Diffie-Hellman above), it involved some kind of inappropriate use of a hash function. Can't remember the exact details, but the post is in the Dev and Tech sub forum IIRC.

Vires in numeris
Milkduds
Full Member
***
Offline Offline

Activity: 224
Merit: 100


View Profile
October 16, 2016, 05:27:17 PM
 #3

The posts you are making come across more as advertising or press releases,not actual discussion pieces. Looking back at the last few threads started its evident that people are not responding or you are offering rebuttal. Might be better served to post in press section to cut down on the spam aspect. Just a thought,since I think it will become apparent sooner than later.
New accounts tend to get less clicks on links as well,due to the nefarious nature that comes along with accounts with no roots in the forum.

On the topic...I imagine that spy agencies will constantly be looking for ways to piggyback on the delivery of bitcoin to figure out where they are going and who is storing them. Lot of the foundation of bitcoin is beyond me but I think once we have a issue that leeches the system it would become obvious to those that are fanatics and follow every aspect down to the nuts.
Carlton Banks
Legendary
*
Offline Offline

Activity: 3430
Merit: 3080



View Profile
October 16, 2016, 05:40:20 PM
 #4

The posts you are making come across more as advertising or press releases,not actual discussion pieces.

Yep, these belong in the Press section.

Vires in numeris
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!