On May 29, 2006, a pair of researchers in the Netherlands authored a paper showing that this NSA created elliptic curve-based random-number generator was insecure and that attacks against it could "be run on an ordinary PC."
http://s3.documentcloud.org/documents/786216/cryptanalysis-of-the-dual-elliptic-curve.pdf
The math used by the Netherlands researchers was rather complex. A less complex explanation of the danger was presented in August 2007 by two junior Microsoft employees at an internet-security conference in Santa Barbara California.
http://www.wired.com/images_blogs/threatlevel/2013/09/15-shumow.pdf
This presentation occurred at almost the exact same time that Microsoft joined the NSA PRISM program and made dangerous modifications to the UEFI computer startup program (described in detail in my book). While there are many families of elliptical functions, all of them suffer from the same problem described by these researchers. Basically, elliptical curves are either too complex to be used for encryption without certain restrictions (such as limiting the elliptical curve function to integers) -- or they are not random if there are restrictions.
I therefore started researching applications that used this bad NSA-encryption method. One application was the Windows operating system. Despite the fact that it was known to be insecure, Microsoft added this encryption method to Windows Vista in February 2008. Even though the NSA flawed process was not the default encryption method, adding it to the Windows operating system greatly increased the ease of the NSA in attacking Iranian Windows computer systems later that same year. The NSA also likely used this same method to attack over 50,000 other Windows computer networks around the world in the next two years. The number is now over 85,000 compromised computer networks per a leak of top secret NSA documents released on November 23, 2013.
"The malware can be controlled remotely and be turned on and off at will. The 'implants' act as digital 'sleeper cells' that can be activated with a single push of a button. According to the Washington Post , the NSA has been carrying out this type of cyber operation since 1998."
http://www.nrc.nl/nieuws/2013/11/23/nsa-infected-50000-computer-networks-with-malicious-software/
The other major application of elliptical encryption was with Bitcoin, a digital-currency program also developed by the NSA between 2006 to 2008. The earliest papers and domain-name registration for Bitcoin was in August 2008 with the release of the first bitcoins in January 2009. The NSA elliptical-encryption method is used to verify the authenticity of bitcoin ownership as one of the final steps in transferring ownership of bitcoins. On October 28, 2013, an article appeared in Bitcoin Magazine claiming that bitcoin got "lucky" because it used a Koblitz ellipse curve rather than the normal pseudo-random ellipse curve (secp256k1 rather than secp256r1).
But using a K curve rather than the R curve does not reduce the danger of the function. In fact, the article cited several examples of how the original programmer for bitcoin, Satoshi Nakamoto, got very "lucky" in avoiding less-than-obvious computer-programming problems in the design of bitcoin. Rather than being lucky, these examples are strong evidence that bitcoin was not designed by a single lucky person -- but by many extremely smart mathematicians and computer programmers over a period of several years. In other words, the design of bitcoin has the finger prints of the NSA all over it.
This article led me to research the history of Satoshi Nakamoto and the history of bitcoin. One of the best articles on this history was from Wired magazine in 2011. http://www.wired.com/magazine/2011/11/mf_bitcoin/
The mythical founder of Bitcoin was named Satoshi Nakamoto. In his posts, he used a fake name and a fake German email address (Email address removed). He claimed to be from Japan. But he spoke perfect English. He wrote words using the British spelling (for example, colour rather than color). While careful steps were taken to hide the actual location of the emails, a detailed analysis of his 500 posts to the Bitcoin forum indicated that he lived in the US East Coast time zone -- which just happens to be the time zone where NSA headquarters are located. In addition, Satoshi took an unusually long time -- averaging two weeks -- to respond to forum posts. This indicated that a group of people would prepare a response and then have it approved by senior officials before actually posting responses to the forum.
Satoshi had nearly $200 million dollars' worth of bitcoins. Yet he never cashed any bitcoins in for dollars. Just as bitcoin was gaining widespread acceptance, he stopped posting altogether and simply disappeared. What kind of person or group of persons would be willing to turn their backs on $200 million? No one has ever met this amazingly smart, lucky, and/or generous computer programmer. Yet he was able to do what entire teams of programmers have failed to do -- establish a digital currency worth an estimated $21 billion.
The NSA aka Satoshi set up a website, bitcoin.org, in August 2008 at just about the same time that they started their PRISM program. On this website, they published a "white paper" under the Satoshi alias, explaining how Bitcoin works.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
1
1
1
