Basically, you can tamper with a logic gate to be either stuck-on or stuck-off by changing the doping of one transistor. This sort of sabotage is undetectable by functional testing or optical inspection. And it can be done at mask generation — very late in the design process — since it does not require adding circuits, changing the circuit layout, or anything else. All this makes it really hard to detect.
The paper talks about several uses for this type of sabotage, but the most interesting — and devastating — is to modify a chip’s random number generator.
Which means that the crypto is sabotaged.
Neither Bruce nor I is willing to say the NSA isn’t doing this.