Friday, 22 November 2013

Trusting Security Standards

The elliptical curve cryptography algorithm starts by picking two points on a curve, and drawing a line through them until they intersect the curve again.  Recent hysterical discussion on the potential tampering of elliptical curve cryptography by the NSA starts in a very similar way: point 1 on the curve is that the NSA was involved in the definition of the fundamental constants of ECC; point 2 is that the NSA are snooping on the world.  However in this case the line is projected to infinity, and the assumption is that the NSA has intentionally weakened the algorithm.

Is it possible?  Sure.  Is it likely?  No.

The NSA, and all other similar government agencies throughout the world, have a dual role as both poacher and gamekeeper.  In Australia, the public mission of the Australian Signals Directorate is "Reveal Their Secrets – Protect Our Own".  The critical point is that balance between attack and defence.  Any security agency that intentionally weakened a cryptographic algorithm that was used to protect their own secrets, is fundamentally failing its mission.  These agencies are full of the smartest mathematical minds on the planet, and the idea that no other country will ever discover the backdoor is fanciful at best.

Remember that the NSA has influenced cryptographic algorithms in the past.  DES was proposed in 1975, and the NSA changed some of the ways that it worked.  No-one knew why until 1990, when the independent discovery of differential cryptanalysis showed that they had strengthened the algorithm against a then unknown attack.

Occam's razor says that among competing hypotheses, the hypothesis with the fewest assumptions should be selected.  Which in this case is that the same thing has happened with ECC and Dual-EC-DRBG that happened with DES.

There is ironically a side benefit to the NSA of all the tin-foil-hat musings.  People who worry about non-existent backdoors will start to move to less secure cryptosystems, which actually helps the NSA!

Phil Kernick Chief Technology Officer

No comments:

Post a Comment