NSA backdoor in public crytographic system?
Posted by isilanes on November 17, 2007
The following shows why crytograpy methods shoud be public. There is some common misconception, that assumes that the most secure crypto methods are “proprietary” or “secret” ones. This is a terrible error, since only knowing the “recipe” (the algorithms) behind a given method can assure us that it is actually robust.
The question can rise: how can a publicly known crytographic method be secure? By definition, everyone will know how it works! Not quite. The operation method can be known to all, and an eavesdroper could know what method we are using, but if the method is secure, the eavesdroper will not be able to decipher a given message. It might be tempting to think that if an eavesdroper doesn’t even know what encryption we are using, or she knows the “name”, but the method behind is secret, then the security of the message is increased. This is called security through obscurity, and is actually a very dangerous error, because it might lead us to be less exigent in the robustness of the encryption algorithm. A communication can only be considered secure if even knowing the encryption algorithm, an eavesdropper could not decrypt it.
To achieve this, it is vital that the encryption algorithm be publicly known, and rigorous tests applied. This is the case of the crypto standards of the North-American NIST. All the standards “accepted” by them have to be subject to open scrutiny, which happens to be a Good Thing(tm). You’ll see it if you read the following articles in The Register and Wired.
In summary: one of the components of cryptographic methods is random number generation. One of the ones approved this year by the NIST (called Dual_EC_DRBG), relied on a set of initial numbers to generate the “random” result (I’ll call this set P, public). This is normal, and correct. The problem comes from the fact that this set of numbers is apparently related to another (unknown) set of numbers (that I’ll call B, backdoor), knowledge of which could empower someone to break the resulting encryption. The way I understand it, is like having the known set of numbers P = (6,12,18,24,30), but then realizing that they are all built from the set B = (2,3). In the Dual_EC_DRBG method, some experts have realized that the set P is related to another set, but they still haven’t found what are the elements of B.
Now, the scary part is that (life’s full of casualities) the Dual_EC_DRBG was introduced in the standard proposed, and pushed, by the NSA of the USA, aka “the eavesdroppers of the world”. So I’ll invent a little fiction, with no relationship with the reality: imagine that a given government agency N of nation U takes a set of numbers B, and comes up with an encryption method M that produces the apparently innocent set P from it, and then M uses P to perform encryption. If the encryption method M becomes a standard, and people all around the world use it for anything from private e-mail to secure government or militar communications… guess who has a the key to read all these messages? (a backdoor).
Thanks $GOD, this is science fiction, is it not?