Unconventional attacks on RSA
The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in their Proceedings of Advances in Cryptology paper. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (for example, via publishing, being discovered and disclosed by reverse engineering, and more). This class of attacks has been termed kleptography; they can be carried out on software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is now part of a larger field called cryptovirology. Notably, NSA inserted a paragraph on kleptographic backdoor into the Dual EC DRBG standard.
There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor, designed by Young and Yung, utilizes a twisted pair of elliptic curves and has been made available. In this section, we will examine something that is a little bit different...
