Slashdot Mirror
Distrustful US Allies Force Spy Agency To Back Down In Encryption Fight (reuters.com)
schwit1 shares a report from Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques -- those least likely to be vulnerable to hacks -- to address the concerns.
The U.S. is spearheading Five Eyes which will propose mandatory backdoors in all strong encryption. I don't think that this is a coincidence.
-- Insert witty one-liner here. --
The "merits of the algorithm" is communally undefined if the design party is keeping secret the existence of differential cryptography—or any other advanced mode of attack—as IBM and the NSA once did with the DES. It was pretty clear that something fishy had gone into the design of the S-boxes. Whether fair or foul is impossible to decide when you're on the outside looking in (turns out, for DES, it was fair—foul play was confined to mandating a short key length).
What people don't understand is that as much as the Americans would like to read everyone else's traffic, it's far worse if any backdoor leaked to an adversary (your whole financial system is protected by these codes), so they were sensibly reluctant to put one in—until they invented the one-way back door, where only the designers could ever know. Unable to resist the siren call of this new brass ring, the NSA immediately blew their entire history of trust (which had always been more out of enlightened self-interest than gentlemanly) into a giant mushroom cloud.
It remains difficult to decide whether "merit" can be debated in these matters on a level playing field.
On the other side of the coin, while I'm far from a serious cryptographer, Specks' ARX design does not appear to leave many places for newly discovered snookery to hide itself.
That said, banning the runt versions smells like prudence to me, as any covert American attack is probably a combination of a downgrade attack—tricking a cipher to operate at less than full strength (world and dog are not freaking out over the Intel Management Engine for no reason)—perhaps injecting some known plaintext, finished off with a giant can of precomputed whup ass (the mechanism of attack one can best keep confined to your side of the fight is a multimodal attack).
Once you take the downgrade attacks off the table, it's a lot easier to swallow the inequitable debate on merit as a pure cipher.
Not buying it. I really don't see how you performed that neat dissection of history from technology from capabilities, without the use of a white glove and a black hat.
____
Addendum:
Researchers Find a Way to Disable Much-Hated Intel ME Component Courtesy of the NSA — 28 August 2017
True to form, the NSA's greatest terror is being hoist by their own petard.
They don't advertise this fear, because they prefer to viewed through the do-unto-others side of the lens. Trying to turn these weapons into technological diodes is an enormous practical constraint.
That, and resource saturation (what they can do and what they can afford to do are two different beasts) are in my experience the only reliable external vantage points for 99.999999% of the planet's population incapable of wading into the merit debate at anywhere near eye level.