[Cryptography] Equation Group Multiple Malware Program, NSA Implicated

Jerry Leichter leichter at lrw.com
Tue Feb 17 10:56:56 EST 2015 

On Feb 17, 2015, at 6:35 AM, ianG <iang at iang.org> wrote:
>> Here's an interesting comparison.  Most academic cryptographers believe
>> that the NSA has lost its lead:  While for years they were the only ones
>> doing cryptography, and were decades ahead of anyone on the outside, but
>> now we have so many good people on the outside that we've caught up to,
>> and perhaps even surpassed, the NSA.  I've always found this reasoning a
>> bit too pat.  But getting actual evidence has been impossible.
> 
> I'd rather say it this way:  we have circumstantial evidence that we are at about the same level for all practical purposes and intents.  As far as we are concerned.
What evidence is there for this?

> There's a bit of a difference.  I'd say they are still way ahead in cryptanalysis, but not in ways that seriously damage AES, KECCAK, etc.
Again, do you have any evidence?

It's not that I have evidence the other way.  We just don't know.  What concerns me is that most of the arguments are "faith-based" - the kind of arguments that support "open always wins":  No matter how big/smart you are, there are more smart people who *don't* work for you than who *do*, and in the long run the larger number of people, openly communicating and sharing, will win.  And yet Apple sold more phones in the US last quarter than all Android makers combined - the first time they've been in the lead.  It's not even clear how to compare the number of smart cryptographers inside and outside of NSA - and NSA has more funding and years of experience they keep to themselves.  This is exactly how organizations win over smart individuals:  They build a database of expertise over many years, and they are patient and can keep at it indefinitely.

> In contrast, I'd say we are somewhat ahead in protocol work.  That is, the push for eg CAESAR, QUIC, sponge construction, is coming from open community not from them.
Why would they push for new stuff out in the open world?  They *should* be pushing for it, because they *should* be putting more emphasis on defense of non-NSA systems. But what we've seen confirmed repeatedly over the last couple of years is that they have concentrated on offense - and against everything that *isn't* an NSA system.  (To the point where they've apparently even neglected defense of their own internal systems:  What Snowden did was certainly something they *thought* they had a defense against.)

>  In the 1990s we infamously blundered by copying their threat model;  now no longer, we have enough of our own knowledge and deep institutional experience to be able to say that's garbage, our customers are different.
Actually, in that case, I think there's a simpler explanation:  Their models were really the only ones out there, because they'd been dealing with the problem for many years.  Industry hadn't - its needs for security models were, until the pervasive computerization of information, much simpler and in little need of formalization.

There's precedent for this.  When large-scale industrial organizations came into being - a fairly recent development; Engels, Marx's friend, owned what was then one of largest factories in England, employing a few hundred people - they had to figure out how manage themselves.  They copied the only form of organizational structure for large numbers of people that then existed:  Militaries, which followed a style going back to Roman times.  Think about the traditional factory:  Large numbers of "workers" out on the floor; a much smaller number of ex-workers promoted to line management; and then a hierarchy of "professional managers" - with specialized training; almost never promoted from among the line workers - above them.  It's not coincidence that this looks exactly like the traditional army, with its privates, non-coms, and a professional officer corps.  New models for large corporations only started to arise in the late 1960's, with the development of so-called "knowledge organizations".  (The military has had to back-port some of these innovations as it, too, has become more knowledge/expertise based.)

> And our needs are pushing the envelope out in ways they can't possibly keep up with.
They apparently haven't even tried, on the defense side - and I agree that we're probably out ahead because of this.  But they're certainly working hard on the offense side....

> In sum, I'd say they are ahead in the pure math, but you'd be hard pressed to find an area where it mattered.
Maybe.  It's really impossible to say.  Two days ago, I would probably have agreed with you.  Now ... I'm not so sure.

> E.g., as Peter & Adi and I are infamously on record for saying [0], the crypto isn't what is being attacked here.  It's the software engineering and the crappy security systems.
*But attacking these security systems is exactly what they appear to be experts at!*
                                                        -- Jerry

More information about the cryptography mailing list