david wong

Hey ! I'm David, a security consultant at Cryptography Services, the crypto team of NCC Group . This is my blog about cryptography and security and other related topics that I find interesting.

Kleptography: hidding a private key in plain sight January 2015

from wikipedia:

A kleptographic attack is an attack which uses asymmetric encryption to implement a cryptographic backdoor. For example, one such attack could be to subtly modify how the public and private key pairs are generated by the cryptosystem so that the private key could be derived from the public key. In a well-designed attack, the outputs of the infected cryptosystem would be computationally indistinguishable from the outputs of the corresponding uninfected cryptosystem. If the infected cryptosystem is a black-box implementation such as a hardware security module, a smartcard, or a Trusted Platform Module, a successful attack could go completely unnoticed.

I've seen implementations of this in the wild, here on reddit (python) and here on lobsters (C#)

Well done! You've reached the end of my post. Now you can leave me a comment :)