Dual EC: a standardized back door

D.J. Bernstein, T. Lange, R. Niederhagen

Research output: Chapter in Book/Report/Conference proceedingChapterAcademicpeer-review

30 Citations (Scopus)


Dual EC is an algorithm to compute pseudorandom numbers starting from some random input. Dual EC was standardized by NIST, ANSI, and ISO among other algorithms to generate pseudorandom numbers. For a long time this algorithm was considered suspicious – the entity designing the algorithm could have easily chosen the parameters in such a way that it can predict all outputs – and on top of that it is much slower than the alternatives and the numbers it provides are more biased, i.e., not random. The Snowden revelations, and in particular reports on Project Bullrun and the SIGINT Enabling Project, have indicated that Dual EC was part of a systematic effort by NSA to subvert standards. This paper traces the history of Dual EC including some suspicious changes to the standard, explains how the back door works in real-life applications, and explores the standardization and patent ecosystem in which the standardized back door stayed under the radar.

Original languageEnglish
Title of host publicationThe New Codebreakers : Essays Dedicated to David Kahn on the Occasion of His 85th Birthday
EditorsP.Y.A. Ryan, D. Naccache, J.J. Quisquater
Place of PublicationDordrecht
Number of pages26
ISBN (Electronic)978-3-662-49301-4
ISBN (Print)978-3-662-49300-7
Publication statusPublished - 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


  • ANSI
  • Back doors
  • Certicom
  • ISO
  • NIST
  • NSA
  • Random-number generation
  • RSA
  • Undead RNGs


Dive into the research topics of 'Dual EC: a standardized back door'. Together they form a unique fingerprint.

Cite this