Texas Instruments signing key controversy
Encyclopedia
Texas Instruments
Texas Instruments Inc. , widely known as TI, is an American company based in Dallas, Texas, United States, which develops and commercializes semiconductor and computer technology...
' (TI) response to a project to factorize
RSA problem
In cryptography, the RSA problem summarizes the task of performing an RSA private-key operation given only the public key. The RSA algorithm raises a message to an exponent, modulo a composite number N whose factors are not known. As such, the task can be neatly described as finding the eth roots...
the 512-bit
Bit
A bit is the basic unit of information in computing and telecommunications; it is the amount of information stored by a digital device or other physical system that exists in one of two possible distinct states...
RSA cryptographic keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
needed to write custom firmware
Firmware
In electronic systems and computing, firmware is a term often used to denote the fixed, usually rather small, programs and/or data structures that internally control various electronic devices...
to TI devices.
Project
In July 2009, Benjamin Moody, a United-TI forumInternet forum
An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are at least temporarily archived...
user, published the factors
Integer factorization
In number theory, integer factorization or prime factorization is the decomposition of a composite number into smaller non-trivial divisors, which when multiplied together equal the original integer....
of a 512-bit RSA key used to sign the TI-83+ series
TI-83 series
The TI-83 series of graphing calculators is manufactured by Texas Instruments.The original TI-83 is itself an upgraded version of the TI-82. Released in 1996, it is one of the most used graphing calculators for students...
graphing calculator. The discovery of the private key would allow end users to flash
Flash memory
Flash memory is a non-volatile computer storage chip that can be electrically erased and reprogrammed. It was developed from EEPROM and must be erased in fairly large blocks before these can be rewritten with new data...
their own operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s onto the device without having to use any special software. According to Moody, he had used two free implementations of the general number field sieve
General number field sieve
In number theory, the general number field sieve is the most efficient classical algorithm known for factoring integers larger than 100 digits...
, msieve and ggnfs; the computation took 73 days on a 1.9 GHz dual-core processor. This demonstrates the progress of hardware development: the factorization of the similar 512-bit RSA-155 in 1999 using the same algorithm required a large dedicated research group, 8000 MIPS-years of computing time, and a Cray C916
Cray C90
The Cray C90 series was a vector processor supercomputer launched by Cray Research in 1991. The C90 was a development of the Cray Y-MP architecture. Compared to the Y-MP, the C90 processor had a dual vector pipeline and a faster 4.1 ns clock cycle , which together gave three times the...
supercomputer.
In response, the United-TI community set up a BOINC-based distributed computing
Distributed computing
Distributed computing is a field of computer science that studies distributed systems. A distributed system consists of multiple autonomous computers that communicate through a computer network. The computers interact with each other in order to achieve a common goal...
project, RSA Lattice Siever, that quickly cracked
Software cracking
Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods: copy protection, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances...
the other keys.
Although its original goal has been achieved, RSA Lattice Siever is still active; it is now working to factor other integers for the mathematical community.
Legal response
Texas Instruments began by sending out two initial DMCADigital Millennium Copyright Act
The Digital Millennium Copyright Act is a United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization . It criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to...
take-down requests to the hackers, referring to sites or forum posts that they controlled. The hackers responded by removing the keys, without consulting an attorney. TI then sent further DMCA notices to a variety of different website
Website
A website, also written as Web site, web site, or simply site, is a collection of related web pages containing images, videos or other digital assets. A website is hosted on at least one web server, accessible via a network such as the Internet or a private local area network through an Internet...
s displaying the keys, including United-TI, reddit
Reddit
reddit is a social news website where the registered users submit content, in the form of either a link or a text "self" post. Other users then vote the submission "up" or "down," which is used to rank the post and determine its position on the site's pages and front page.Reddit was originally...
, and Wikipedia
Wikipedia
Wikipedia is a free, web-based, collaborative, multilingual encyclopedia project supported by the non-profit Wikimedia Foundation. Its 20 million articles have been written collaboratively by volunteers around the world. Almost all of its articles can be edited by anyone with access to the site,...
. Texas Instruments' efforts then became subject to the Streisand effect
Streisand effect
The Streisand effect is a primarily online phenomenon in which an attempt to hide or remove a piece of information has the unintended consequence of publicizing the information more widely...
, and the keys were mirrored on a number of different sites, including Wikileaks
Wikileaks
WikiLeaks is an international self-described not-for-profit organisation that publishes submissions of private, secret, and classified media from anonymous news sources, news leaks, and whistleblowers. Its website, launched in 2006 under The Sunshine Press organisation, claimed a database of more...
and WordPress
WordPress
WordPress is a free and open source blogging tool and publishing platform powered by PHP and MySQL. It is often customized into a content management system . It has many features including a plug-in architecture and a template system. WordPress is used by over 14.7% of Alexa Internet's "top 1...
. In September 2009, Dan Goodin from The Register
The Register
The Register is a British technology news and opinion website. It was founded by John Lettice, Mike Magee and Ross Alderson in 1994 as a newsletter called "Chip Connection", initially as an email service...
alerted the Electronic Frontier Foundation
Electronic Frontier Foundation
The Electronic Frontier Foundation is an international non-profit digital rights advocacy and legal organization based in the United States...
(EFF) to TI's actions, and the EFF agreed to take on the case pro bono
Pro bono
Pro bono publico is a Latin phrase generally used to describe professional work undertaken voluntarily and without payment or at a reduced fee as a public service. It is common in the legal profession and is increasingly seen in marketing, technology, and strategy consulting firms...
, representing three people who had received DMCA notices.
On October 13, 2009, the EFF sent a letter to TI warning them that the posting of the keys did not violate the DMCA, and that it may be liable for misrepresentation. Despite the letter by the EFF, TI continued to send DMCA notices to websites that posted the keys, but stopped doing so after late 2009. The EFF filed a DMCA Section 512 counter-notice on behalf of three of the bloggers who received DMCA notices. When the EFF did not receive a response by the deadline, the bloggers re-posted the content that had been taken down.