Law enforcement agencies and government organizations including the NSA could place trapdoors on millions of Diffie-Hellman-generated cryptographic keys to decrypt websites, applications, and encrypted messaging tools.
It was revealed in a new study led by a team of University of Pennsylvania researchers.
Since early 2000, the Diffie-Hellman (DH) key exchange has been considered as the backbone of many cryptographic systems due to its unique simultaneous key generation technique. During a DH exchange, two parties create a key together, which later can be used to encrypt the traffic.
Systematically, it is virtually impossible to figure out the encryption key even through advanced analysis and investigation.
Vulnerabilities & Creation of Elliptic Curve Cryptography
As most Bitcoin users know by now, Bitcoin as well as many other cryptocurrencies are based on elliptic curve cryptography that utilizes algebraic curves to generate keys, instead of modular arithmetic which is used in the DH exchange.
The comparably simplistic encryption and key generation method of DH exchange can lead to a series of vulnerabilities that can be targeted by computationally inexpensive attacks as seen in the Logjam attack, which compromised a wide range of internet services and applications to drain confidential data.
Authors of the Logjam attacks, which mainly consists of computer scientists at CNRS, estimate that the NSA could easily break the DH cryptography within its budget. That means, top 1 mln domains on the HTTPS protocol, which accounts for 8.4% of all domains, are vulnerable to Logjam attacks.
“We show that we are never going to be able to detect primes that have been properly trapdoored. However, right now we know exactly how the trapdoor works, and [we] can quantify the massive advantage it gives to the attacker. So, people should start asking pointed questions about how the opaque primes in some implementations and standards were generated,” University of Pennsylvania researcher said in an interview.
Elliptic Curve Cryptography was introduced for this precise reason, to cover up the vulnerabilities in the widely used DH exchange. Cryptocurrencies like Bitcoin and any other advanced cryptographic networks are completely safe from government trapdoors, which have been described as a massive spying tool that could exploit most implemented encrypted systems.