[Cryptography] Can you backdoor a symmetric cipher (was Re: Opening Discussion: Speculation on "BULLRUN")

Perry E. Metzger perry at piermont.com
Fri Sep 6 00:33:00 EDT 2013


On Thu, 5 Sep 2013 23:24:54 -0400 Jerry Leichter <leichter at lrw.com>
wrote:
> They want to buy COTS because it's much cheap, and COTS is based on
> standards.  So they have two contradictory constraints:  They want
> the stuff they buy secure, but they want to be able to break in to
> exactly the same stuff when anyone else buys it.  The time-honored
> way to do that is to embed some secret in the design of the
> system.  NSA, knowing the secret, can break in; no one else can.
> There have been claims in this direction since NSA changed the
> S-boxes in DES.  For DES, we now know that was to protect against
> differential cryptanalysis.  No one's ever shown a really
> convincing case of such an embedded secret hack being done ... but
> now if you claim it can't happen,

It is probably very difficult, possibly impossible in practice, to
backdoor a symmetric cipher. For evidence, I direct you to this old
paper by Blaze, Feigenbaum and Leighton:

http://www.crypto.com/papers/mkcs.pdf

Perry
-- 
Perry E. Metzger		perry at piermont.com


More information about the cryptography mailing list