[Cryptography] Opening Discussion: Speculation on "BULLRUN"

Jerry Leichter leichter at lrw.com
Thu Sep 5 22:31:50 EDT 2013


The actual documents - some of which the Times published with few redactions - are worthy of a close look, as they contain information beyond what the reporters decided to put into the main story.  For example, at http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?ref=us&pagewanted=all, the following goal appears for FY 2013 appears:  "Complete enabling for [redacted] encryption chips used in Virtual Public Network and Web encryption devices".  The Times adds the following note:  "Large Internet companies use dedicated hardware to scramble traffic before it is sent. In 2013, the agency planned to be able to decode traffic that was encoded by one of these two encryption chips, either by working with the manufacturers of the chips to insert back doors or by exploiting a security flaw in the chips' design."  It's never been clear whether these kinds of notes are just guesses by the reporters, come from their own sources, or come from Snowden himself.  The Washington Post got burned on one they wrote.  But in this case, it's hard to come up with an alternative explanation.

Another interesting goal:  "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS."  Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities".  These are all side-channel attacks.  I see no other reference to "cryptanalysis", so I would take this statement at face value:  NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against.  This makes any NSA recommendation *extremely* suspect.  As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.  Makes you wonder.  (I know for a fact that NSA has been interested in this area of mathematics for a *very* long time:  A mathematician I knew working in the area of algebraic curves (of which elliptic curves are an example) was recruited by - and went to - NSA in about 1975.  I heard indirectly from him after he was at NSA, where he apparently joined an active community of people with related interests.  This is a decade before the first public suggestion that elliptic curves might be useful in cryptography.  (But maybe NSA was just doing a public service, advancing the mathematics of algebraic curves.)

NSA has two separate roles:  Protect American communications, and break into the communications of adversaries.  Just this one example shows that either (a) the latter part of the mission has come to dominate the former; or (b) the current definition of an adversary has become so broad as to include pretty much everyone.

Now, the NSA will say:  Only *we* can make use of these back doors.  But given the ease with which Snowden got access to so much information ... why should we believe they can keep such secrets?
                                                        -- Jerry



More information about the cryptography mailing list