Don FIPS, PKCS, and other standards prevent kleptographic attacks?
FIPS 140, its annexes, and FIPS 186 do not address the threat of kleptographic attacks. The PKCS standards do not address these threats either. In other words, they do not incorporate nor do they attempt to incorporate existing algorithms that can be used to help minimize the threat of subliminal channels and kleptographic attacks. However, even if they did, the problem would be far from solved. Suppose that a provably secure subliminal-free protocol between Alice and Bob is “used” as the defense. The fact that the specification is secure does not necessarily mean that the implementation that is in Alice and Bob’s hands matches the specification. It is possible to insert a backdoor into some, but not all, of the devices that are produced. To attempt to implement a verifiable cryptographic black-box, one may try to separate the device that produces randomness from the deterministic algorithm that uses it. This way users can try to verify the correctness of the deterministic portion of c
