Cryptographic Backdooring presented at NoSuchCon 2015

by Jean-Philippe Aumasson,

Summary : We describe the different classes of cryptographic backdoors, which depend on where sabotage occurs in the cryptographic supply-chain. We characterize and categorize backdoors, in terms of discoverability, detectability, and exploitability, and propose semi-formal definitions in order to encourage a more rigorous study of malicious cryptography.
Several examples are discussed, from straightforward coding backdoors to Dual_EC or the recent sabotaged SHA-1 instances.