NSA Still Ahead In Crypto, But Not By Much

Hugh Pickens writes "Network World summarizes an RSA Conference panel discussion in which former NSA technical director Brian Snow said that cryptographers for the NSA have been losing ground to their counterparts in universities and commercial security vendors for 20 years, but still maintain the upper hand in the sophistication of their crypto schemes and in their ability to decrypt. 'I do believe NSA is still ahead, but not by much — a handful of years,' says Snow. 'I think we've got the edge still.' Snow added that that in the 1980s there was a huge gap between what the NSA could do and what commercial encryption technology was capable of. 'Now we are very close together and moving very slowly forward in a mature field.' The NSA has one key advantage (besides their deep staff of Ph.D. mathematicians and other cryptographic experts who work on securing traffic and breaking codes): 'We cheat. We get to read what [academics] publish. We do not publish what we research,' he said. Snow's claim of NSA superiority seemed to rankle some members on the panel. Adi Shamir, the "S" in the RSA encryption algorithm, said that when the titles of papers in NSA technical journals were declassified up to 1983, none of them included public key encryption; 'That demonstrates that NSA was behind,' said Shamir. Snow replied that when technologies are developed separately in parallel, the developers don't necessarily use the same terms for them."

Their latest decoded message:

[WegianWarrior]

Be sure to drink your Ovaltine.

Whatever!

[martin-boundary]

"We know Saddam has WMD, but we can't show you what we know because it's secret!". Everybody knows how that argument went in Iraq.

I'm with Shamir, the only correct response here is: "Yeah, right, whatever", not "OMGOMGOMG, the NSA cAn readz my stuffz!!1".

Frankly, I don't see how any mathematician would want to waste his talent working for the NSA.

Re:Whatever!

[chuckymonkey]

Let me tell you from firsthand experience. You cannot even fathom the awesomeness that goes on inside the cube unless you work there. It is not like Hollywood portrays it, but there is a whole lot of cool going on in there. That is why people work for the NSA. Now, I have philosophical disagreements with how the NSA ran business during the Bush years and I left that industry for aerospace. That being said if any of my former colleagues tell me that things have changed I think that I would go back.

Re:Whatever!

[jpmorgan]

Academia is not the only profession that provides job satisfaction and a sense of fulfillment. Guess what, 99.9% of the world's population lives a happy life without ever publishing anything.

Re:Whatever!

[Bakkster]

lives may be saved by your hard work.

Considering the way the NSA has behaved in the last 9 years

You mean, considering the reports we have heard. There's a pretty obvious selection bias, in that only the illegal activities (which there certainly are, sanctioned or otherwise) will be notable enough to publish and publicize. I highly doubt that illegal activities accounted for more than 1% of work performed by the NSA (again, including both sanctioned and unsanctioned activities), let alone 51% for cryptologic work to be 'more likely' to be used illegaly.

NSA didn't know about public key crypto?

[jpmorgan]

I don't think so... public key cryptography was discovered by the GCHQ at least a decade before it was discovered in the public sphere: http://cryptome.org/ukpk-alt.htm

Re:they aren't very well going to admit defeat.

[zappepcs]

It occurs to me to think that real encryption is not beatable, but workable encryption is. The problem is not who has the best or admits to not having it, it's who has best real encryption that is workable between arbitrary peers. I can easily encrypt a drive that you will NEVER decrypt, but then neither will I be able to. It's the secrecy of the key that is the quest, not the encryption particularly. Hiding the key when it is shared publicly is a problem, will always be a problem, and the race is not necessarily one brain trust against another for the best hiding technique, but rather a race to figure out the best way to hide it for a reasonable amount of time from the most people. The fastest car on the planet is not declared the Indy500 winner, only the car that conforms to the rules of the race is. This race is not winable in the long term, and only valid as a race in the very short term. Don't count on your encrypted hard drive to protect your data from everyone, for all time. That's simply not going to happen.

Re:Crypto is only the Beginning

[bytesex]

Nah. The money is now in electromagnetic remote sensing; reading your screen and listening to your keyboard from a mile away. That, and psy-ops. Humans still control keys. Humans always make at least one mistake. Google's mail accounts were cracked because their subjects could be coaxed to visit malicious websites, after all.

Re:they aren't very well going to admit defeat.

Yes, really and truly, never in all time.

A 256 bit key has 2^256 possibilities. That's 1.15x10^77 possibilities. If you can try 10 million keys in a second, then you "only" need 1.15x10^70th seconds. If you can multiply that speed by a factor of a thousand, then you "only" need 1.15x10^67th seconds. That's 3.67x10^59th years. The universe is only 1.3x10^10 years old.

So never is more than fair. You would literally have to generate universes to generate universes to decrypt via brute force. By our current understanding of reality, impossible is correct, and anything shy of that is literally science ficition.

Re:they aren't very well going to admit defeat.

[Holmwood]

Except he's (more or less) right. James Ellis, at GCHQ (roughly the UK equivalent of NSA) had developed the basics of public key cryptography by the end of 1969. This was about 6 years ahead of Diffie Hellman and Merkle. In 1973, a GCHQ cryptographer, Clifford Cocks, realized that one-way functions would be an elegant way of achieving Ellis' insight. See http://cryptome.org/ukpk-alt.htm for example. This was some years ahead of RSA.

GCHQ and the NSA definitely would have exchanged this information. It's also quite possible that the US made some of these breakthroughs even earlier than the British; I've not paid much attention to anything NSA-related that has declassified in the last 5+ years.

Re:they aren't very well going to admit defeat.

[JasterBobaMereel]

Public key encryption, that would be the crypto system invented at GCHQ in the UK by public servants .... but not published and then re-invented (independently) by RSA 6-7 years later ...

NSA vs. PUBLIC

[muckracer]

> cryptographers for the NSA have been losing ground to their
> counterparts in universities and commercial security vendors for
> 20 years, but still maintain the upper hand in the sophistication
> of their crypto schemes and in their ability to decrypt.

Nevermind the intellectual "my code's better than yours" games
between arguably otherwise brilliant researchers.

Where the NSA certainly has 'maintained the upper hand' is in real
life versus ordinary people. The technology of surveillance has
gotten orders of a magnitude better and surrounding laws have been
adapted to make it fully legal to use that technology to the max
against The People (whereever they may be). Who in this discussion
encrypts their e-mails or uses 'sophisticated crypto schemes' as a
matter of course? At best it's maybe SSH here and there and the
occasional SSL site. The vast majority of traffic is plain-text, as
it's been since the days of papyrus. Hell, back in those days at
least only a few people could read it and thus had better privacy
than we mostly have today. Nevermind the ramifications of Facebook
and similar tools.

Mr. Shamir can engage in discussions of who developed Public Key
Cryptography first or not. It's all nonsense, because as brilliant
as the concept is, the PUBLIC has no part in it to 99.99% and
therefore we can consider it a complete FAILURE on grounds of lack
of acceptance and widespread use. Meanwhile the NSA sits back and
laughs, as their electronic tentacles filter through PUBLIC('s)
traffic...any traffic...and mostly doesn't have to bother with
breaking anything. Cuz we 'oh-so-clever' geeks have failed
miserably. If the NSA has any problem, then it's to store and
process/search through the data they get...not the acquisition.

Re:NSA vs. PUBLIC

[gazbo]

THANK YOU!

I'm never happy with the way my browser handles line-breaking, so I'm eternally grateful to you for taking the initiative and doing it yourself.

Re:they aren't very well going to admit defeat.

[CODiNE]

That's 1.15x10^77 possibilities.

Are you aware that randomly generating a specific protein is much more difficult than that? I've heard a number around 1 in 10^113. That would be just ONE of the proteins we need for life.

So. Either it needs to be rethought what is actually numerically possible, or that the genetic make-up of life was guided by chance.