Texas Instruments signing key controversy

From Wikipedia, the free encyclopedia
Jump to: navigation, search
A TI-83+ graphing calculator

The Texas Instruments signing key controversy refers to the controversy which resulted from Texas Instruments' (TI) response to a project to factorize the 512-bit RSA cryptographic keys needed to write custom firmware to TI devices.

Project[edit]

In July 2009, Benjamin Moody, a United-TI forum user, published the factors of a 512-bit RSA key used to sign the TI-83+ series graphing calculator. The discovery of the private key would allow end users to flash their own operating systems onto the device without having to use any special software. Moody used two free implementations of the general number field sieve, msieve and ggnfs; the computation took 73 days on a 1.9 GHz dual-core processor. This demonstrates the progress of hardware development: the factorization of the similar 512-bit RSA-155 in 1999 using the same algorithm required a large dedicated research group, 8000 MIPS-years of computing time, and a Cray C916 supercomputer.[1]

In response, members of the wider TI graphing calculators community (at yAronet) set up a BOINC-based distributed computing project, RSA Lattice Siever (RSALS for short), that quickly factored the other keys.[2] RSA Lattice Siever remained active for nearly three years after outliving its initial purpose, by factoring other integers for the mathematical community. After factoring over 400 integers,[3] RSALS has moved to RSALS-inspired NFS@home[4] at the end of August 2012.

Legal response[edit]

Texas Instruments began by sending out two initial DMCA take-down requests to the hackers, referring to sites or forum posts that they controlled.[5][6] The hackers responded by removing the keys, without consulting an attorney.[7] TI then sent further DMCA notices to a variety[8] of websites displaying the keys, including United-TI, reddit, and Wikipedia.[9] Texas Instruments' efforts then became subject to the Streisand effect,[10] and the keys were mirrored on a number of sites, including WikiLeaks[11] and WordPress. In September 2009, Dan Goodin from The Register alerted the Electronic Frontier Foundation (EFF) to TI's actions, and the EFF agreed to take on the case pro bono, representing three people who had received DMCA notices.

On October 13, 2009, the EFF sent a letter to TI warning them that the posting of the keys did not violate the DMCA, and that it may be liable for misrepresentation.[12] Despite the letter by the EFF, TI continued to send DMCA notices to websites that posted the keys, but stopped doing so after late 2009. The EFF filed a DMCA Section 512 counter-notice on behalf of three of the bloggers who received DMCA notices. When the EFF did not receive a response by the deadline, the bloggers re-posted the content that had been taken down.[13]

Cryptographic keys[edit]

The public RSA parameters of the original TI-83+ / TI-83+ Silver Edition OS signing key factored by Benjamin Moody are the following 512-bit modulus n and public (or encryption) exponent e (specified in hexadecimal):[14]

n = 82EF4009ED7CAC2A5EE12B5F8E8AD9A0AB9CC9F4F3E44B7E8BF2D57A2F2BEACE
    83424E1CFF0D2A5A7E2E53CB926D61F347DFAA4B35B205B5881CEB40B328E58F
e = 11

By factoring n, Moody obtained the factors p (252 bits) and q (260 bits), which can be used in turn to quickly compute the 512-bit private (or decryption) exponent d = e−1 mod (p−1)(q−1):

p = B709D3A0CD2FEC08EAFCCF540D8A100BB38E5E091D646ADB7B14D021096FFCD
q = B7207BD184E0B5A0B89832AA68849B29EDFB03FBA2E8917B176504F08A96246CB
d = 4D0534BA8BB2BFA0740BFB6562E843C7EC7A58AE351CE11D43438CA239DD9927
    6CD125FEBAEE5D2696579FA3A3958FF4FC54C685EAA91723BC8888F292947BA1

The value d can then be used to sign arbitrary OS software.

The keys factored by RSA Lattice Siever (the TI-92+, TI-73, TI-89, Voyage 200, TI-89 Titanium, TI-84+ / TI-84 Silver Edition OS signing and date-stamp signing keys) are similar but with different values of n, p, q, and d. A single date-stamp signing key is shared by all models.

See also[edit]

References[edit]

  1. ^ Herman te Riele (1999-08-26), New factorization record (announcement of factorization of RSA-155). Retrieved on 2008-03-10.
  2. ^ "All TI Signing Keys Factored — ticalc.org". www.ticalc.org. Retrieved 2009-09-21. 
  3. ^ http://boinc.unsads.com/rsals/crunching.php
  4. ^ http://www.mersenneforum.org/showpost.php?p=306539&postcount=434
  5. ^ "brandonw.net". brandonw.net. Retrieved 2010-05-24. 
  6. ^ "Signing Keys and the DMCA — ticalc.org". www.ticalc.org. Retrieved 2009-09-21. 
  7. ^ "Texas Instruments aims lawyers at calculator hackers". The Register. 2009-09-23. Retrieved 2011-01-01. 
  8. ^ "UPDATE: Hey, TI, Leave Those Kids Alone | Electronic Frontier Foundation". Eff.org. 2009-09-25. Retrieved 2010-05-24. 
  9. ^ "DMCA Texas Instruments". 2009-09-25. Retrieved 2014-02-03. 
  10. ^ "Schneier on Security: Texas Instruments Signing Keys Broken". www.schneier.com. Retrieved 2009-10-06. 
  11. ^ Suppressed Texas Instruments cryptographic signing keys, 28 Aug 2009 at WikiLeaks. Archived on 10 April 2012.
  12. ^ "EFF Warns Texas Instruments to Stop Harassing Calculator Hobbyists". EFF official press release. Retrieved 2009-10-25. 
  13. ^ Granick, Jennifer (October 29, 2009). "Hey, Texas Instruments -- Stop Digging Holes". EFF Deeplinks Blog. Retrieved 2009-10-29. 
  14. ^ "File". WikiLeaks. Archived from the original on 2012-04-10. Retrieved 2012-04-10. 

External links[edit]