In this space, I feel about the only public evidence would be when the NSA feel the protocol cannot be trusted for government use, where the primary risk is other-state actors.
I also feel the blurring of the role for the agencies here does nobody any favours. NOBUS confers a specific advantage which massively undermines your own position in the longer term for tactical advantage now. I would probably be told by wiser heads tactics trumps strategy, but when you face 20-50 year relationships and you burned your partners 15 years ago, that tactical win can be a bit of a problem.
The UK did this with Enigma: kept their insight secret and handed the captured units to the commonwealth governments. They did not help their own cause in the 1960s independence wars, trust was close to zero. I have no evidence the ability to decrypt their signals helped or hindered btw. Its conjecture on my part.
You have to also keep in mind,aes is class-b crypto, the only publicly known class-a ciphers are decades older than aes.
Timing side-channel vulnerabilities in an AES S-Box implementation would be flaws in the implementation and application as opposed to the algorithm.
This is effectively what we’re learning the government does through its FVEY “partnerships”. Can’t spy on a US citizen? Have our neighbor do it and pass it back to us!
The answer is throwing everything you have, and only some of the time reveal what you know.
Not sure about the law, but I'd say that assuming that nobody else has that kind of computing power is quite arrogant, and it's certainly not "ethical" to keep it undisclosed…
Because of this, it might be unclear exactly what a rival power is doing with all that heat and power and all those chips, but it's very easy to know that they're doing something. And, therefore, very easy to know when you're "ahead", in terms of nowhere else on Earth showing the right MASINT signature to represent the same compute capacity you have.
Mind you, this is commutative; the Russians, Chinese, and other powers with satellite networks can take the same infrared imagery, and do the same maths, to calculate exactly how much more compute the NSA has than they do; and their OPSEC doctrine is necessarily designed around this knowledge.
We know that the NSA makes custom chips, and it's probably harder to know how many calculations per second that hardware can manage than predicting the capacity of COTS hardware based on how hot the building is and how hot the nearest powerplant is getting.
One of the things I loved about the history of the Blackbird is that it held the record for fastest plane, and when a new pretender to the throne arrived, on a couple different occasions they sent up another Blackbird pilot and retook the crown. When a private individual breaks a record, they tend to go as fast as they can. Bragging rights for an military airplane are "mine is faster than yours" not "mine is exactly this much faster than yours". Just keep that classified.
1. the project succeeded and the government has kept cryogenic processors totally dark for a decade with no public leaks or hints to industry (far-fetched, though Skunkworks hid the Blackbird pretty well.)
2. they aggressively funded it as a black project but hit insurmountable design challenges (like quantum computers) or bureaucratic abyss (like the F35.)
3. the funding never materialized.
are any research teams working on superconducting classical computers, rather than quantum computers? does nonlinearity get in the way?
5. The project was funded as a black project without the intention to actually deliver results but rather to justify RSFQ circuits R&D to later use those results elsewhere
I didn't find any of what I was looking for, but I stumbled back onto the fact that Cray II's were cooled by running fluorinert over the components and that the NSA was one of their biggest customers at the time.
Whose to say they aren't still using fluorinert on servers?
But I've also heard rumors about TLAs getting access to pre-production versions of consumer chips (eg, when yields are still sad). And who knows what binning is going on at Intel. If I have a really good production run and I get 95 chips that have absolutely zero flaws, who do I sell them to? When you manufacture something you can't guarantee a certain yield to be above your wildest expectations, so would I even create a product number for the unicorns? Do I bin them with 'the best' chips even though I know they're better than the best?
Or do I just find someone with deep pockets who's happy to take whatever I've got, be it 3 or 300?
Does Google or Amazon have enough compute power to compete with the NSA? My guess would be yes. They certainly have a good cover story if they were interested in using it for exploits. :-)
On the other hand, this is exactly the reason that entities that do operate through handshake deals with no visible economic activity—organized crime and the zaibatsu/chaebol type of conglomerate—tend to be considered imminent threats to states. They're opaque to logistical analysis! (Not that your average mob boss would have any inherent reason to commit treason against the United States, but other nations might be rather motivated to give them extrinsic reasons.)
For this reason, even "benign" domestic crime syndicates or conglomerates will have their intelligence opacity hacked through with the application of good old-fashioned HUMINT.
Thus, such entities can do an entire skunkworks project without needing to touch the economy. Just like a state can.
Zaibatsu are complementary to (corporatist) governments, not adversarial. They feed off each other.
EDIT: to be clear when I say “no ability” I mean practically. Obviously they COULD put all employees on a single problem but they simply won’t.
It wasn't all employees, but all servers, that I was thinking about.
 For a very simple example compare the hashrate on any CPU vs a bitcoin miner ASIC with a comparable size.
On the other hand those idle resources could be rented to an agency at a discount price
Also, can any actor be certain distributed compute capacity can't be harnessed in the fashion of concentrated capacity? How many GPUs does is take to make a Cray, etc?
I suspect the answer is yes, and also that they monitor bitcoin mining rates to see if large bitcoin miners in adversarial countries suddenly disappear.
Paraphrased, is your system safe against: an individual hacker, a group, a corporation, a city-state, a nation, a superpower? Are any of the ones you said 'no' to ever likely to give a damn about your software or data?
Then botnets became a thing. Suddenly individuals or small groups could have more resources than a city-state, and every year they just got bigger and bigger. If it's only computing resources that save you (as implied by that quote), that barrier isn't what it used to be. Sophistication of some other kind is the only protection and hubris can kill that off pretty quick too.
I think it's reasonable to build systems that are resistant to attacks up to but not including the superpower level.
The worst part is the human factor. The more people involved, the easier it is to compromise one of those people.
Maybe, but there's also probably a team of very smart people whose job it is to consider all of the information and make that call on a case-by-case basis. I'm sure they get it wrong sometimes, but I'd also imagine they get it right most of the time.
> it's certainly not "ethical" to keep it undisclosed
Sure, but by that ethical posture nothing the NSA does is ethical. If you accept as ethical the NSA's mission of protecting Americans at the expense of other humans, this particular method seems pretty ethical.
The article mentions evidence that this supremacy is no longer true, but doesn't actually cite any evidence. I suppose they are alluding to private companies (mostly American but quite transnational), and also the Chinese government. Both likely have the kind of talent + computing infrastructure to challenge the NSA.
Do people like Palantir or Google exploit 0-days with the same NOBUS attitude?
I agree about the ethical requirement,but between surveillance and torture, they're well beyond the point of ethical discussion so.
And if you inform everyone that they have vulnerabilities not only that is security leakage it is a kind of security commerical activities without pay.
But nobody it is not. You have Russia and totalitarian china.
... the world is not pure and black And white. The wiki writing is too bias. And too political correct based on the wrong assumption.