For our 6.5610 (Applied Cryptography) final project, we present an backdoorable DRBG based on Dual EC DRBG that, unlike Dual EC DRBG, is a true DRBG under suitable assumptions. Our algorithm, which we call the Twisted Dual EC DRBG, involves iteratively multiplying points on an elliptic curve or its quadratic twist.

The introduction contains background on how the NSA and NIST initially worked to backdoor a DRBG; LOL.