Some thoughts on suborning encryption chips

There are essentially two ‘safe’ ways to add a backdoor to an encryption chip. First, each individual chip can be fitted with a unique per-chip AES encryption key known only to the chip manufacturer and the NSA. This key would then be used to ECB-encrypt the AES/RC4 session keys used to protect each session and the resulting (random-looking) bits would be stashed into a nonce field or IV.

Since the exfliltration key would never be shared between two different chips, reverse engineering one device should give the attacker no capability to attack other deployed systems. However this approach has a significant manufacturing cost overhead.

The less invasive approach is to embed a single fixed elliptic curve public key into all chips, then use this public key to encrypt the session key. This requires a bit of engineering, since the chip must already support EC public key encryption capability (RSA is also possible, but at a much greater cost in terms of bandwidth). Moreover, the encrypted key must be indistinguishable from random bytes, something the NSA has screwed up spectacularly in the past.

A much easier approach is to simply eschew safety altogether and use a fixed AES key that’s common to all chips. But the NSA would never do something that risky. Right?