Controlled Randomness - A Defense against Backdoors in Cryptographic Devices Lucjan Hanzlik, Kamil Kluczniak, Miroslaw Kutylowski Politechnika Wroclawska Security of many cryptographic protocols is conditioned by quality of the random elements generated in the course of the protocol execution. On the other hand, cryptographic devices implementing these protocols are designed given technical limitations, usability requirements and cost constraints. This frequently results in black box solutions. Unfortunately, the black box random number generators enable creating backdoors for stealing signing keys, breaking authentication protocols and encrypted communication. In this paper we deal with this problem. The solution proposed is a generation of random parameters such that: (a) the protocols are backwards compatible (a protocol participant gets additional data that can be simply ignored), (b) verification of randomness might be executed any time without notice, so a device is forced to behave honestly, (c) the solution makes almost no intrusion in the existing protocols and is easy to implement, (d) the owner of a cryptographic device becomes secured against its designer and manufacturer that otherwise might be able to predict the output of the generator and break the protocol. We give a few application examples of this technique for standard schemes. Keywords: cryptographic device, pseudorandom number generator, backdoor, discrete logarithm, signature, authentication accepted for MYCRYPT-Paradigm-shifting Crypto '2016