Cryptographer Announces $12K Bounty to Find the Lost Seeds to 5 NIST Elliptic Curves

Long-time Slashdot reader mejustme writes: The NIST elliptic curves that power much of modern cryptography were generated in the late '90s by hashing seeds provided by the NSA. Rumor has it that they are in turn hashes of English sentences, but the person who picked them, Dr. Jerry Solinas, passed away in early 2023 leaving behind a cryptographic mystery."

That's from the blog of Filippo Valsorda, who was in charge of cryptography and security on the Go team at Google until 2022, (and was on the Cryptography team at Cloudflare until 2017). But more importantly, he adds that "I'm announcing a $12,288 bounty for cracking these five hashes, tripled to $36,864 if the recipient chooses to donate it to a 501(c)(3) charity of their choice."

There are hints to which phrase was used as the seed. [Before his death] Dr. Jerry Solinas said he thought he'd used something similar to "Jerry deserves a raise.

Our DB admin passed away.

[ls671]

Our DB admin passed away so we lost the database admin password.

Re:

[backslashdot]

How rude of him.

Re:

[NFN_NLN]

He was a firm believer in not writing passwords down, for security reasons.

Re:Our DB admin passed away.

[znrt]

that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

Re:

[michelcolman]

They must have used a Neuralink then. Interesting feature.

Re:

[bill_mcgonigle]

They had to get an advanced medium who knows how to do an encrypted channel.

Re:

[fahrbot-bot]

that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

"The quick round Russian hacker jumped over the lazy System Administrator."

Re:

[swillden]

that seed isn't really relevant, nobody needs to know what it was. what's relevant here is that high order brain activity after death has been demonstrated:

Dr. Jerry Solinas, passed away in early 2023 ... thinks he used something similar to "Jerry deserves a raise.

Funny, but the actual point here is to see if they were really seeded from something not carefully selected to have a back door.

There has long been a vague suspicion that the NIST elliptic curves are backdoored, that the values were chosen very specifically to exploit some subtle mathematical structure the NSA knows about, allowing it to defeat the security of the curves when it chooses to. If the values instead turn out to be something like SHA1("Jerry deserves a raise") then we'll have pretty strong evi

Re:

[arglebargle_xiv]

It's OK, before he died he said he'd have a USB key flown to me with the seeds on it. He entrusted it to some caterer he knew, Yevgeny Pritkin or something, he was going to deliver it via his private Embraer Legacy 600.

Re:

[techno-vampire]

Passwords like that should always be written down, placed in a sealed envelope and stored in a safe location. One good way is to have the company's attorney keep it in his safe. Another is to put it in a safe deposit box with the key held by somebody trusted, such as that attorney.

Re:

[war4peace]

It's a PITA to do that every 3 months.

Re:

[MooseTick]

Its a bigger PITA when that password is long and the data is unrecoverable.

Re:

[war4peace]

...Or have a secondary person know the password.

My suggestion

[quonset]

Was going to be, "Jerry's not here right now [clip.cafe]" which is a phrase from the movie 40 Days and 40 Nights [imdb.com], but the movie came out in 2002, so after the seeds were created.

As a side note, considering how often we talk about backups, did it never occur to someone, even Jerry, that those seeds should be recorded somewhere? As one of the first posts relates, if something happens to someone who has all the keys, and nothing is written down, you're locked out.

Re:

[dknj]

could be recorded somewhere

Do you have a posthumous plan for your shared keys? Didn't think so. Once you die, your next of kin will probably just format your hard drives once they figure out the wifi password

Re:

[quonset]

1) I have no next of kin.

2) My current kin have no idea how to format anything.

3) I have written down all the passwords for my accounts, banking or otherwise, and have a duplicate copy.

Next question?

Re:

[pjt33]

If you have current kin, you have next of kin. It doesn't mean descendants: it means the nearest relative(s).

Re:

[XXongo]

1) I have no next of kin.

Everyone has next of kin, unless they were spawned by spontaneous generation.

What you must mean is "I don't know who my next of kin is."

Re:

[war4peace]

Example: Single child, never married, is of old age, passed away parents had no brothers or sisters, etc.
Of course, technically everyone in the world has a very distant "next of kin". Figuring out exactly who that is could be practically impossible.

Re:

[UnknowingFool]

Figuring out exactly who that is could be practically impossible.

We are not in Medieval Europe during the Dark Ages. Unless someone has zero records everywhere, it is not impossible especially in an era where entire family genealogies and government records are online. Realistically if deceased person has no identity, it would be harder but DNA is increasingly overcoming that obstacle.

Re:

[DarkOx]

believe it or not the probate courts will in many cases walk up the family tree quite a bit it depends a lot on state law. Those movies where someone finds out their distant cousin they never knew about passed away and they are to inherit the farm stead are not entirely fictional.

In some parts of the country it is a big problem because certain classes of individuals with lower literacy rates tended have property go in probate more often and again due to a period where human property was a thing here in the

Re: My suggestion

[VaccinesCauseAdults]

The first sixteen words of the article are as follows: "The NIST elliptic curves that power much of modern cryptography were generated in the late '90s"

Re:

[HiThere]

Does it matter? Presumably there are lots of ways to generate the exact same seeds, and once you have the seed, you no longer need the method you used to generate them.

I'm willing to be shown to be wrong, but this looks to me like a PR stunt. One where they don't expect to need to pay off the prize.

Re:

[andy55]

Does it matter? Presumably there are lots of ways to generate the exact same seeds, and once you have the seed, you no longer need the method you used to generate them.

...this looks to me like a PR stunt.

Agree! And yes, the number of infinite string constructions is large! It's the enumeration of infinity that kills. :D

Re:

[smoot123]

Does it matter? Presumably there are lots of ways to generate the exact same seeds, and once you have the seed, you no longer need the method you used to generate them.

Not being a cryptography expert (closer to the exact opposite), one might need the seeds to show there is no hidden back door in the algorithms. To be specific, it might be that by picking the right seeds, the NSA, CIA, or other dark TLAs can easily brute force a decryption. I don't know if that's a computationally plausible. Given that the NSA paid RSA to support an encryption library the NSA knew they could crack, it sure seems something we need to consider.

Re:

[ceoyoyo]

I imagine it's someone who's interested in preserving a quirky bit of history. Although, as another poster further up pointed out, knowing the seed could provide some information about whether the NSA was playing fair with NIST.

Safer and easier just to not use NSA elliptic curves though.

Re:

[ceoyoyo]

It's not a key, it's a seed used to generate a key. Do you know the seed you used to generate your SSH keys?

Cracked the secret code

[dfm3]

SEED = SHA1("Be sure to drink your Ovaltine.")

Re:

[Anonymous Coward]

I figured it was "Joe_Dragon's (2206452) nonsensical posts are important ciphertexts".

Re: Cracked the secret code

[HammerOn1024]

I'm partial to "You'll shoot your eye out kid!"

Waste of time.

[Gravis Zero]

There's no value in recreating these values. Seriously, none. The best case scenario is wasting a huge amount of resources (electricity and brainpower) and finding the pre-seed which some folks will only take as evidence of being spiked. The worst case scenario is wasting a huge amount of resources and not find it, thereby fueling suspicions even more than before. There is no winning.

The ONLY way to eliminate uncertainty is to switch to using a set of impossible to spike (e.g. the first X digits of the cube

Re:

[quantaman]

There's no value in recreating these values. Seriously, none.

I'm guessing you're not big on museums then.

Magic words

[kmoser]

"The Magic Words are Squeamish Ossifrage"

Re:

[HiThere]

How about "Correct horse battery staple"?

Re: Magic words

[LaughingRadish]

Reindeer Flotilla

Just ask the nsa under a foi

[Growlley]

because there is no way they passed up that temptation.

It's a trap!

[RogueWarrior65]

Food for thought.

There are continuing rumors about NISTs curves

[sinkskinkshrieks]

Tainted with NSA involvement like with Dual_EC_DRBG.

And then they lack a sound rubric or evidence for construction of cryptographic primitives. NIST has gone full Idiocracy.