Surreptitiously Weakening Cryptographic Systems

B. Schneier, M. Fredrikson, T. Kohno, and T. Ristenpart

Cryptology ePrint Archive, Report 2015/097, 2015.


Revelations over the past couple of years highlight the importance of understanding malicious and surreptitious weakening of cryptographic systems. We provide an overview of this domain, using a number of historical examples to drive development of a weaknesses taxonomy. This allows comparing different approaches to sabotage. We categorize a broader set of potential avenues for weakening systems using this taxonomy, and discuss what future research is needed to provide sabotage-resilient cryptography.

[full text - PDF (Acrobat)]

Categories: Miscellaneous Papers

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.