Friday, February 06, 2015

Attack on NSA dwells on 40yo DES

I responded to complaints about the NSA from mathematicians and scientists, and now there are more.

A letter to the AMS attacks the NSA:
This track record includes reducing the key length of the block cipher DES in the 1970s to make it breakable, blacklisting an inventor of DES from other cryptography jobs, advocating for control of cryptographic research in the 1980s, and, according to NSA's 2013 budget request, covertly influencing "commercial products' designs" and "policies, standards and specifications for commercial public key technologies" for the purposes of exploitation. Indeed, the track record speaks for itself.
Most of this is dubious. An AMS history of DES only says that
There have been persistent rumors that NSA had pressed for the shorter key length.
While IBM originally proposed a 128-bit key cipher, NSA pointed out weaknesses, and the 56-bit DES was stronger than IBM's 128-bit cipher. At the time of its release, DES was stronger than any other civilian cipher, so I don't see how NSA could have weakened it.

The blacklisted inventor was supposedly Horst Feistel, but he seems to have had a successful cryptology career.

The NSA is a military spy agency, so I do not doubt that it budgets money for spy work.

Here is another response:
In a recent letter to the American Mathematical Society titled 'Encryption and the NSA Role in International Standards', Dr. Wertheimer, a former NSA Mathematician and Research Directer, works very hard to leave the impression that the NSA did not place a backdoor in the DUAL_EC_DRBG algorithm. He never directly says that though because the evidence is so overwhelming to the contrary. Instead he chooses to engage in what can only be called aggressive and willfully misleading
If the evidence is so overwhelming, then how is anyone misled?

I do think that it is silly to complain about NSA's influence over DES 40 years ago. Here is what I originally said in my letter to the NSA:
Back in the 1970s, attacks on the NSA were based on how it influenced the Data Encryption Standard (DES). The accusation was that NSA crippled it in order to spy on everyone.

In fact DES was a big advance over anything else in the public domain, and more secure than what IBM developed on its own. Years of analysis have not turned up any backdoors, and the most practical attack is a brute-force key space search. There is no known example of anyone ever losing a dime from a DES weakness.

The chief complaint about DES was that the key size was limited to 56 bits. However this was not even a material limitation as everyone quickly realized that DES could easily be augmented to Triple-DES or DES-X for larger keys.
It is likely that NSA had some ciphers that were better than DES at the time. However it would have surely been against policy to release a military cipher into the public domain. What it apparently did was to make sure that DES was exactly as good as it appears to be, so it could be used appropriately for unclassified purposes. As computers got faster, it later helped facilitate AES as an improved cipher.

These mathematicians are embarrassing themselves with their criticisms of NSA. If they are against spying, they could just say so, instead of all the silly complaints about how NSA has not always fully explained itself.

I am all in favor of public concern about computer security. We hear regular stories about naked selfies posted online, identity theft, stolen movies, email tampering, hacking credit card databases, etc. How many of these were caused by NSA choosing too few key bits or poorly seeding a pseudorandom number generator? Zero. These complaining mathematicians keep acting as if something bad has happened, but they cannot point to any ill effect anywhere.

1 comment:

Anonymous said...

Just one small correction. NSA is a civilian agency and is not part of the Defense Department. It's not military. Obviously it does work with the military sometimes.

It's better to just to call it a "spy agency" rather than a "military spy agency".