Microsoft Announces 'Windows 10 China Government Edition', Lets Country Use Its Own Encryption

At an event in China on Tuesday, Microsoft announced yet another new version of Windows 10. Called Windows 10 China Government Edition, the new edition is meant to be used by the Chinese government and state-owned enterprises, ending a standoff over the operating system by meeting the government's requests for increased security and data control. In a blog post, Windows chief Terry Myerson writes: The Windows 10 China Government Edition is based on Windows 10 Enterprise Edition, which already includes many of the security, identity, deployment, and manageability features governments and enterprises need. The China Government Edition will use these manageability features to remove features that are not needed by Chinese government employees like OneDrive, to manage all telemetry and updates, and to enable the government to use its own encryption algorithms within its computer systems.

Re:Business as usual

The backdoor in AES is the selection of strong keys.... Do not forget this.

It was designed weak with a large keyspace that intentionally produces weak keys if selected at random. Only a small subset of the keyspace has strong security.

Why would they make it broken if they use it you ask? Well they strategically require all keys are created by the NSA and they simply make sure to only hand out strong keys. If you use it yourself you have to be "lucky" to have used a strong key since most of the pool is weak.

It is not a backdoor in "theory" but it's definitely a backdoor in "practice". When an algorithm can be "accidentally stronger in some cases" that my friend is how governments today hide backdoors.

Also read about the first 6 rounds of AES which were "solved" by someone. If the first 6 rounds have been broken, the rest isn't far off.

Re:Business as usual

[cryptizard]

I agree that there is nothing wrong with AES, but there is also nothing wrong with wanting to use your own encryption if you are the Chinese government. They have their own extremely qualified cryptographers, we are not talking about some guy in his basement coming up with his own block cipher. If the situations were reversed and the Chinese government had invented and standardized AES, there is no way the US government would use it even if every academic in the world said it was secure.

The Chinese block cipher is called SM4 and its algorithm is publicly available. It is a pretty standard Feistel construction, if it is truly vulnerable then people will discover that and then everyone will know. That is how science works.

Re:Business as usual

[TechyImmigrant]

What makes you think this is about AES and what makes you think the algorithms that China wants to use are not superior to the NIST options?

In the case of hashes, the Chinese options are simply better both in terms of resistance to known attacks and implementability and come courtesy of the professor who broke SHA-1, who is Chinese.

NIST fucked up royally with SHA3, putting it up to a popularity vote. The Europeans turned up at the meeting in strength and voted for the home team. It had nothing to do with the algorithm. Hence the adoption of SHA3 in hardware is going nowhere. We wanted a new hash, not a license to waste gates and power.

There was an interesting dynamic at ISO SC27 WG2 a couple of years ago, where the Chinese (literally, the proposals come from nation state delegates) hash proposal was presented, along with a proof of why all the SHA were fucked and why the new structure dealt with it. At the same meeting, the NSA were there presenting Simon and Speck block ciphers for adoption by ISO (which are superb ciphers from any way you look at it, far superior to AES or SMS4 in implementability and at least as secure in security). The crows were having none of it. All comments were of the form "You're the NSA and we don't trust you". Keep in mind the comments are coming from representatives of governments. not individuals. I am not a US citizen, but I was a US delegate.

China has a legitimate reason to dislike some of the NIST crypto options and legitimate reasons to prefer their own.

If this was open source people would be happy that you could use your own choice of crypto algorithms. Microsoft would be better off making the crypto plugable in windows for the rest of us, not just the Chinese government.