Texas Instruments signing key controversy
   HOME

TheInfoList



Click Here for Items Related To - Texas Instruments signing key controversy
OR:
Texas Instruments signing key controversy on:   [Wikipedia]   [Google]   [Amazon]

The Texas Instruments signing key controversy resulted from
Texas Instruments Texas Instruments Incorporated (TI) is an American technology company headquartered in Dallas, Texas, that designs and manufactures semiconductors and various integrated circuits, which it sells to electronics designers and manufacturers globa ...
' (TI) response to a project to factorize the 512- bit RSA cryptographic keys needed to write custom
firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
to TI devices.


Project

In July 2009, Benjamin Moody, a United-TI forum user, published the factors of a 512-bit RSA key used to sign the TI-83+ series graphing calculator. The discovery of the private key would allow end users to flash their own
operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...
s onto the device without having to use any special software. Moody used two free implementations of the
general number field sieve In number theory, the general number field sieve (GNFS) is the most efficient classical algorithm known for factoring integers larger than . Heuristically, its complexity for factoring an integer (consisting of bits) is of the form :\exp\lef ...
, msieve and ggnfs; the computation took 73 days on a 1.9 GHz dual-core processor. This demonstrates the progress of hardware development: the factorization of the similar 512-bit RSA-155 in 1999 using the same algorithm required a large dedicated research group, 8000 MIPS-years of computing time, and a Cray C916 supercomputer. In response, members of the wider TI graphing calculators community (at yAronet) set up a BOINC-based
distributed computing A distributed system is a system whose components are located on different networked computers, which communicate and coordinate their actions by passing messages to one another from any system. Distributed computing is a field of computer sci ...
project, RSA Lattice Siever (RSALS for short), that quickly factored the other keys. RSA Lattice Siever remained active for nearly three years after outliving its initial purpose, by factoring other integers for the mathematical community. After factoring over 400 integers, RSALS moved to RSALS-inspired NFS@home at the end of August 2012.


Legal response

Texas Instruments began by sending out two initial
Digital Millennium Copyright Act The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or ...
(DMCA) take-down requests to the hackers, referring to sites or forum posts that they controlled. The hackers responded by removing the keys, without consulting an attorney. TI then sent further DMCA notices to a variety of
website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and W ...
s displaying the keys, including United-TI,
Reddit Reddit (; stylized in all lowercase as reddit) is an American social news aggregation, content rating, and discussion website. Registered users (commonly referred to as "Redditors") submit content to the site such as links, text posts, imag ...
, and
Wikipedia Wikipedia is a multilingual free online encyclopedia written and maintained by a community of volunteers, known as Wikipedians, through open collaboration and using a wiki-based editing system. Wikipedia is the largest and most-read refer ...
. Texas Instruments' efforts then became subject to the Streisand effect, and the keys were mirrored on a number of sites, including
WikiLeaks WikiLeaks () is an international non-profit organisation that published news leaks and classified media provided by anonymous sources. Julian Assange, an Australian Internet activist, is generally described as its founder and director and ...
. In September 2009, Dan Goodin from ''
The Register ''The Register'' is a British technology news website co-founded in 1994 by Mike Magee, John Lettice and Ross Alderson. The online newspaper's masthead sublogo is "''Biting the hand that feeds IT''." Their primary focus is information tec ...
'' alerted the
Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...
(EFF) to TI's actions, and the EFF agreed to take on the case ''
pro bono ( en, 'for the public good'), usually shortened to , is a Latin phrase for professional work undertaken voluntarily and without payment. In the United States, the term typically refers to provision of legal services by legal professionals for pe ...
'', representing three people who had received DMCA notices. On October 13, 2009, the EFF sent a letter to TI warning them that the posting of the keys did not violate the DMCA, and that it might be liable for
misrepresentation In common law jurisdictions, a misrepresentation is a false or misleading '' R v Kylsant'' 931/ref> statement of fact made during negotiations by one party to another, the statement then inducing that other party to enter into a contract. The ...
. Despite the letter by the EFF, TI continued to send DMCA notices to websites that posted the keys, but stopped doing so after late 2009. The EFF filed a DMCA Section 512 counter-notice on behalf of three of the bloggers who received DMCA notices. When the EFF did not receive a response by the deadline, the bloggers reposted the content that had been taken down.


Cryptographic keys

The public RSA parameters of the original TI-83+ / TI-83+ Silver Edition OS signing key factored by Benjamin Moody are the following 512-bit modulus ''n'' and public (or encryption) exponent ''e'' (specified in
hexadecimal In mathematics and computing, the hexadecimal (also base-16 or simply hex) numeral system is a positional numeral system that represents numbers using a radix (base) of 16. Unlike the decimal system representing numbers using 10 symbols, he ...
): n = 82EF4009ED7CAC2A5EE12B5F8E8AD9A0AB9CC9F4F3E44B7E8BF2D57A2F2BEACE83424E1CFF0D2A5A7E2E53CB926D61F347DFAA4B35B205B5881CEB40B328E58F e = 11 By factoring ''n'', Moody obtained the factors ''p'' (252 bits) and ''q'' (260 bits), which can be used in turn to quickly compute the 512-bit private (or decryption) d=e^ \bmod (p-1)(q-1): p = B709D3A0CD2FEC08EAFCCF540D8A100BB38E5E091D646ADB7B14D021096FFCD q = B7207BD184E0B5A0B89832AA68849B29EDFB03FBA2E8917B176504F08A96246CB d = 4D0534BA8BB2BFA0740BFB6562E843C7EC7A58AE351CE11D43438CA239DD99276CD125FEBAEE5D2696579FA3A3958FF4FC54C685EAA91723BC8888F292947BA1 The value ''d'' can then be used to sign arbitrary OS software. The keys factored by RSA Lattice Siever (the TI-92+, TI-73,
TI-89 The TI-89 and the TI-89 Titanium are graphing calculators developed by Texas Instruments (TI). They are differentiated from most other TI graphing calculators by their computer algebra system, which allows symbolic manipulation of algeb ...
, Voyage 200,
TI-89 The TI-89 and the TI-89 Titanium are graphing calculators developed by Texas Instruments (TI). They are differentiated from most other TI graphing calculators by their computer algebra system, which allows symbolic manipulation of algeb ...
Titanium, TI-84+ / TI-84 Silver Edition OS signing and date-stamp signing keys) are similar but with different values of ''n'', ''p'', ''q'', and ''d''. A single date-stamp signing key is shared by all models.


See also

*
AACS encryption key controversy A controversy surrounding the AACS cryptographic key arose in April 2007 when the Motion Picture Association of America and the Advanced Access Content System Licensing Administrator, LLC (AACS LA) began issuing cease and desist letters to we ...
* DeCSS * Illegal number


References


External links

* at the
Internet Archive The Internet Archive is an American digital library with the stated mission of "universal access to all knowledge". It provides free public access to collections of digitized materials, including websites, software applications/games, music, ...
. . {{TI-calc Graphing calculators Texas Instruments programmable calculators Key management Cryptography law Hardware restrictions 2009 in American law 2009 controversies Digital Millennium Copyright Act takedown incidents