Ken Thompson Used His Turing Award Speech to Show How to Hide a Backdoor in a Compiler

When Ken Thompson and Dennis Ritchie won the 1983 Turing Award for the design of Unix, Thompson's acceptance lecture wasn't a victory lap. It was a confession in the form of a thought experiment, called "Reflections on Trusting Trust," and it has become possibly the single most-cited paper in software security.

Thompson sketched a hypothetical attack in three steps. First: modify the C compiler so that, when compiling the Unix login program, it silently inserts a backdoor that lets a particular password through. That's an obvious trick, easy to spot in the compiler's source. The second step is harder: also teach the compiler to recognize when it is compiling itself, and to re-insert both backdoors — the login one and the self-recognizer — into the binary it produces. Now, step three: compile the malicious source once, ship the resulting binary, and remove all traces of the modification from the source. From that point forward, anyone who recompiles the compiler from the clean source, using the malicious binary, gets a fresh binary that still contains both backdoors. The source is innocent. The compiler keeps the secret.

Thompson concluded his speech with the line that gives the paper its title: "You can't trust code that you did not totally create yourself." Versions of the attack have shown up in the wild — most famously in researcher David A. Wheeler's 2009 work on "Diverse Double-Compilation" as a countermeasure. The talk now anchors most modern thinking about software supply-chain integrity and reproducible builds.