[Cryptography] Can you backdoor a symmetric cipher (was Re: Opening Discussion: Speculation on "BULLRUN")
Perry E. Metzger
perry at piermont.com
Fri Sep 6 00:33:00 EDT 2013
On Thu, 5 Sep 2013 23:24:54 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> They want to buy COTS because it's much cheap, and COTS is based on
> standards. So they have two contradictory constraints: They want
> the stuff they buy secure, but they want to be able to break in to
> exactly the same stuff when anyone else buys it. The time-honored
> way to do that is to embed some secret in the design of the
> system. NSA, knowing the secret, can break in; no one else can.
> There have been claims in this direction since NSA changed the
> S-boxes in DES. For DES, we now know that was to protect against
> differential cryptanalysis. No one's ever shown a really
> convincing case of such an embedded secret hack being done ... but
> now if you claim it can't happen,
It is probably very difficult, possibly impossible in practice, to
backdoor a symmetric cipher. For evidence, I direct you to this old
paper by Blaze, Feigenbaum and Leighton:
http://www.crypto.com/papers/mkcs.pdf
Perry
--
Perry E. Metzger perry at piermont.com
More information about the cryptography
mailing list