How far is the NSA ahead of the public crypto community?
Sampo Syreeni
decoy at iki.fi
Fri May 9 19:07:58 EDT 2008
On 2008-05-09, Matt Blaze wrote:
>> The guy's specialty was algebraic geometry - a hot field at the time.
>> This is the area of mathematics that studied eliptic curves many
>> years before anyone realized they had any application to
>> cryptography. [...]
>
> I've heard similar recollections of mathematicians from improbably
> abstract specialties being eagerly taken in by NSA, throughout the
> cold war.
I wouldn't say algebraic geometry is such a pure and abstract specialty
in this context. It has its roots firmly planted in multivariate
polynomial algebra, and even at that time it was quite clearly the field
that was most intimately connected with mechanistic solutions to groups
of nonlinear polynomial equations over finite fields. Which then is
exactly what a mathematician sees when presented with a symmetric
cryptosystem to break. As evidence of that, Hilbert's basis theorem
(which underlies Groebner bases, which in case relinearization and the
bunch are an independently discovered special case of) was well known
and appreciated at that time.
So, even if elliptic curve cryptography became later, the broader theory
of algebraic geometry was *certainly* relevant to crypto even then, and
should have easily been seen to be so.
> Some of the (non-crypto) problems here seem rather specific to the
> NSA's domain, and so don't likely have an advanced civilian research
> community competing with them they way academic crypto does today.
Quite so. I think this is where one should be seeking for the signs of
differential advantage. Not the broad fields of mathematical expertise
which plausibly could have been acquired by the NSA for any of a number
of reasons.
> A couple of the papers from the 1970's hint (in redacted form,
> frustratingly) that the NSA then had large scale automatic systems for
> intercepting and processing morse code signals from large blocks of
> radio spectrum, which implies some pretty advanced (for that era)
> signal processing and computing, crypto aside.
Band agnostic, keying rate adaptable and error tolerant algorithms in
this department most likely fall in the advanced category even today,
especially if computationally thrifty. I've certainly never seen
anything of the sort in what DSP literature I'm aware of.
--
Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front
openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list