How far is the NSA ahead of the public crypto community?

Sampo Syreeni decoy at iki.fi
Fri May 9 19:07:58 EDT 2008


On 2008-05-09, Matt Blaze wrote:

>> The guy's specialty was algebraic geometry - a hot field at the time. 
>> This is the area of mathematics that studied eliptic curves many 
>> years before anyone realized they had any application to 
>> cryptography. [...]
>
> I've heard similar recollections of mathematicians from improbably 
> abstract specialties being eagerly taken in by NSA, throughout the 
> cold war.

I wouldn't say algebraic geometry is such a pure and abstract specialty 
in this context. It has its roots firmly planted in multivariate 
polynomial algebra, and even at that time it was quite clearly the field 
that was most intimately connected with mechanistic solutions to groups 
of nonlinear polynomial equations over finite fields. Which then is 
exactly what a mathematician sees when presented with a symmetric 
cryptosystem to break. As evidence of that, Hilbert's basis theorem 
(which underlies Groebner bases, which in case relinearization and the 
bunch are an independently discovered special case of) was well known 
and appreciated at that time.

So, even if elliptic curve cryptography became later, the broader theory 
of algebraic geometry was *certainly* relevant to crypto even then, and 
should have easily been seen to be so.

> Some of the (non-crypto) problems here seem rather specific to the 
> NSA's domain, and so don't likely have an advanced civilian research 
> community competing with them they way academic crypto does today.

Quite so. I think this is where one should be seeking for the signs of 
differential advantage. Not the broad fields of mathematical expertise 
which plausibly could have been acquired by the NSA for any of a number 
of reasons.

> A couple of the papers from the 1970's hint (in redacted form, 
> frustratingly) that the NSA then had large scale automatic systems for 
> intercepting and processing morse code signals from large blocks of 
> radio spectrum, which implies some pretty advanced (for that era) 
> signal processing and computing, crypto aside.

Band agnostic, keying rate adaptable and error tolerant algorithms in 
this department most likely fall in the advanced category even today, 
especially if computationally thrifty. I've certainly never seen 
anything of the sort in what DSP literature I'm aware of.
-- 
Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front
openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list