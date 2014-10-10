Hacker News new | comments | show | ask | jobs | submit login
Pure Randomness Extracted from Two Poor Sources (acm.org)
So the paper is called "Explicit two-source extractors and resilient functions". Not sure why the article goes out of its way to avoid actually telling you this, or why there's quotes from about seven people who aren't the authors. I think it's the same as the top link in further reading.

The ACM cite for the STOC conference, which isn't linked, would be: http://dl.acm.org/citation.cfm?doid=2897518.2897528

> Some researchers have even speculated, especially since the disclosures by Edward Snowden, that commercial hardware sources could be subtly manipulated to make the codes easier to break by the U.S. National Security Agency or others.

Speculated!? I think it's pretty well established by now that Dual_EC_DRBG was intentionally weakened.

Abstract, etc.: http://eccc.hpi-web.de/report/2015/119/

Paper (PDF): http://eccc.hpi-web.de/report/2015/119/revision/2/download/

Related article from 17 May 2016: "Academics Make Theoretical Breakthrough in Random Number Generation": https://threatpost.com/academics-make-theoretical-breakthrou...

Dual_EC_DRBG was software, not hardware. A hardware compromise would be much (much!) harder to detect.

Not necessarily. The hardware guy that got me started on all that was detecting them all the time. Some were really hard but others were obvious once the veil was pulled back. He said he stayed doing that sort of thing as did many others. Constant cat and mouse game. Your statement is true for software people where it will be anywhere from challenging to impossible for them to detect the hardware subversion.

I'm using the word "compromise" to mean the deliberate introduction of a vulnerability. I have a hard time believing that your friend was detecting those "all the time" because I have a hard time believing that there are a lot of deliberate hardware compromises in the field, and an even harder time believing that these are easily detectable.

I can believe that your friend finds non-deliberately-introduced hardware vulnerabilities all the time, but that is not the same thing.

Oh no. You're assuming the hardware field is about simply producing hardware and that's it. He taught me that they (a) know R&D cost a lot, (b) assume patent trolls will hit them constantly so they obfuscate the hell out of everything anyway, and (c) therefore steal each others stuff in whatever way they can while not advertising specifics on how it works to avoid patent trolls. The result was all kinds of hardware companies were ripping off all kinds of others with constant remixes on top of a cat and mouse game for security that makes software security look lame (my impression). He said competitors even sometimes cloned the best stuff down to the transistors where even he had trouble telling the fakes of his company's parts.

The defense was to make it hard to copy. They did crazy tricks on the digital level. He did stuff on analog level as well since his area was mixed-signal. His favorite technique was splitting the function between digital and analog since so few analog people existed to RE that stuff. He pointed out that digital tools couldn't even see analog stuff. Top that off with obfuscation to wild degrees. We stopped hearing from him after he changed employers, though.

Some of the things he predicted came true. An example was the A2 backdoor which was the kind of analog subversion he told us happened regularly. Another included a fab compromise which his trust model got me thinking about and predicting in the abstract. That the guys statements started coming true too often in various ways among hardware people and in CompSci papers means I'm inclined to believe him that hardware is a scheming a business as he claimed it to be.

OK... but none of that sounds like it would result in deliberately introducing security flaws of the sort under discussion here. Let's not forget the context of this discussion:

"Some researchers have even speculated, especially since the disclosures by Edward Snowden, that commercial hardware sources could be subtly manipulated to make the codes easier to break by the U.S. National Security Agency or others." [Emphasis added]

Obviously such attacks are possible, but are they likely? I can see how the cat-and-mouse game of IP protection would lead to all kinds of dirty tricks, but what would be the profit in introducing a backdoor that could be leveraged to break crypto or an RNG?

Concretely proven thanks to Edward Snowden leaking BULLRUN and Core Secrets:

http://www.dcssproject.net/bullrun/

https://theintercept.com/2014/10/10/core-secrets/

I'm amused by the paper's abstract stating that "explicit construction" when I can extract nothing so concrete from the paper (though a monotone boolean function on N bits resistance to any coalition of size N^(1-t) for any positive t sounds interesting to me-- achieving one for N^0.5 is well known and simple).

I think I need a non-randomness extractor. :)

