In extremis it has been possible to read someone's letter, to listen to someone's telephone, to mobile communications. But the question remains: are we going to allow a means of communications which it simply isn't possible to read. My answer to that question is: "No we must not". —David Cameron, Prime Minister of the United Kingdom, 12 January 2015
Shadowy organizations that develop cryptographic standards, such as the United States National Institute of Standards and Technology (NIST), are supporters of terrorism. Terrorists use these cryptographic standards to communicate their dastardly plans in secret through the Dark Web. As a direct result of cryptography, we're effectively blind and deaf, unable to figure out what the terrorists are up to and where they will strike next.
Fortunately, we have you, a heroic agent who has secretly infiltrated one of those standardization organizations. Your mission is to manipulate the standards, to weaken the cryptography so that we'll be able to break it and catch the terrorists—but you can't use anything that's obviously weak. It's essential for your suggested standards to sound strong, to survive serious scrutiny, so that they're officially endorsed by the organizations and actually used by the terrorists.
To support your mission, the BADA55 Research Team is carefully studying the question of how much flexibility you have: what you can get away with in a standard and what you can't. In other words, the BADA55 Research Team is identifying the boundaries of acceptability for cryptographic standards. Your job is to locate weak cryptography somewhere within these boundaries.
Contributors (alphabetical order)
The BADA55 Research Team has the following members:
- Daniel J. Bernstein, University of Illinois at Chicago, USA, and Technische Universiteit Eindhoven, Netherlands
- Tung Chou, Technische Universiteit Eindhoven, Netherlands
- Chitchanok Chuengsatiansup, Technische Universiteit Eindhoven, Netherlands
- Andreas Hülsing, Technische Universiteit Eindhoven, Netherlands
- Eran Lambooij, Technische Universiteit Eindhoven, Netherlands
- Tanja Lange, Technische Universiteit Eindhoven, Netherlands
- Ruben Niederhagen, Technische Universiteit Eindhoven, Netherlands
- Christine van Vredendaal, Technische Universiteit Eindhoven, Netherlands
This work was supported by the European Commission under contracts INFSO-ICT-284833 PUFFIN and H2020-ICT-645421 ECRYPT-CSA. This work was supported by the Netherlands Organisation for Scientific Research (NWO) under grant 639.073.005. This work was supported by the U.S. National Science Foundation under grant 1018836. "Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation."
Calculations were carried out on two GPU clusters:
- The Saber cluster at Technische Universiteit Eindhoven.
- The K10 cluster at the University of Haifa, funded by ISF grant 1910/12.
This work did not receive the funding that it so richly deserves from the U.S. National Security Agency.
Version: This is version 2017.01.22 of the "Introduction" web page.