Texas Instruments signing key controversy

The Texas Instruments signing key controversy resulted from Texas Instruments' (TI) response to a project to factorize the 512-bit RSA cryptographic keys needed to write custom firmware to TI devices.

A TI-83+ graphing calculator displaying a sine wave

Project

edit

In July 2009, Benjamin Moody, a United-TI forum user, published the factors of a 512-bit RSA key used to sign the TI-83+ series graphing calculator. The discovery of the private key would allow end users to flash their own operating systems onto the device without having to use any special software. Moody used two free implementations of the general number field sieve, msieve and ggnfs; the computation took 73 days on a 1.9 GHz dual-core processor. This demonstrates the progress of hardware development: the factorization of the similar 512-bit RSA-155 in 1999 using the same algorithm required a large dedicated research group, 8000 MIPS-years of computing time, and a Cray C916 supercomputer.[1]

In response, members of the wider TI graphing calculators community (at yAronet) set up a BOINC-based distributed computing project, RSA Lattice Siever (RSALS for short), that quickly factored the other keys.[2] RSA Lattice Siever remained active for nearly three years after outliving its initial purpose, by factoring other integers for the mathematical community. After factoring over 400 integers,[3] RSALS moved to RSALS-inspired NFS@home[4] at the end of August 2012.

edit

Texas Instruments began by sending out two initial Digital Millennium Copyright Act (DMCA) take-down requests to the hackers, referring to sites or forum posts that they controlled.[5][6] The hackers responded by removing the keys, without consulting an attorney.[7] TI then sent further DMCA notices to a variety[8] of websites displaying the keys, including United-TI, Reddit, and Wikipedia.[9] Texas Instruments' efforts then became subject to the Streisand effect,[10] and the keys were mirrored on a number of sites, including WikiLeaks.[11] In September 2009, Dan Goodin from The Register alerted the Electronic Frontier Foundation (EFF) to TI's actions, and the EFF agreed to take on the case pro bono, representing three people who had received DMCA notices.

On October 13, 2009, the EFF sent a letter to TI warning them that the posting of the keys did not violate the DMCA, and that it might be liable for misrepresentation.[12] Despite the letter by the EFF, TI continued to send DMCA notices to websites that posted the keys, but stopped doing so after late 2009. The EFF filed a DMCA Section 512 counter-notice on behalf of three of the bloggers who received DMCA notices. When the EFF did not receive a response by the deadline, the bloggers reposted the content that had been taken down.[13]

Cryptographic keys

edit

The public RSA parameters of the original TI-83+ / TI-83+ Silver Edition OS signing key factored by Benjamin Moody are the following 512-bit modulus n and public (or encryption) exponent e (specified in hexadecimal):[14]

n = 82EF4009ED7CAC2A5EE12B5F8E8AD9A0AB9CC9F4F3E44B7E8BF2D57A2F2BEACE83424E1CFF0D2A5A7E2E53CB926D61F347DFAA4B35B205B5881CEB40B328E58F
e = 11

By factoring n, Moody obtained the factors p (252 bits) and q (260 bits), which can be used in turn to quickly compute the 512-bit private (or decryption)  :

p = B709D3A0CD2FEC08EAFCCF540D8A100BB38E5E091D646ADB7B14D021096FFCD
q = B7207BD184E0B5A0B89832AA68849B29EDFB03FBA2E8917B176504F08A96246CB
d = 4D0534BA8BB2BFA0740BFB6562E843C7EC7A58AE351CE11D43438CA239DD99276CD125FEBAEE5D2696579FA3A3958FF4FC54C685EAA91723BC8888F292947BA1

The value d can then be used to sign arbitrary OS software.

The keys factored by RSA Lattice Siever (the TI-92+, TI-73, TI-89, Voyage 200, TI-89 Titanium, TI-84+ / TI-84 Silver Edition OS signing and date-stamp signing keys) are similar but with different values of n, p, q, and d. A single date-stamp signing key is shared by all models.

See also

edit

References

edit
  1. ^ Herman te Riele (1999-08-26), New factorization record Archived 2021-06-24 at the Wayback Machine (announcement of factorization of RSA-155). Retrieved on 2008-03-10.
  2. ^ "All TI Signing Keys Factored — ticalc.org". www.ticalc.org. Retrieved 2009-09-21.
  3. ^ "NumbersRSALS Does not run anymore - Homepage - NFS@Home". October 14, 2012. Archived from the original on 2012-10-14.
  4. ^ "mersenneforum.org - View Single Post - BOINC NFS sieving - RSALS". www.mersenneforum.org. Archived from the original on 2022-11-15. Retrieved 2022-11-15.
  5. ^ "brandonw.net". brandonw.net. Archived from the original on 2024-07-01. Retrieved 2010-05-24.
  6. ^ "Signing Keys and the DMCA — ticalc.org". www.ticalc.org. Archived from the original on 2024-07-01. Retrieved 2009-09-21.
  7. ^ "Texas Instruments aims lawyers at calculator hackers". The Register. 2009-09-23. Archived from the original on 2011-01-01. Retrieved 2011-01-01.
  8. ^ "UPDATE: Hey, TI, Leave Those Kids Alone | Electronic Frontier Foundation". Eff.org. 2009-09-25. Archived from the original on 2024-07-01. Retrieved 2010-05-24.
  9. ^ "DMCA Texas Instruments". 2009-09-25. Archived from the original on November 25, 2011. Retrieved 2014-02-03.
  10. ^ "Schneier on Security: Texas Instruments Signing Keys Broken". www.schneier.com. Archived from the original on 2009-09-28. Retrieved 2009-10-06.
  11. ^ Suppressed Texas Instruments cryptographic signing keys, 28 Aug 2009 Archived 6 June 2010 at the Wayback Machineat WikiLeaks. on 10 April 2012.
  12. ^ "EFF Warns Texas Instruments to Stop Harassing Calculator Hobbyists". EFF official press release. 13 October 2009. Archived from the original on 2009-10-17. Retrieved 2009-10-25.
  13. ^ Granick, Jennifer (October 29, 2009). "Hey, Texas Instruments -- Stop Digging Holes". EFF Deeplinks Blog. Archived from the original on 2024-07-01. Retrieved 2009-10-29.
  14. ^ "File". WikiLeaks. Archived from the original on 2012-03-14. Retrieved 2012-04-10.
edit