[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Jon Callas jon at callas.org
Thu Sep 5 22:55:04 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sep 5, 2013, at 7:31 PM, Jerry Leichter <leichter at lrw.com> wrote:

> Another interesting goal:  "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS."  Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities".  These are all side-channel attacks.  I see no other reference to "cryptanalysis", so I would take this statement at face value:  NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against.  This makes any NSA recommendation *extremely* suspect.  As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.  Makes you wonder.

Yes, but. The reason we are using those curves is because they want them for products they buy. 

>  (I know for a fact that NSA has been interested in this area of mathematics for a *very* long time:  A mathematician I knew working in the area of algebraic curves (of which elliptic curves are an example) was re
> 
> cruited by - and went to - NSA in about 1975.  I heard indirectly from him after he was at NSA, where he apparently joined an active community of people with related interests.  This is a decade before the first public suggestion that elliptic curves might be useful in cryptography.  (But maybe NSA was just doing a public service, advancing the mathematics of algebraic curves.)

I think it might even go deeper than that. ECC was invented in the civilian world by Victor Miller and Neal Koblitz (independently) in 1985, so they've been planning for breaking it even a decade before its invention. 

> NSA has two separate roles:  Protect American communications, and break into the communications of adversaries.  Just this one example shows that either (a) the latter part of the mission has come to dominate the former; or (b) the current definition of an adversary has become so broad as to include pretty much everyone.

I definitely believe (b). However, I also think that they aren't a monolith, and we know that each part of the mission is the adversary of the other. I don't believe that the IA people would do a bad job to support SIGINT. Once you start down that path, it's easy to get to madness, or perhaps merely evidence that they have time travel.

I'll add that they have a third mission -- run the government's classified computer network, and that *that* mission is the one that Snowden worked for.

	Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii

wj8DBQFSKUQLsTedWZOD3gYRAlZvAKCtZP9iy1eyGBq4UbG9xO9jmNscigCZAYVv
M13sxiFZ5ch7PhgoIh1LziA=
=fEtw
-----END PGP SIGNATURE-----

More information about the cryptography mailing list