Texas Instruments signing key controversy

The Texas Instruments signing key controversy resulted from Texas Instruments' (TI) response to a project to factorize the 512-bit RSA cryptographic keys needed to write custom firmware to TI devices.

Project
In July 2009, Benjamin Moody, a United-TI forum user, published the factors of a 512-bit RSA key used to sign the TI-83+ series graphing calculator. The discovery of the private key would allow end users to flash their own operating systems onto the device without having to use any special software. Moody used two free implementations of the general number field sieve, msieve and ggnfs; the computation took 73 days on a 1.9 GHz dual-core processor. This demonstrates the progress of hardware development: the factorization of the similar 512-bit RSA-155 in 1999 using the same algorithm required a large dedicated research group, 8000 MIPS-years of computing time, and a Cray C916 supercomputer.

In response, members of the wider TI graphing calculators community (at yAronet) set up a BOINC-based distributed computing project, RSA Lattice Siever (RSALS for short), that quickly factored the other keys. RSA Lattice Siever remained active for nearly three years after outliving its initial purpose, by factoring other integers for the mathematical community. After factoring over 400 integers, RSALS moved to RSALS-inspired NFS@home at the end of August 2012.

Legal response
Texas Instruments began by sending out two initial Digital Millennium Copyright Act (DMCA) take-down requests to the hackers, referring to sites or forum posts that they controlled. The hackers responded by removing the keys, without consulting an attorney. TI then sent further DMCA notices to a variety of websites displaying the keys, including United-TI, Reddit, and Wikipedia. Texas Instruments' efforts then became subject to the Streisand effect, and the keys were mirrored on a number of sites, including WikiLeaks. In September 2009, Dan Goodin from The Register alerted the Electronic Frontier Foundation (EFF) to TI's actions, and the EFF agreed to take on the case pro bono, representing three people who had received DMCA notices.

On October 13, 2009, the EFF sent a letter to TI warning them that the posting of the keys did not violate the DMCA, and that it might be liable for misrepresentation. Despite the letter by the EFF, TI continued to send DMCA notices to websites that posted the keys, but stopped doing so after late 2009. The EFF filed a DMCA Section 512 counter-notice on behalf of three of the bloggers who received DMCA notices. When the EFF did not receive a response by the deadline, the bloggers reposted the content that had been taken down.

Cryptographic keys
The public RSA parameters of the original TI-83+ / TI-83+ Silver Edition OS signing key factored by Benjamin Moody are the following 512-bit modulus n and public (or encryption) exponent e (specified in hexadecimal):

n = 82EF4009ED7CAC2A5EE12B5F8E8AD9A0AB9CC9F4F3E44B7E8BF2D57A2F2BEACE83424E1CFF0D2A5A7E2E53CB926D61F347DFAA4B35B205B5881CEB40B328E58F e = 11

By factoring n, Moody obtained the factors p (252 bits) and q (260 bits), which can be used in turn to quickly compute the 512-bit private (or decryption) $$d=e^{-1} \bmod (p-1)(q-1)$$:

p = B709D3A0CD2FEC08EAFCCF540D8A100BB38E5E091D646ADB7B14D021096FFCD q = B7207BD184E0B5A0B89832AA68849B29EDFB03FBA2E8917B176504F08A96246CB d = 4D0534BA8BB2BFA0740BFB6562E843C7EC7A58AE351CE11D43438CA239DD99276CD125FEBAEE5D2696579FA3A3958FF4FC54C685EAA91723BC8888F292947BA1

The value d can then be used to sign arbitrary OS software.

The keys factored by RSA Lattice Siever (the TI-92+, TI-73, TI-89, Voyage 200, TI-89 Titanium, TI-84+ / TI-84 Silver Edition OS signing and date-stamp signing keys) are similar but with different values of n, p, q, and d. A single date-stamp signing key is shared by all models.