[Cryptography] Opening Discussion: Speculation on "BULLRUN"

James A. Donald jamesd at echeque.com
Fri Sep 6 08:24:32 EDT 2013

On 2013-09-06 12:31 PM, Jerry Leichter wrote:
> Another interesting goal:  "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS."  Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities".  These are all side-channel attacks.  I see no other reference to "cryptanalysis", so I would take this statement at face value:  NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against.  This makes any NSA recommendation *extremely* suspect.  As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.

The mathematics of ECC is such that one would expect that curves with 
backdoors that are difficult to find, or impossible to find except 
through construction, exist.

Therefore, one should never employ a particular curve recommended by 
NSA, but rather a random or arbitrary curve.

More information about the cryptography mailing list