{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,11]],"date-time":"2026-03-11T20:53:54Z","timestamp":1773262434602,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783662493007","type":"print"},{"value":"9783662493014","type":"electronic"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-662-49301-4_17","type":"book-chapter","created":{"date-parts":[[2016,3,18]],"date-time":"2016-03-18T11:15:43Z","timestamp":1458299743000},"page":"256-281","source":"Crossref","is-referenced-by-count":56,"title":["Dual EC: A Standardized Back Door"],"prefix":"10.1007","author":[{"given":"Daniel J.","family":"Bernstein","sequence":"first","affiliation":[]},{"given":"Tanja","family":"Lange","sequence":"additional","affiliation":[]},{"given":"Ruben","family":"Niederhagen","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,3,18]]},"reference":[{"key":"17_CR1","unstructured":"Amann, B., Vallentin, M., Hall, S., Sommer, R.:Revisiting SSL: A large-scale study of the Internet\u2019s mosttrusted protocol (2012). \n                      http:\/\/www.icsi.berkeley.edu\/pubs\/techreports\/ICSI_TR-12-015.pdf"},{"key":"17_CR2","unstructured":"Ball, J., Borger, J., Greenwald, G.: Revealed: how US and UK spy agencies defeat internet privacy andsecurity. The Guardian, 5 September 2013. \n                      http:\/\/www.theguardian.com\/world\/2013\/sep\/05\/nsa-gchq-encryption-codes-security"},{"key":"17_CR3","unstructured":"Barker, E.: Letter to Bruce Schneier (2007). \n                      https:\/\/github.com\/matthewdgreen\/nistfoia\/blob\/master\/6.4.2014%20production\/109%20-%20Nov%2028%2020d07%20Letter%20to%20Bruce%20from%20Barker%20-%20Wired%d20Commentary%20.pdf"},{"key":"17_CR4","unstructured":"Bernstein, D., Heninger, N., Lange, T.: The year in crypto, 2013. In: Presentation at 30th Chaos Communication Congress. \n                      https:\/\/hyperelliptic.org\/tanja\/vortraege\/talk-30C3.pdf"},{"key":"17_CR5","unstructured":"Bernstein, D.J., Lange, T., Niederhagen, R.: Certicom\u2019s patent applications regarding Dual EC key escrow (2014). \n                      https:\/\/projectbullrun.org\/dual-ec\/patent.html"},{"key":"17_CR6","unstructured":"Brown, D.R.L.: Re: Dual\n                      \n                        \n                      \n                      $$\\_$$\n                    EC\n                      \n                        \n                      \n                      $$\\_$$\n                    DRBG (2014). \n                      http:\/\/permalink.gmane.org\/gmane.ietf.irtf.cfrg\/2300"},{"key":"17_CR7","unstructured":"Brown, D.R.L., Vanstone, S.A.: Elliptic curve random number generation. Patent application published by WIPO (2006). \n                      http:\/\/tinyurl.com\/oowkk36"},{"key":"17_CR8","unstructured":"Checkoway, S., Niederhagen, R., Everspaugh, A., Green, M., Lange, T., Ristenpart, T., Bernstein, D.J., Maskiewicz, J., Shacham, H., Fredrikson, M.: On the practical exploitability of Dual EC in TLS implementations. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 319\u2013335. USENIX Association, August 2014. \n                      https:\/\/projectbullrun.org\/dual-ec\/documents\/dualectls-20140606.pdf"},{"key":"17_CR9","unstructured":"George, R.: Life at both ends of the barrel: an NSA targeting retrospective, keynote talk at Infiltrateconference (2014). \n                      http:\/\/vimeo.com\/97891042"},{"key":"17_CR10","unstructured":"Gj\u00f8steen, K.: Comments on Dual-EC-DRBG\/NIST SP 800-90, draft December 2005, 2006. \n                      http:\/\/www.math.ntnu.no\/~kristiag\/drafts\/dual-ec-drbg-comments.pdf"},{"key":"17_CR11","unstructured":"Green, M.D.: Results of a recent FOIA for NIST documents related to the designof Dual EC DRBG (2015). \n                      https:\/\/github.com\/matthewdgreen\/nistfoia"},{"key":"17_CR12","unstructured":"Hoffman, P.: Additional random extension to TLS, Internet-Draft version\u00a001, February 2010. \n                      http:\/\/tools.ietf.org\/html\/draft-hoffman-tls-additional-random-ext-01"},{"key":"17_CR13","unstructured":"Hoffman, P., Solinas, J.: Additional PRF inputs for TLS, Internet-Draft version\u00a001, October 2009. \n                      http:\/\/tools.ietf.org\/html\/draft-solinas-tls-additional-prf-input-01"},{"key":"17_CR14","unstructured":"Joint Technical Committee ISO\/IEC JTC 1, Informationtechnology, Subcommittee SC 27, IT Security techniques. US national body comments on ISO\/IEC 2nd CD 18031. Attachment 10 to SC27 N3685(2003). \n                      https:\/\/projectbullrun.org\/dual-ec\/documents\/us-comment-to-iso.pdf"},{"key":"17_CR15","unstructured":"Johnson, D.: Minding our Ps and Qs in Dual\n                      \n                        \n                      \n                      $$\\_$$\n                    EC (2004). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/crypto-review\/documents\/Email_Oct"},{"key":"17_CR16","unstructured":"Johnson, D.: Number theoretic DRBGs (2004). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/documents\/rng\/NumberTheoreticDRBG.pdf"},{"key":"17_CR17","unstructured":"Kelsey, J.: 800-90 and Dual EC DRBG (2013). \n                      http:\/\/csrc.nist.gov\/groups\/SMA\/ispab\/documents\/minutes\/2013-12\/nist_cryptography_800-90.pdf"},{"key":"17_CR18","unstructured":"Kelsey, J.: Dual EC in X9.82 and SP 800-90 (2014). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/crypto-review\/documents\/dualec_in_X982_and_sp800-90.pdf"},{"key":"17_CR19","unstructured":"Larson, J., Perlroth, N., Shane, S.: Revealed: The NSA\u2019s secret campaign to crack, undermine Internetsecurity. ProPublica, September 2013. \n                      https:\/\/www.propublica.org\/article\/the-nsas-secret-campaign-to-crack-undermine-internet-encryption"},{"key":"17_CR20","unstructured":"Menn, J.: Exclusive: Secret contract tied NSA and security industry pioneer. Reuters, December 2013. \n                      http:\/\/www.reuters.com\/article\/2013\/12\/20\/us-usa-security-rsa-idUSBRE9BJ1C220131220"},{"key":"17_CR21","unstructured":"National Institute for Standards and Technology. DRBG validation list. \n                      http:\/\/csrc.nist.gov\/groups\/STM\/cavp\/documents\/drbg\/drbgval.html"},{"key":"17_CR22","unstructured":"National Institute for Standards and Technology. Internal draft of X9.82 section 9.12, 2004? \n                      https:\/\/github.com\/matthewdgreen\/nistfoia\/blob\/master\/6.4.2014%20production\/011%20-%209.12%20Choosing%20a%20DRBG%20Algorithm.pdf\n                      \n                    , received through FOIA"},{"key":"17_CR23","unstructured":"National Institute for Standards and Technology. RNG workshop and standards development (2004). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/random_number.html#RNG%20WSD"},{"key":"17_CR24","unstructured":"National Institute for Standards and Technology. The NIST SP 800-90A Deterministic Random Bit Generator ValidationSystem (DRBGVS); current version from 2013, first version from 2009, 2013. \n                      http:\/\/csrc.nist.gov\/groups\/STM\/cavp\/documents\/drbg\/DRBGVS.pdf"},{"key":"17_CR25","unstructured":"National Institute for Standards and Technology. Compilation of public comments on 2005 draft of SP 800-90 (2014). \n                      http:\/\/csrc.nist.gov\/groups\/ST\/toolkit\/documents\/CommentsSP800-90_2006.pdf"},{"key":"17_CR26","unstructured":"National Institute for Standards and Technology. NIST FOIA material released to COV: X9.82 and NIST SP800-90 process, 10 June, 2014. \n                      http:\/\/csrc.nist.gov\/groups\/ST\/crypto-review\/review_materials.html"},{"key":"17_CR27","unstructured":"National Institute of Standards and Technology. Special Publication 800-90: Recommendation for random numbergeneration using deterministic random bit generators, 2012. First version June 2006, second version March 2007. \n                      http:\/\/csrc.nist.gov\/publications\/PubsSPs.html#800-90A"},{"key":"17_CR28","unstructured":"nymble. Interesting patent on use of ECC random number generator for \u2018escrow\u2019. Designed as backdoor in 2005. Twitter post on 3 December, 2013. \n                      https:\/\/twitter.com\/nymble\/status\/408023522284285952"},{"key":"17_CR29","unstructured":"Patent Application Information Retrieval (PAIR). Image file wrapper for provisional application 60644982 (2005). \n                      https:\/\/projectbullrun.org\/dual-ec\/documents\/60644982.pdf"},{"key":"17_CR30","unstructured":"Patent Application Information Retrieval (PAIR). Image file wrapper for patent application 11336814 (2006). \n                      https:\/\/projectbullrun.org\/dual-ec\/documents\/11336814.pdf"},{"key":"17_CR31","unstructured":"Perlroth, N., Larson, J., Shane, S.: N.S.A. able to foil basic safeguards of privacy on web. International New York Times, September 2013. \n                      http:\/\/www.nytimes.com\/2013\/09\/06\/us\/nsa-foils-much-internet-encryption.html"},{"key":"17_CR32","unstructured":"Rescorla, E., Salter, M.: Opaque PRF inputs for TLS. Internet-Draft version\u00a000, December 2006. \n                      http:\/\/tools.ietf.org\/html\/draft-rescorla-tls-opaque-prf-input-00"},{"key":"17_CR33","unstructured":"Rescorla, E., Salter, M.: Extended random values for TLS, Internet-Draft version\u00a002, March 2009. \n                      http:\/\/tools.ietf.org\/html\/draft-rescorla-tls-extended-random-02"},{"key":"17_CR34","unstructured":"Schneier, B.: Did NSA put a secret backdoor in new encryption standard? (2007). \n                      http:\/\/archive.wired.com\/politics\/security\/commentary\/securitymatters\/2007\/11\/securitymatters_1115"},{"key":"17_CR35","unstructured":"Schoenmakers, B., Sidorenko, A.: Cryptanalysis of the Dual Elliptic Curve pseudorandom generator. Cryptology ePrint Archive, Report 2006\/190 (2006). \n                      https:\/\/eprint.iacr.org\/2006\/190"},{"key":"17_CR36","unstructured":"Shumow, D., Ferguson, N.: On the possibility of a back door in the NIST SP800-90 Dual EcPrng.CRYPTO 2007 Rump Session, August 2007. \n                      http:\/\/rump2007.cr.yp.to\/15-shumow.pdf"},{"key":"17_CR37","unstructured":"United States Patent and Trademark Office.Review of applications for national security and property rightsissues. Manual of Patent Examining Procedure, Section 115 (2013). \n                      http:\/\/www.uspto.gov\/web\/offices\/pac\/mpep\/s115.html"}],"container-title":["Lecture Notes in Computer Science","The New Codebreakers"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-662-49301-4_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T14:51:30Z","timestamp":1559400690000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-662-49301-4_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783662493007","9783662493014"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-662-49301-4_17","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016]]}}}