Filippo Valsorda, a cryptographic module administrator in Go and creator of the mkcert project, has announced a valuable reward of 12,288 US dollars (12 KiUSD) for anyone who can find the origin of the constants in Elliptic Curve P-192, P-224, P-256, P-384, and P-521 declared by NIST but created by Jerry Solinas, who works at the NSA.
These constants are published by NIST according to the FIPS 186 standard, which is a widely used security standard. It is crucial for users to trust that the chosen constants do not have any vulnerabilities. The selection process for these constants, according to NIST, should be “verifiably random.”
Solinas stated that he created these constants by hashing English sentences. However, he forgot which sentences he used and lost the code he used. When asked about the origin of the constants, Solinas tried to recreate the sentences but failed to find matching values.
If Solinas indeed created the constants from English sentences, it is speculated that he might have used the SHA-1 hashing algorithm. However, nobody is certain about the exact code used. It could involve multiple rounds of hashing or other techniques to expand the values to the required size.
The lack of knowledge about the origin of these constants raises concerns about whether NIST deliberately chose weak constants, similar to what happened with Dual_EC_DRBG. Knowing that their origin can be transparent would help alleviate some of these concerns, even though the risk is minimal, as these constants have been in use for a long time without any reported vulnerabilities.
Valsorda announced this reward, and to qualify for the full reward, the winners must find the origin of all five constants. If they only find one constant, they will receive half of the reward, while the other four origins will be rewarded separately. Valsorda recommends searching for the origin of other hash values proposed by NIST but not yet standardized, such as B-163 and B-233. However, these values are not eligible for the reward. If the winners choose not to accept the reward, they can donate it to a charitable organization, and Valsorda will contribute double the amount.
TLDR: Filippo Valsorda has offered a significant cash reward for uncovering the origin of cryptographic constants used in Elliptic Curve P-192, P-224, P-256, P-384, and P-521. These constants were declared by NIST but created by Jerry Solinas of the NSA. The lack of knowledge about their origin raises concerns, and Valsorda aims to encourage research in this area. Successful participants will receive a reward, and they are also encouraged to investigate other hash values proposed by NIST. If winners choose not to accept the reward, they can donate it to charity, with Valsorda doubling the amount.