雙雞卵行曲線確定性隨機位元生成器

雙雞卵行曲線確定性隨機位元生成器（Dual Elliptic Curve Deterministic Random Bit Generator，Dual \ _ EC \ _ DRBG），是一種使用雞卵行的曲線密碼學實現的密碼學安全偽亂數生成器（CSPRNG）。該演算法自二空空六年六月左右予人公開，就算受著大量的密碼學家𪜶的批評，並且予人認為存在藏佇的後壁門，毋過一直到二空一七年予復原進前，Dual \ _ EC \ _ DRBG 佇咧七年的時間內攏是 NIST SP 八百九十 A 定義的四个（現為三个）標準的 CSPRNG 之一。

參見

密碼學安全偽亂數生成器
亂數生做器攻擊
Crypto AG：一間主要做通批佮資訊安全的瑞士公司，這个公司長期受美國中央情報局佮德國聯邦情報局的直接控制，並佇咧其加密機內底插入後門。

參考文獻

外部連結

NIST SP 八百九十 A-Recommendation for Random Number Generation Using Deterministic Random Bit Generators
Dual EC DRBG-Collection of Dual \ _ EC \ _ DRBG information , by Daniel J . Bernstein , Tanja Lange , and Ruben Niederhagen .
On the Practical Exploitability of Dual EC in TLS Implementations-Key research paper by Stephen Checkoway et al .
The prevalence of kleptographic attacks on discrete-log based cryptosystems-Adam L . Young , Moti Yung ( 一千九百九十七 )
United States Patent Application Publication _ US 二十五空七百一十八撨九千五百二十七 , Brown , Daniel R . L . & Vanstone , Scott A . ,「Elliptic curve random number generation」_ on the Dual \ _ EC \ _ DRBG backdoor , and ways to negate the backdoor .
Comments on Dual-EC-DRBG / NIST SP 八百九十 , Draft December 兩千空五 Kristian Gjøsteen's March 二千空六 paper concluding that Dual \ _ EC \ _ DRBG is predictable , and therefore insecure .
A Security Analysis of the NIST SP 八百九十 Elliptic Curve Random Number Generator Daniel R . L . Brown and Kristian Gjøsteen's 兩千空七 security analysis of Dual \ _ EC \ _ DRBG . Though at least Brown was aware of the backdoor ( from his 兩千空五 patent ) , the backdoor is not explicitly mentioned . Use of non-backdoored constants and a greater output bit truncation than Dual \ _ EC \ _ DRBG specifies are assumed .
On the Possibility of a Back Door in the NIST SP 八百九十 Dual Ec Prng Dan Shumow and Niels Ferguson's presentation , which made the potential backdoor widely known .
The Many Flaws of Dual \ _ EC \ _ DRBG-Matthew Green's simplified explanation of how and why the backdoor works .
A few more notes on NSA random number generators-Matthew Green
Sorry , RSA , I'm just not buying it-Summary and timeline of Dual \ _ EC \ _ DRBG and public knowledge .
[/ / web . archive . org / web / 二十五空一千六百空八學一千八百一十三學兩千五百三十九 / http : / / www . ietf . org / mail-archive / web / cfrg / current / msg 三千六百五十一 . html 頁面存檔備份，存在網路檔案館）[ Cfrg] Dual \ _ EC \ _ DRBG . . . [was RE : Requesting removal of CFRG co-chair] ] A December 二千空一十三 email by Daniel R . L . Brown defending Dual \ _ EC \ _ DRBG and the standard process .