[baybal2]

And obligatory reference to Backdoored Streebog cipher : https://eprint.iacr.org/2016/071 https://www.sstic.org/media/SSTIC2019/SSTIC-actes/RussianSty...

The backdoor was hidden in the plain sight: the s-box was said to be randomly picked, but years long evasive answers of authors about cryptographic properties of the box made people to think that there was something really not right with it.

If not for that specifically putting aim at the s-box, there would have been no chance anybody found that.

3 years later, and Perrin's paper comes, and it is discovered that almost a new domain of math is buried in that s-box.

Nobody yet discovered what unusual math properties of that s-box do, but nobody now doubts it being a backdoor of some kind.

[baobabKoodaa]

This story is eerily reminiscient of the s-box in DES, except in that case there was no backdoor, the researchers had simply discovered a novel attack method, crafted their s-box to protect against that method, and then kept the attack unpublished for decades:

> The eight S-boxes of DES were the subject of intense study for many years out of a concern that a backdoor (a vulnerability known only to its designers) might have been planted in the cipher. The S-box design criteria were eventually published (in Coppersmith 1994) after the public rediscovery of differential cryptanalysis, showing that they had been carefully tuned to increase resistance against this specific attack. Biham and Shamir found that even small modifications to an S-box could significantly weaken DES.

https://en.wikipedia.org/wiki/S-box

[Qub3d]

I find it such a shame that such amazing mathematical research was pumped into ultimately producing such a backward-minded result.

At the very least I suppose we will be able to glean more knowledge out of it in the end.

[hnews_account_1]

Is there a layman version of this? Something non cryptographers can grasp?

[theamk]

here is a quote:

> designers of Streebog and Kuznyechik purposefully hid a structure in this component. This structure is very strong, very uncommon and interacts in a non-trivial way with the other main component of Streebog.

> In light of these results, we urge security professionals to avoid these algorithms.

It's like this: imagine some government released plans for super-secure safe, and for some reason, deep in those plans, there is an instruction to make an 1/4" hole in the door, at the specific exact position. There is no justification or explanation for this hole, just a mention that it must be present or the safe is not going to be certified.

So people wonder why it was placed on the plan. If there were a good reason, why not tell it? Perhaps NSA/FSB has some new method to crack safes, and this hole is needed for it? Better be careful, and avoid using that specific safe model.

[hnews_account_1]

Sorry, I should've been clearer. I was asking if there was a mathematical treatment aimed at a generally educated audience. I understand elliptic curves even if I don't fully know the ins and outs of the diffie hellman and how it is used there. So like non cryptographers but generally technical people.