← Investigations

INV-002

illusoryTLS

Nobody but us: one poisoned certificate against the entire trust architecture

A Pwnshow Investigation · 2014–2015 · Status: completed · Programs: Investigations

illusoryTLS — cover

1. The question

The Web’s trust rests on a certificate store: a few hundred Certification Authority certificates that browsers and servers treat as axioms. INV-002 asks what one corrupted axiom does to everything built on it — specifically, whether a single CA certificate carrying a secretly embedded backdoor can be made indistinguishable from an honest one, and what its mere presence does to the security of the whole X.509 Public Key Infrastructure. It is the trust-architecture instance of the series’ recurring finding: systems fail at the component everyone assumed was trustworthy. The lesson it isolated here — that a trust regime collapses to the strength of its weakest implicitly trusted element — is carried forward explicitly into INV-007’s analysis of AI safety guardrails that fail silently under modification.

2. Method note

Movements. Conceive the adversarial process; execute to the standard of evidence; translate across registers. The conceived process was a constructive proof by demonstration: rather than argue that a backdoored trust anchor was possible, build a working one and a complete TLS client–server system around it, then show that neither the code nor the certificate reveals anything amiss under inspection.

Instruments. An instance of the Young–Yung SETUP construction — an elliptic-curve asymmetric backdoor in RSA key generation — embedded in the RSA modulus of a CA certificate; a minimal HTTPS client and TLS server built on an unmodified open-source Haskell library (network-simple-tls), so that the surrounding system is demonstrably clean and the backdoor lives entirely in data; and an original embedding technique using Elligator to close a detectability gap present in prior variants (see below). The threat model was stated explicitly: an adversary able to influence standards, interdict the supply chain, or simply build the CA’s key-generation module.

Exclusions. No backdoor was placed in the endpoints’ credentials or in any system code — the entire compromise resides in one trust anchor, by design, to isolate the variable under study. The work assessed whether current IT-product security certification (Common Criteria protection profiles for CA key generation, EN 319 411-3, at the assurance levels industry actually demands) could exclude such a backdoor, and found it could not at those levels.

3. Findings

  1. A CA-certificate backdoor can be made information-theoretically silent to black-box inspection: under the ECDDH assumption, the backdoored key pairs are indistinguishable from genuine RSA key pairs to any probabilistic polynomial-time algorithm. The complete source code of the system does not enable anyone but the designer to exploit it (the NOBUS property), and the construction is forward-secret against a reverse engineer who breaches the generator.
  2. The presence of one such certificate in the store renders the entire TLS security of a relying party fictional — impersonation, message tampering, and active eavesdropping all become available to the backdoor holder via a man-in-the-middle position, without touching any endpoint or any other key.
  3. The damage generalises because of universal implicit cross-certification: since all root CAs are treated as equally trusted, the security of the whole PKI reduces to that of its least trustworthy member. This is a structural property of the deployed Web PKI, not a bug in any one product.
  4. This threat is not convincingly mitigated by current certification: because the certification process relies on developer-supplied vulnerability documentation and does not mandate formal methods below its two highest assurance levels, evaluation at the level industry demands can fail to rule out a key-generation backdoor.
  5. The corollary is a standing rule: as long as the key-generation implementations used by trusted issuers cannot be audited by relying parties, any root certificate from such an issuer must be regarded as a potential backdoor — the assurance it provides is, in the adversarial case, none.

4. Consequence

Recognition. The technique was selected for the WhiteHat Security Top 10 Web Hacking Techniques of 2015 — the peer-review signal of the applied-security community — and the contest entry was shortlisted in the first Underhanded Crypto Contest.

Method contribution. The Elligator-based embedding algorithm repaired a detectability weakness in a contemporaneous variant of the attack, contributing a reusable technique (and released tooling) to the study of kleptographic backdoors, rather than only a single proof of concept.

Discourse. Delivered across three of the field’s established venues in a single cycle — HITB SecConf Amsterdam, DeepSec Vienna, and ZeroNights Moscow — the investigation put the “one rotten apple” framing of implicit cross-certification into circulation during the same period (2015) that CA-trust failures were themselves in the news.

5. Artefact record

#ArtefactTypeVenue / identifierDateAccess
1illusoryTLS — reference implementation (backdoored CA, TLS client/server)codegithub.com/secYOUre/illusoryTLS2015repository
2rsaelligatorbd — elliptic-curve asymmetric backdoor in RSA key-generation, Elligator-basedcodegithub.com/secYOUre/rsaelligatorbd2015repository
3The illusoryTLS Asymmetric Backdoor: Auguste Dupin Meets the Kleptographer — design documentpaper (informal)Underhanded Crypto Contest submission2014paper
4illusoryTLS: Nobody But Us — Impersonate, Tamper, and Exploit (whitepaper / delivery draft)paper (informal)HITB SecConf 2015 AmsterdamMay 2015paper
5illusoryTLS — Nobody But Us (delivery draft)paper (informal)ZeroNights 2015, MoscowNov 2015paper
6illusoryTLS — slide deckslidesHITB SecConf 2015 AmsterdamMay 2015slides
7illusoryTLS — slide deckslidesDeepSec 2015, ViennaNov 2015slides
8illusoryTLS — slide deckslidesZeroNights 2015, MoscowNov 2015slides
9illusoryTLS: Nobody But Us — Impersonate, Tamper and Exploittalk recordingDeepSec 2015, ViennaNov 2015talk
10PyElligator — Python bindings for an Elligator implementation supporting Curve25519codegithub.com/secYOUre/pyelligator2015repository
11Selection: Top 10 Web Hacking Techniques of 2015press / recognitionWhiteHat Security2016press

The project’s canonical microsite aggregates the above.

6. Continuity

Inherits: the fault-and-trust concerns of INV-000 (fault attacks on cryptographic modules; the reliability of the cryptographic primitives others build upon). Feeds: INV-007, whose central finding — that safety guardrails are a removable surface layer and a trust regime fails silently at its weakest assumed-trustworthy point — is the same structural lesson relocated from the X.509 store to open-weight model alignment.

7. What’s next

8. Provenance

Provenance. This investigation was produced without external funding. No entity related to Pwnshow’s personnel has a material interest in its findings. Where this work draws on the author’s experience of vulnerability and capability markets, it relies on that general expertise and on the public and published sources cited, not on non-public commercial information.

Added 2026/07/07 under Policy v1.0.

Page last updated: 2026/07/07 · Part of the Pwnshow investigation series

← Investigations index

Let's outplay.

Pwnshow (formerly secYOUre) · Rome, Italy · Investigating vulnerability since 2010. © 2026 Pwnshow