[Cryptography] FOI of NSA's cryptanalysis of DES

John Gilmore gnu at toad.com
Tue Jan 31 19:27:10 EST 2017 

> Just wondering if anyone has made any attempt at FOI'ing the NSA's cryptanalysis of DES.

This would be an interesting topic.

There is a Congressional document which is the unclassified version
of a congressional analysis of whether DES was weakened by NSA.  See:

  U.S. Senate Select Committee on Intelligence. "Unclassified Summary:
  Involvement of NSA in the Development of the Data Encryption
  Standard" (Staff Report), 98th Cong., 2d sess., April 1978

I found a copy of this years ago in a federal Depository Library (on
paper).  There is also a copy scanned into the Internet Archive:

  https://archive.org/details/InvolvementOfNSAInTheDevelopmentOfTheDataEncryptionStandard

A (possibly different) version was also published in IEEE
Communications Magazine 16(6):53-55 in December 1978 (DOI:
10.1109/MCOM.1978.1089789).

In hindsight, the key sentence in this document is: "In the
development of DES, NSA convinced IBM that a reduced key size was
sufficient;".  If true, it would indicate that NSA's most pungent
corrupting influence was made to IBM, not to NBS.  Horst Feistel,
the designer at IBM, died in 1990; I don't know where his papers
have ended up.

The classified version has never been released.

Neither this document nor the classified version are covered by FOIA,
since they are Congressional documents.  However, I would not be at
all surprised if there were copies of the staff report (and inputs to
it) in various Executive Branch agencies (NBS, NSA), where they could
be FOIAd.  Sending them a FOIA request would trigger a mandatory
declassification review, which might lead to some releases, IF they
have and can find copies of the documents, which is a big IF for a
1978 document.

In fact, the unclassified summary almost HAD to be written by someone
in the Executive Branch who had a copy of the classified summary.
This is because classification decisions always occur in the Executive
Branch.  (Did you note that when the FIJA Court wanted to release some
of its opinions, it had to submit them to the DoJ for
declassification?)

The unclassified summary also says, "Over 200 pages of private and
public papers and documents were also analyzed".  I suggest trying
to FOIA those papers, as well as the staff report.

Also, if there was a proverbial "honest man" on the Senate
Intelligence Committee, you could write a letter to them, asking that
this document be unearthed and declassified.  My Senator there is
Dianne Feinstein, apologist for authoritarianism, who does not qualify.
(At the time of the report, Joe Biden and Gary Hart were on the committee.)

You could also check into what has happened to the former committee
staff (William G. Miller, Earl D. Eisenhower, and Audrey H. Hatry are
identified in the unclassified summary).  I know that some of the
staff of the Church Committee went on to write good books about what
they were doing and what they learned "back in the day" while
investigating NSA.

But you are asking for something slightly different -- a cryptanalysis
of DES, not an inquiry into its subversion.  You could try asking, but
you'll probably get a stonewall response, unless you can identify some
particular document (like the above) that they can't help but find if
they look in the right files.  Maybe try asking for the designs of
DES-cracking machines built by NSA.  We know they have done it, almost
certainly before we did it.

There is also a chronology of the development of DES in the Office
of Technology Assessment's "Defending Secrets, Sharing Data" booklet,
in Appendix C, which is reproduced here:

  https://www.princeton.edu/~ota/disk2/1987/8706/870612.PDF

That whole book appears to be digitized into a set of PDFs here:

  https://www.princeton.edu/~ota/disk2/1987/8706.html

	John

More information about the cryptography mailing list