Bounty to Recover NIST’s Elliptic Curve Seeds

2023-10-12 11:09

The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. How were the seeds generated? Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery, some conspiracy theories, and an historical password cracking challenge.

So there's a $12K prize to recover the hash seeds.

Some of the backstory here: it's lately been circulating-though I think this may have been somewhat common knowledge among practitioners, though definitely not to me-that the "Random" seeds for the NIST P-curves, generated in the 1990s by Jerry Solinas at NSA, were simply SHA1 hashes of some variation of the string "Give Jerry a raise".

At the time, the "Pass a string through SHA1" thing was meant to increase confidence in the curve seeds; the idea was that SHA1 would destroy any possible structure in the seed, so NSA couldn't have selected a deliberately weak seed.

When Jerry Solinas went back to reconstruct the seeds, so NIST could demonstrate that the seeds really were benign, he found that he'd forgotten the string he used!

If you're a true conspiracist, you're certain nobody is going to find a string that generates any of these seeds.

News URL

https://www.schneier.com/blog/archives/2023/10/bounty-to-recover-nists-elliptic-curve-seeds.html

#bounty #nist