7.3. Backdoor Attacks
Backdoor attacks on a public-key cryptosystem refer to attacks embedded in the key generation procedure (hardware or software) by the designer of the procedure. A contaminated cryptosystem is one in which the key generation procedure comes with hidden backdoors. A good backdoor attack should meet the following criteria:
To a user, keys generated by the contaminated system should be indistinguishable from those generated by an honest version of the cryptosystem. For example, the parameters and keys must look sufficiently random.
Keys generated by the contaminated system should satisfy the input/output requirements of an honest system. For example, for the RSA cryptosystem the user should be allowed to opt for small public ...