Controlled randomness – a defense against backdoors in cryptographic devices

Abstract

Security of many cryptographic protocols is conditioned by quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in black box solutions. Unfortunately, the black box random number generators enable creating backdoors. So effectively the signing keys may be stolen, authentication protocol can be broken enabling impersonation, confidentiality of encrypted communication is not guaranteed anymore. In this paper we deal with this problem. The solution proposed is a generation of random parameters such that: (a) the protocols are backwards compatible (a protocol participant gets additional data that can be ignored), (b) verification of randomness might be executed any time without any notice, so a device is forced to behave honestly, (c) the solution makes almost no change in the existing protocols and therefore is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that otherwise might be able to predict the output of the generator and break the protocol. We give a few application examples of this technique for standard schemes.