That used to be the norm! My personal favorite story along those lines was how they proposed changes to DES S-boxes without any detailed explanation. The open community was skeptical but it later turned out that the changes they proposed protected against differential cryptanalysis[1], which was at the time not known outside the intelligence community. That said, they did cut the key size dramatically which ended up weakening DES to the point that it could be trivially brute forced by the early 2000s, which led to 3DES and AES.
they did strengthen the s-boxes against differential cryptanalysis, yes, but since 02004 we have evidence that they also sabotaged it as part of a deliberate policy they'd put in place in 01968: https://blog.cr.yp.to/20220805-nsa.html
The sleight of hand here is to equate publicly reducing the key size, which was known (presumably at the time as well) to be a weakening of the system, with a supposed weakness injected cryptically into the S-boxes --- which we now know is the opposite of what happened.
Further, the truncated version of DES that got standardized far outlasted its expected lifetime --- the National Bureau of Standards expected DES to have a useful lifetime of about 5 years. And even at the time it was understood that you could expand the keysize by tripling up the DES core.
I think there's a really big difference between publicly weakening a standard, in effect telling the world "we want a standard that is adequate for commercial purposes but inadequate for military purposes, so as to retain our national edge", and doing what they did with Dual-EC, where it was impossible (apparently) for people to reason about what NSA was up to.
> and doing what they did with Dual-EC, where it was impossible (apparently) for people to reason about what NSA was up to.
Schneier was clearly able to reason about what NSA was up to, and told everyone in 2007 not to use Dual-EC, 6 years before the Snowden revelations.
I believe you have admitted that you thought that “Dual-EC has a backdoor” was a wild conspiracy theory until the Snowden revelations? Which makes the “impossible (apparently)” part a classic case of projection.
(I thought nobody should use Dual EC! But that was my reason for thinking it wasn't an NSA backdoor, because it was too dumb to be one. I underestimated the industry's capacity for "dumb". Also: I was dumb! I am dumb a lot.)
NIST didn’t design Dual-EC, NSA did. But NIST did the really hard work, which involved slapping their organization’s name on it, and not asking any inconvenient questions.
Thankfully we found a better way that ensures cryptographic security, which is to get former NSA interns to write the PQC standards, instead of proper NSA employees.
As a shorthand for this site, I'm not distinguishing between the two organizations. Which former NSA interns are you talking about? You can get their names from the pq-crystals.org site. Which one should we not be trusting?
A wonderful question that exposes me to legal action if I answer.
A better question: why do you think so many of your cryptographic feline friendz were so excited about isogenies for the past decade? Where do you think they all obtained that identical enthusiasm from? Why do you think SIKE made it so far in the contest and only got eliminated through luck?
Your theory here is that NSA coordinated an action whereby the PQC standard selected could be broken by anybody in the world with a Python script, based on research disclosed to the public in the 1990s.
I'm guessing this isn't a conversation that's going to take us into Richelot isogenies.
You obviously know that the Python script wasn’t submitted to NIST along with the draft standard.
Is Dual-EC-DRBG fine because we never saw the FVEY Python exploit that breaks it?
I think my theory here is that NSA coordinated an action whereby they figured no one was reading obscure algebraic geometry papers from 1997. In our low-attention-span world, it’s not the worst plan.
(Hell, folks didn’t realize TAOSSA contained 0day for a long time. Simply putting something in front of the public doesn’t mean they’ll read or comprehend it.)
It is literally the worst plan, because it leaves every PQC-protected system in the world exposed to everybody in the world. It's a theory that depends on NSA just wanting to watch the world burn.
Dual EC isn't broken by an exploit script. It's broken with a secret key.
> It is literally the worst plan, because it leaves every PQC-protected system in the world exposed to _everybody in the world_.
No, it leaves every SIKE-protected system in the world exposed to _everybody who reads obscure algebraic geometry papers from 1997._ We got really lucky that the two dorks who do read those papers decided to share their insights.
For all you know, there’s a paper sitting at the Institute For Advanced Study that would let you write a marvelous pq-crystals-shattering Python script, but they’ll never tell you the combination to the safe.
(Again: TAOSSA contained 0day exploits, and few noticed for a decade.)
You seem to believe the only thing preventing people from exploiting Dual EC is not having read the right cryptography papers. No; the reason why that's not the case is plainly evident from Dual EC's structure (if that were true, the NSA would presumably have no need of Dual EC!). Our premises are too far apart to usefully discuss this.
I thought PQC systems were wrapping classical encryption within the PQC protection so even if you broke PQC you'd still be left having to crack classical. Of course some hypothetical future QC could then accomplish this task so the future proofing goal of PQC would be violated.
The proposal is to do exactly this (hybrid schemes using a pre and a post quantum scheme).
However in this context the debate is just over the PQ scheme (not the overall system). Also, NSA are not planning to mandate a hybrid system for government use. Others may do the same.
I don't know if I count as a "feline friend", but: SIDH kept the DH shape. Being able to upgrade the protocols we had relatively closely is appealing. "Structure is useful but seems precarious" wasn't exactly secret knowledge.
What people on these threads aren't prepared to grok is that cryptography engineers (even the older ones) are gothy af, and the isogeny graph diagrams all looked like black magic stuff out of the Lesser Key of Solomon. Sorry, there isn't more to it than that.
I never understood the Dual-EC backdoor. What was the point? Who would be dumb enough to use that as their CSPRNG when so many simpler, faster, and less sus options were available?
I supposed they did (allegedly) pay RSA Security to make this the default choice in BSAFE but that seems like an awful lot of work to hack one product.
That was my take too, but in fairness to everyone else who was right about this, once you stepped back and looked at the design for what it was, rather than as a weird concoction that happened to spit out random numbers, it was extremely obvious what the purpose of the design was. Another thing happening with me and Dual EC: I just know a lot more about cryptography today than I did 13 years ago. (I'm not a cryptographer; I'm a vulnerability person that happens to specialize a bit in cryptography vulnerabilities. It's a great rhetorical hedge.)
Another thing I was very certain (and certainly wrong) about was that no competent team was using BSAFE in 2010. The more I've learned about cryptography the less confidence I've held onto in industry cryptography practices outside of Google, Apple, and Microsoft. I would have assumed the major networking vendors were playing at roughly the same level. Yikes, no.
Yeah they unfortunately abused the good will they got from that. Once differential cryptanalysis was known and it was clear the NSA had strengthened the DES S-boxes, people started trusting them. And they started making lots of suggestions to various standards. Only now they were inserting back doors. It wasn’t until Snowden that the pendulum of public paranoia swung back the other way.
Unless you count Clipper as a "backdoor", this article asks the same question I am. The whole point of Clipper, of course, was that keys were escrowed.
Clipper was deliberately backdoored (the key exchange had a trap door), with that backdoor only publicly found after its release. This was more the a just key escrow. Why would that not count?
The entire point of Clipper was to field cryptography that NSA could break. That wasn't a later revelation. It was the understanding at the time. It's why there were "the crypto wars".
The NSA being the good guys for once feels strange. Especially caring for public interest.
Only if everything you know about the NSA comes from the evil, cackling, mustache-twirling caricatures of it promulgated by angry people on the internet.
Once you look beyond the politics, propaganda, and axe-grinding that is endemic to the online world you find out all sorts of fascinating things about the U.S. government.
Of course the NSA (and arguably any topic) is more nuanced than internet discourse likes to admit. That said, they've done plenty to warrant people's paranoia of them and not a lot to dissuade it.
It's entertaining how many people online think government intelligence agencies actually care about them at all, considering the limited amount of time in the day and all the info that said agencies need to know about adversary countries and other important topics.
For 99 44/100 percent of the online outrage bait, I'm like "you're not that interesting, and they almost certainly don't care about you anyway."
I don't think the Federal government has had much control over public perception of itself for quite some time now. We're not living in an age of manufactured consent in which the dominating central tendency is more or less obvious.
The concept of manufactured consent always felt a bit suspect, but Kamala Harris' presidential candidacy has been covered by say, the NYTimes and The Guardian with little to no criticism, and they seem to be intentionally masking the fact that she has no real policies or any sort of platform. What else, if anything, points you towards the image of a state in whose operations it wants to appear as ambiguous as possible? The real threat, the known threat to state security is Trump, because he and his followers are crazy.
If the NSA, and other intelligence agencies, had any influence on the election, why wouldn't they do exactly what it would appear they are doing now and get a milquetoast liberal elected to office who will easily capitulate to their demands?
> intentionally masking the fact that she has no real policies or any sort of platform
What you're suggesting doesn't exist - and is being skirted around by the news - is in fact widely available. Google's right there.
> If the NSA, and other intelligence agencies, had any influence on the election, why wouldn't they do exactly what it would appear they are doing now and get a milquetoast liberal elected to office who will easily capitulate to their demands?
This strikes me as working backwards from a conclusion. If in your view the intelligence community would operate in that way, how would you ever know one way or the other?
One thing we can certainly agree on is that Trump is the real threat. It is pretty damning of our age that "not having a platform"(to your satisfaction) is supposed to be met as a serious criticism, but her opponent's openly unhinged behavior is just "how it is".
Lol, she's discussed far more of a platform than Trump. Trump never gets into specifics. The closest we've gotten is his insane plan for a flat 10% tariff which would be devastating for the middle class.[1] Other than that, he deals solely in empty platitudes.[2]
Meanwhile, Harris has made specific policy promises on a wide range of issues.[3]
>and they seem to be intentionally masking the fact that she has no real policies or any sort of platform
She doesn't need one: the fact that she's not Trump, and she's not old enough to be senile or on death's door, is all she needs for most voters. It's not like the Democratic Party had a bunch of other viable candidates in a position to mount a presidential campaign this close to the election.
If you want to criticize the US for having a crappy FPTP election system that basically guarantees only two viable parties on the national stage, that's fair, but that's not the fault of journalism outlets, it's baked into the Constitution and other legislation.
<The real threat, the known threat to state security is Trump, because he and his followers are crazy. If the NSA, and other intelligence agencies, had any influence on the election...
Also, those news outlets may very well have their own agenda they're pushing, without any help from the intelligence agencies or anyone else: back in 2015, the media did help to make Hillary look bad. Perhaps they're blaming themselves partially for Trump getting elected, so this time around they want to make sure they don't turn off voters to the non-crazy candidate just because she isn't perfect. (And granted, Kamala doesn't have nearly as much baggage as Hillary did, which helps a lot.)
What, exactly, did they do to further their evil plans?
Did they inject Biden with a dementia drug to force a withdrawal and engineer the timing such that the current Vice President was pretty much the only viable option for the US Democrats to rally behind?
Seems like a tightrope feat of Rube Goldberg Heath Robinson needle threading.
>Did they inject Biden with a dementia drug to force a withdrawal and engineer the timing such that the current Vice President was pretty much the only viable option for the US Democrats to rally behind?
It's not a one-way relation to power. Intelligence agencies are nothing if not opportunistic, they can influence elections but if one of the candidates is clearly incompetent there isn't much they can do unless he drops out. You're forgetting that Jill Stein would've never been endorsed by Biden; what appears to be chaotic and contingent actually has a strong set of boundary conditions of possibility that all the contingency is contained within, and intelligence agencies, including even the state department for foreign affairs, try to control that. Not individual actions, but the ability to perform them, the rationality of it. The fact that you can't even imagine a candidate besides Donald Trump who poses a serious threat to the state intelligence apparatus shows you that they've already won, or at least nearly so.
> The fact that you can't even imagine a candidate besides Donald Trump who poses a serious threat to the state intelligence
?
How'd you get this incorrect insight into what I think ... and what makes you think that Trump is a serious threat to the US state intelligence apparatus?
He encouraged a group of his supporters to overthrow the government to allow him to stay in elected office, and his political advisors have developed a plan for him to wipe out the executive branch in its current form if he gets re-elected? There won't be a security state under Trump, at least as it exists now.
I think you claimed that Harris was somehow not an ideal candidate for the current hegemonic forces in the US, or at least those forces of power wouldn't do what they could to make sure she gets elected. One of Chomsky's points was precisely this, they goad you with progressive political candidates who don't actually threaten power. The two main forces of power in the US are capitalist industry and the state, but the truth is that both have an interest in maintaining power relations such as they are, and so what we are witnessing in most elections is just a sort of balancing act between direct and indirect means of control. With Trump you have someone who is so insanely narcissistic that he is completely unreliable and there is essentially no way of using him to maintain state control as such.
Overthrowing an elected government doesn't threaten the longevity of security agencies or "the security state" and having read Project 2025 I see no threat to "the security state" .. if anything he'd be bringing more work their way.
Trump is a threat to democracy, not to TLA's.
> I think you claimed that Harris was somehow not an ideal candidate for the current hegemonic forces in the US,
I made no such claim. Perhaps you might like to scroll back and identify where I did, I suspect you've confused me for another.
With the type of work the NSA does, I can't imagine many of the didn't know who Grace Hopper was. I expect they did it out of respect for her, rather than for the benefit of the general public.
