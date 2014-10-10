The ACM cite for the STOC conference, which isn't linked, would be: http://dl.acm.org/citation.cfm?doid=2897518.2897528
Speculated!? I think it's pretty well established by now that Dual_EC_DRBG was intentionally weakened.
Abstract, etc.: http://eccc.hpi-web.de/report/2015/119/
Paper (PDF): http://eccc.hpi-web.de/report/2015/119/revision/2/download/
Related article from 17 May 2016: "Academics Make Theoretical Breakthrough in Random Number Generation": https://threatpost.com/academics-make-theoretical-breakthrou...
I can believe that your friend finds non-deliberately-introduced hardware vulnerabilities all the time, but that is not the same thing.
The defense was to make it hard to copy. They did crazy tricks on the digital level. He did stuff on analog level as well since his area was mixed-signal. His favorite technique was splitting the function between digital and analog since so few analog people existed to RE that stuff. He pointed out that digital tools couldn't even see analog stuff. Top that off with obfuscation to wild degrees. We stopped hearing from him after he changed employers, though.
Some of the things he predicted came true. An example was the A2 backdoor which was the kind of analog subversion he told us happened regularly. Another included a fab compromise which his trust model got me thinking about and predicting in the abstract. That the guys statements started coming true too often in various ways among hardware people and in CompSci papers means I'm inclined to believe him that hardware is a scheming a business as he claimed it to be.
"Some researchers have even speculated, especially since the disclosures by Edward Snowden, that commercial hardware sources could be subtly manipulated to make the codes easier to break by the U.S. National Security Agency or others." [Emphasis added]
Obviously such attacks are possible, but are they likely? I can see how the cat-and-mouse game of IP protection would lead to all kinds of dirty tricks, but what would be the profit in introducing a backdoor that could be leveraged to break crypto or an RNG?
http://www.dcssproject.net/bullrun/
https://theintercept.com/2014/10/10/core-secrets/
