UGOTAG | Videos with Chapter Markers  
  
× ANCIENT WORLD ANIMALS AQUARIUM ARCHERY ARCHITECTURE ART ARTIFICIAL INTELLIGENCE AUDIO BOOKS AVIATION BABY BEAUTY BIG THOUGHTS BIKING BIOLOGY BIRDS BLOCKCHAIN BUSINESS AUTOMOTIVE CATS CHRISTMAS COLD WAR COMPUTER SECURITY CRAFTS CRIME STORIES CRYPTOCURRENCY CSGO DIGITAL COMBAT SIMULATOR DINOSAUR DOGS EASTER ECONOMICS ELECTRONICS ENGINEERING ENVIRONMENT FAR CRY 5 FARMING FASHION FISHING FITNESS FOOD & DRINK FORTNITE BATTLE ROYALE FREEDOM OF SPEECH FUNNY GAMBLING GAMING GARDENING GEOPOLITICS GOD OF WAR GUITAR GUNS HALLOWEEN HARRY POTTER HEALTH & WELLNESS HISTORY YOUR HOME HOME REPAIR HOMEBREW INSECTS INTERESTING KIDS KITCHEN KNITTING LAWNCARE LEGO LIQUOR LOCKSPORT MARKETING MARTIAL ARTS MATH MENS STYLE MINECRAFT MOBILE DEVICES MOTORBIKES MOVIES MULTIPLICATION MUSIC MYSTERY NEUROSCIENCE OLYMPICS ORGANIZATION OUTDOORS PETS PHILOSOPHY PHOTOGRAPHY PHYSICS PI DAY POLITICS POTTERY PRIVACY PROGRAMMING PSYCHOLOGY RECIPE RED DEAD REDEMPTION RELAXING RELIGION REMOTE CONTROL ROCKCLIMBING SCI FI SCI FY SCIENCE SHOOTING SPORTS SKATEBOARDING SPECIAL FORCES SPEECHES SPORTS STAR WARS STEM STPATRICKS STYLE TECHNOLOGY THANKSGIVING TOYS TRAVEL TV VALENTINE'S DAY WAR WEDDING WOODWORKING WW1 WORLD WAR 2
HOME  |  TECHNOLOGY  |  HEALTH  |  FOOD  |  MORE

Episode Markers
  • 00:11
     
    #Dual Elliptic Curve Deterministic Random Bit Generator   
    There's another interesting story that people are asking me to talk about which is the story of the Dual EC-DRGB or the Dual Elliptic Curve Deterministic Random Bit Generator, which is a pseudo-random generator for generating random numbers.
  • 03:21
     
    #Elliptic curve background   
    Can predict the next random value you're going to be that could be your password, but you're generating on your password manager So I've seen this output. This is something you sent in the clear. Let's say a random number or something I've seen it Can I calculate what the state is well no because it to do that I have to reverse this one-way function this hash function So I can't do it. I'm stuck here That's the idea now in the early two-thousands the National Institute for Standards and technology's in the US Published a list of four new random number generators the idea being that these would be adopted by the kind of key players who are actually building these libraries like open SSL so most of these were kind of standard like like I'm Showing you here one of them was based on elliptic curves and was a little bit unusual And so it kind of piqued everyone's interest and though I say peak devil and suspicion at the time this was called the dual Elliptic curve drbg which I was going to call Julie C from now on otherwise I'm going to get very tongue-tied it works very much like this using elliptic curves just to remind you when we talked about elliptic curves an elliptic curve looks a bit like this and it has a formula of the type Y squared is XQ plus a X plus B The idea is that this can be used to perform a one-way function like our hash if we have a point here P on our curve. We can produce a multiple of P Let's say here. Which is a P, and if I give you that you can't tell me? What a was right?Elliptic curve background
  • 04:43
     
    #SHA-1 is breakable   
    That would be solving the elliptic curve discrete log problem very very difficult right That's all we really need to know about the mathematics for this particular one so we could replace these two one-way Functions with these elliptic curve functions this point addition and kind of get the same kind of structure going and the and the nice thing If it worked would be that this is kind of mathematically Provable in some sense because we know how difficult this problem is we don't know for sure what the difficulty of this hash function is Because no one's broken it yet right we all thought SHA-1 was unbreakable and then what happen All right So how does Julie C work all right? So we have our two random variables on our curve right P?SHA-1 is breakable
  • 07:20
     
    #Brute force attack   
    I can't reverse to find this internal state the reason I can't do that is because first of all I don't know what rQ was and even if I did I Can't go backwards through this to find R. And then go this way right so we can't reverse that because that is a one-way function Remember just because of the elliptic curve problem if I was an attacker how might I attack this well the first thing is to notice Is for 16 bits it's not actually very many So I can brute-force through the possible rQ's quite quickly to to the 16 operations 65,000 operations even on a laptop not going to take very long so I go through and I find all the possible X's for this random data And only some of them are going to adhere properly To that elliptic curve formula where we can find an actual Y that goes with them. All right?Brute force attack
  • 10:15
     
    #backdoor could exist   
    Cryptographers said well first of all this is not enough bits. You're cutting off here right. There's a slight bias in the output We don't like it. It doesn't look random enough. That's a problem. It's a thousand times slower. That's a problem All right, this didn't worry too much about this. They said it's fine. Why we're gonna put it in then in 2007 Dan Shumow and Niels Ferguson from Microsoft did a short talk Explaining that this backdoor could exist. Full paper -- http://rump2007.cr.yp.to/15-shumow.pdf
  • 10:39
     
    #Snowden leaks   
    You know that should have killed this off straight away But the problem was but it was an agreed standard in this it was starting to be implemented in some of these libraries And that's deeply concerning. We don't know whether this exists Hypothetically it could all right But no one can find this e so how can we know but then the Snowden leaks came along?

Elliptic Curve Back Door - Computerphile

The back door that may not be a back door... The suspicion about Dual_EC_DRBG - The Dual Elliptic Curve Deterministic Random Bit Generator - with Dr Mike Pound. EXTRA BITS: https://youtu.be/XEmoD06_mZ0 Nothing up my sleeve Numbers: https://youtu.be/oJWwaQm-Exs Elliptic Curves: https://youtu.be/NF1pwjL9-DE https://www.facebook.com/computerphile https://twitter.com/computer_phile This video was filmed and edited by Sean Riley. Computer Science at the University of Nottingham: https://bit.ly/nottscomputer Computerphile is a sister project to Brady Haran's Numberphile. More at http://www.bradyharan.com






Community tags: computer_security math     HOME     SIGN UP     CONTACT US