Slashdot Mirror
NSA Turns To Commercial Software For Encryption
Roland Piquepaille writes "According to eWEEK, the National Security Agency (NSA) has picked a commercial solution for its encryption technology needs, instead on relying on its own proprietary code. "The National Security Agency has purchased a license for Certicom Corp.'s elliptic curve cryptography (ECC) system, and plans to make the technology a standard means of securing classified communications. In the case of the NSA deal, the agency wanted to use a 512-bit key for the ECC system. This is the equivalent of an RSA key of 15,360 bits." This summary includes the NIST guidelines for public key sizes and contains more details and links about the ECC technology. Since the announcement, Canadian Press reports that Certicom's shares more than doubled in Toronto."
Shouldn't we demand an open source solution? ;)
Looks good for your age..
What if a company is suspicious of the NSA not following the license it was given? It's not like the government is going to let a commercial company into the NSA to audit all its computer systems. I suppose it will all be done on the honor system.
Outdoor digital photography, mostly in New Engl
You can't really compare symetric key systems like AES with public key systems like ECC or RSA. With a symetric system you need keey your key secret, with public key you have two keys (encryption and decryption), and you only need to keep one of them secret. The other you can distribute far and wide.
A lot of times, people will create symetric keys and then use public key systems to distribute them.
autopr0n is like, down and stuff.
The difference between ECC and algorithms like RSA, for example, is that elliptic algorithms can work with smaller keysizes, and this should have been noticable from the slashdot post that points out the commercial product uses a smaller keysize than the equiviliant strength RSA key.
espo
I am from Mississauga, Ontario - where Certicom resides, and am feeling two emotions:
- I am happy to see a local business score a large contract in my hometown
- I am confused as to how the American Government ever approved a purchase of an external Intellectual Property
I'm sure alot of Americans will have disagreements on this one!
If true it sends a signal. They currently dont have a quantum computer (and therefore expect no one else does or will in a reasonable amount of time). However I do remember seeing a standard created to do a form of digital signatures only with conventional encryption (which is not in general "breakable" by quantum computers like "hard problem" public key cryptography).
Its pretty obvious. The strange pronunciation required for Canadian variables makes the code more difficult to comprehend and so creates an additional level of obfuscation and thus greater security.
Do not try to read the dupe, thats impossible. Instead, only try to realize the truth
What truth?
There is no dupe
Yea, it's really bizarre. You would think there was some kind of draconian regulations on cryptography in the US that encourages companies that develop crypto to not reside here. hrm....
I browse on +1 so AC's need not respond, I won't see it.
Brute-force decoding of these schemes is not recommended for the faint of heart, but I wonder: how can they tell that a 2 ^ 512 possibility range is as secure as a 2 ^ 15360 probabilities scheme?
If I can reduce a RSA 1024 bits to a new method using only 4 bits, how can my way be as secure?
FWIW I'm Canadian.
Canada has many exceptions to US restrictions. This makes sense. It is cheaper to work together, and we do in many military and space applications.
Our interests are basically very similar, and both countries are generally trustworthy of each other.
The only conflict are on specific policy issues.
It also matters which government is in power in each country.
There have been quite a few times where state and provincial officials have banded together to fight both federal governments.
Plus if it works well, why shouldn't they use it?
The algorithm they used is patented and very much open for criticism. It would need to be fore NSA to choose it. Think of it like RSA where the algorithm was patented as well (many open source applications use RSA now, since the license has expired).
Dr. Scott A. Vanstone is a professor at University of Waterloo, so it is kind of neat to see one of my profs in the news (I knew about the company, but they haven't had much going for them for a while). He teaches Coding Theory (CO 331) and is the Executive Director of Centre for Applied Cryptographic Research
News for UW students
I guess rot-13 just isn't good enough anymore. (Am I the only one to think "Wow, how the mighty have fallen!" when I read this?)
Help! I'm a slashdot refugee.
In case you didn't catch the hint in the article, this is significant because NSA chose an EXTERNALLY developed encryption solution over an INTERNALLY developed solution. This has NOTHING TO DO WITH OPEN SOURCE SOFTWARE. Please save your comments like "what about SSH/GPG/SSL?" for some other discussion.
Thanks.
As far as I understand the deal, this has nothing to do with licensing software. They couldn't have gone with an OSS version (or "roll their own") as so many suggest because they're not licensing just software, they're licensing patents.
You'll note that they've also got sublicensing rights on those patents. There could be a software component to this deal, but as far I can tell it appears that this is mainly about patents.
In any field, find the strangest thing and then explore it. -John Archibald Wheeler
> The NSA's job is to make secure codes for government use, and break other people's codes. So they licensed someone else's code, but why are they announcing it for intra-government use? The obvious question is, Can't they roll their own?
Probably just means that they've discovered how to crack it, so now they want everyone else to use it.
Sheesh, evil *and* a jerk. -- Jade
I don't think this is about privatization. I think this is about the NSA being overloaded with more important things to worry about. Such as the "War on Inanimate Objects", namely, Terrorism. For instance, look at their new hires figures jump from roughly 100/yr, to over 1000. They are busy, they are upgrading, and they are worrying about processing the loads of new data from monitoring an exponentially higher amount of data then they were accustomed to only a few years ago.
So what comes out is a solution that was produced much cheaper than a similar inhouse effort, and this will save the tax payers money (which sounds good to this poor college student.) I have to say I'm surprised at the Agency going after a commercial product for classified purposes, but I'm sure they have good reasons.
espo
Hypothetical:
You're the premiere intelligence agency in the world. When you need to secure data, you use algorithms that nobody else in the world knows about, designed in secret by some of the greatest mathematical geniuses there are.
When you need to secure an email you're sending to someone not in the agency, you can't (not to mention don't) use your hidden good stuff, because the recipient doesn't have the algorithm. So, you use something publicly available.
No, all this means is that they want something with better encryption. Even if they had a dozen fully functional "quantum computers" that were able to do spectacular computations in an instant (ah, that lovely superposition...) that wouldn't mean that they should just suddenly give up and use weak encryption. Better that only a few people in the world could break it with ease, than that anyone with $100k could build a sufficient cluster to do it quickly...
In cryptography it's usually not a program that gets lisenced, but an algorithm (or cryptosystem). My guess would be that ECC has the copyright or patent or whatever you get on their algorithm which would make it illegal to write a program using elliptic curve cryptography (or at least their algorithm) without permission from the company. I once wrote a project that used the RSA cryptosystem for education purposes and I had to obtain permission from RSA legal to use the cryptosystem. (However it might be public now...)
Also between AES and ECC. My guess would be ECC is much more secure than AES. If a 512-bit key for ECC is the equiv of a 15360-bit key in RSA that sounds extremely secure. As far as the last time I checked a 4096-bit RSA key was virtually unbreakable in any normal time span by even the fastest supercomputers built.
Finally what the other replies to your question have been, about comparing apples and oranges: AES is a symmetrical key, meaning, the key that encrypts also decrypts.
Public/Private Key encryption deals with two keys, the public key is freely available to anyone becuase when a message is encrypted with the public key it can not be decrypted with the public key. It must be decrypted with the private, or secret key.
Being the NSA doesn't guarantee you can develop the best technology in every security-related area. If another company or research institute happens to come up with a technology that's remarkably better than anything else like it and patent it first (such as the ECC mentioned in the article), the NSA should and does license it. That is, they buy the the rights to use the technology that someone else spent a lot of time and effort to develop (maybe even more than the NSA put forth in this field) .
It's not like the NSA is buying a binary encryption software package they can't decompile, or shipping the secrets up to Canada for encrypting. This isn't a security concern. The NSA bought the concept of ECC, and Certicom deserves to be paid fairly for it. The NSA can do anything they want with ECC now, including grant sub-licenses without approvasl from Certicom. The only restriction is to require a minimum level of ecryption field size (encryption strength), which isn't a problem for NSA:
This agreement will give the NSA a nonexclusive, worldwide license with the right to grant sublicenses of MQV-based ECC covered by many of Certicom's US patents and applications and corresponding foreign rights in a limited field of use. The field of use is restricted to implementations of ECC that are over GF(p), where p is a prime greater than 2256.
everything in moderation
No.
No, DSA != ECC.
DSA and ECC both do encryption by exponentation, relying on the assumtion that the reverse function - the logarithm - is infeasible with the used keylengths. They are both called "Discrete Logarithm Systems".
But the multiplication is done in completly different mathematical contexts: DSA multiplies in the rings Z/p (that are the natural numbers modulo p, p being a prime) where ECC multiplies in suitable "elliptic curve groups over finite fields" . That are finite sets of "numbers" paired with an complicated operation called "multiplication". These "numbers" behave quiet odd.
The main practical difference is the neccessary keylength. Depending on the chosen eliptic curve, ECC keys are 4-8 times smaller than DSA keys. They get much closer to the "no attack is faster than the brute force attack"-paradigm than other public key algorithms like DSA or RSA.
Unfortunatly, huge classes of suitable elliptic curves got patented.
Google for free ECC software. There are at least some libraries published by academic research groups.
"I, for one, welcome our new elliptic overlords."
Indeed, this will be a major improvement on the hyperbolic overlords we now have.
KFG
on one hand, you have a crackhead who could get all the drugs he wanted legally and privately, but for some unexplicable reason bought his dope illegaly on the street through someone who could (and did) dime him out.
:) (For examples, see the SR-71, spy satellite imagery, Predator UAVs, the TIA project, etc. and the number of times Tom Clancy has been accused of espionage for incorporating published projects into his work.)
on the other hand, you have NSA could use whatever patented technique they wanted and no one would ever know, but they decide to go out and publicly annouce a license
You're wondering why the NSA didn't just go ahead and use Certicom's patented ECC implementation and keep it a secret? Because they're a lot bigger than Rush freakin' Limbaugh, and it only takes one employee to speak up and say, "we knew someone else patented this but we used it anyway" before someone gets in a lot of trouble.
No one wants that kind of a black eye. If that scandal broke, the manager who gave the go-ahead to implement the Certicom solution without licensing it would probably find himself reassigned to a communications post in Afghanistan.
And one thing about the US government... no matter how hard they try to keep things under wraps, they're just not very good at it. There are just too many nosy journalists and authors poking around... everything comes out sooner or later
Did anybody notice that the United States National Security Agency is buying encryption software from a Canadian company? Is this the same United States that refused to allow products using good encryption to be exported because they were considered military weapons?
I am not flaming Canada; I work with several Canadians and they are all nice and knowledgable people. I just noticed the inconsistencies in our policies.
Disclaimer: I am a citizen of the USA, and I hope that this trend continues. I would really like all our government agencies to use the best global software, not just our homegrown insecure proprietary systems.
I spend my life entertaining my brain.
15,360 bits ought to be enough for everyone.
Bouncycastle Crypto APIs support atleast Elliptic Curve DSA and Elliptic Curve basic Diffie-Hellman (according to release notes). Possible other ECC algorithms too.
...known to NSA I mean. Why would they license it if they knew of some weakness in it...
Hmm...
Or maybe there *is* a suble weakness, leading to an "easy" way to break ECC. And NSA is licensing this to give it undue creidibility, so more people start using it, while NSA can easily (compared to RSA or whatnot) read everything encrypted with it...
So, when we see the NSA not just adding key bits, but adding bits and then doubling them, we see evidence of countermeasures against quantum computers. This doesn't mean they have quantum computers. Remember that they are not just guarding secrets they transmit today against attack now, but against attack ten years from now, when revelation might still be damaging.
Once we all do have quantum computers, I wonder what amusing revelations will come from cracking old ciphertexts. You can bet the NSA will keep busy at it, and so will the Brits, and the French, and the Germans, and the Russians, and the Israelis. (No doubt a few of the biggest corporations go on that list too.)
No, you don't. You have to find the factors of a prime number of that length. That leaves significantly less than 2^15630 possibilities, especially if you're using a decent factoring algorithm.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
Sun likes Elliptic Curve Cryptography. They have helped add it to Mozilla's Network Security Services and to OpenSSL.
Phillip
Just a wild guess, but what are the chances that NSA developed this secretly years ago and either planned to, or already does, use it. When the civilian cryptography sector finally caught up with them and actually patented the algorithm, NSA had to license it or stop using it. It wouldn't be the first time NSA has been shown to be far ahead of publicly known cryptographic knowledge. Differential Cryptology comes to mind.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Given the secretive nature of the organization, it's possible (I have no proof or even inuendo) that the NSA is licensing technology that they themselves developed independently, perhaps even prior art.
They could have determined that this is the preferred technology to use publically at this time, and then require the license in order to operate with it in the public domain.
James Bamford's more recent review of the NSA documented an employee's discovery of public-key cryptography prior to Diffie's. They can't patent an invention without public disclosure (I presume), and they can't avoid licensing patented technology without proving prior art, which they must be reluctant to do - they would need to disclose when they discovered it. So, if all this presumption is true, from now on they'll be forced to license technology they they themselves created in order to keep the lid on their capabilities.
Unfortunatly, huge classes of suitable elliptic curves got patented.
Unfortunate? For whom? For the people who spent long hours doing the extensive research which led to the development of advanced encyption systems? Or for the people who read the papers and attended the conferences and say "Great idea...think I'll make the same thing for free in the name of Openness!"
Encryption is not like a 1-click pattent or library compression. It's hard, expensive and risky to devote your time to coming up with the next great encryption algorithm. And I am glad that we have agencies like the NSA to help offset this cost. It means there might be jobs somewhere for some of us to sit around and think about stuff rather than have to sell our talents like consultant whores.
Free Software is all well and good, but some things are worth paying for. Right?
Hey freaks: now you're ju
However, I'm not sure that I'd go so far as to say anything mathematical shouldn't be patentable. In particular, this is an application of mathematics, not just pure math. I don't think you can come up with a new way to solve a pure math problem, or a new way of expressing an equation, and get a patent on it. ... We could argue that ECC is a discovery rather than an invention just as easily as we can for any other technological advancement.
The difference is that patents on mathematical techniques or software algorithms are a distinct limitation of free speech, whereas patents relating to physical inventions are only a limitation of manufacturing rights. Ultimately, it could be argued that all invention has a mathematical basis, but software patents are unique in that they are unembodied. Because anyone can create software, software patents directly infringe on personal freedoms, in the same way that patents on literary style would.