NSA Swears On The Body Of Ed Snowden It Will Not Backdoor New Encryption Standard
from the time-to-make-this-deniability-plausible! dept
Maybe it’s occasionally OK to shoot the messenger. You know, maybe one to the knee to help determine whether or not they can be trusted.
The NSA — which has undermined encryption standards in the past — says it won’t undermine the next strain of encryption, one being built to withstand the inevitable arrival of quantum computing.
The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.
The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.
“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview.
Pardon my cynicism, but that’s exactly the sort of thing someone planning to backdoor encryption would say. The NSA has backdoored encryption standards in the past, something exposed by the Snowden leaks. And while Snowden’s current residence in a country apparently desirous of instigating World War III looks extremely questionable in hindsight, it doesn’t take anything away from the factual revelations he delivered to the world.
While it’s true the NSA has spent less time agitating (at least publicly) for encryption backdoors than, say, the FBI, its troubling past strongly suggests it should not be taken at its word this time around.
But the threat is real. And if the NSA truly cares about national security, it will do nothing to undermine the new standard. Quantum computing has the capacity to be the pipe wrench that makes security efforts mostly irrelevant. The sooner a new standard can be put in place, the better. If the NSA can help achieve this more quickly, it should. But it should never be assumed the NSA’s intentions are pure.
The other concerning question is whether the new standard will arrive ahead of expected quantum encryption cracking efforts.
The Biden administration last week unveiled a plan to switch the entire US economy to quantum-resistant cryptography, which will rely on new NIST algorithms, as much “as is feasible by 2035.”
Joyce, of the NSA, said it was a question of “when, not if.” He is among those who worry U.S. adversaries are stealing and stockpiling encrypted data intended to remain secret for decades or more in anticipation of being able to unlock it when viable quantum computing arrives. China, for one, is pouring billions of dollars of investment into developing quantum computing, according to US researchers.
The tech arms race continues. If the NSA truly cares about the security of the nation, it will stick to its “no backdoors” promise. If it cares more about its own interests, it will find a way to subvert something intended to protect US interests from enemies. And it will justify its efforts by claiming national security is too important a job to be limited by encryption standards capable of withstanding even the NSA’s own encryption-breaking efforts.
Filed Under: backdoors, encryption, nist, nsa, quantum computing, quantum cryptography
Comments on “NSA Swears On The Body Of Ed Snowden It Will Not Backdoor New Encryption Standard”
'Trust us' said the liars
In related news the Big Bad Wolf has assured the public that despite the fact that he huffed, and puffed, and blew two houses down previously his current stockpiling of explosives has absolutely nothing to do with any future houses, even as he argues once more that his knowledge in structural engineering should be trusted in future home design for prey animals.
No backdoors. Just going to leave the windows open.
History
I think it’s time to admit that the thread model includes recording messages now for future decoding.
In the short run, I think longer keys than required is necessary.
In the long run, its probably time to return to one time keys hidden steganographically.
Scotty said it best...
TL;DR Snowden didn’t “choose” in “hindsight” to go to Russia, and the NSA is about as trustworthy as the rest of the liars in DC.
NSA said something? Did they Pinkie swear?
https://www.youtube.com/watch?v=al2z7t3M9Og
Snowden:
TBH Snowden ran out of options once he was in transit outside US law (and jurisdiction, and extradition treaties, and MLATs) because the US Government –of its own accord– revoked his passport. https://www.reuters.com/article/us-usa-security-passport/u-s-revokes-snowdens-passport-official-source-idUSBRE95M0CW20130623
That left him with a couple of options:
1. Repatriate to the United States, where the government promised to give him a trial on espionage charges, which means a life in prison and an inability to bring a public interest defense. https://www.justiceinitiative.org/voices/why-snowden-won-t-get-public-interest-defense-he-deserves
or
2. Seek another country for asylum, citizenship, whatever. The first thought was south America but his options to get there were curtailed by that revocation. His remaining option was Russia.
https://www.npr.org/sections/thetwo-way/2013/07/06/199337924/if-snowden-tries-to-get-to-latin-america-cuba-could-be-key
I’m not going to link Assange here but let’s just agree that the concept of trying to evade the “long arm” of United States childish tantrums is pretty long. Russia is a solid choice on that front. Painting it in any way that implies it was planned this way or that he is a traitor to the ‘Commies’ takes away from the good that he did.
When the NSA says “Oh this thing is so good even we can’t break it. Here, download it for free. We’re so confident it’s secure we’re almost darn pretty sure maybe Congress will like it unless it can be broken but only for CSAM, drug-enforcement, and other future purposes” I just want to double-click the “stupid” button to install it.
When people say Snowden is a traitor they are just confusing the real traitors — Trump, Trump Jr, Synema, Manchin, Mcconnell, Mccarthy (Jenny too but only because of the autism vaccine thing) etc.
There are plenty of traitors. Just like cops, the bad ones protect the other bad ones. There are no good ones. [I’ve been interviewed by two FBI agents about the one time I said that on TechDirt…]
Re:
While I strongly disagree that Trump, Manchin, et al are actual, by the law, traitors, that doesn’t make their behavior less reprehensible. Just not traitorous by letter of the law. … for the facts before us currently.
On the other hand, I am voting you up as insightful regarding Snowden. (And writing this up, I must have been thinking too much of Trump, as I wrote ‘inciteful’…) All countries who would have accepted Snowden, and with enough spine not to immediately turn him over the first time the US glances in their direction, please stand up.
Re: Re:
Manchin, maybe not, but Trump actually planned with fellow Republicans to find a way to overturn the results of a free and fair election—one, might I add, that Republicans haven’t said was “rigged” or whatever in regards to the downballot elections they won in that same election. I’d call Old 45 a traitor any day of the week and thrice on Election Day.
Re: Re: Re:
…which is still not treason under the US Constitution: “Treason against the United States, shall consist only in levying War against them, or in adhering to their Enemies, giving them Aid and Comfort. No Person shall be convicted of Treason unless on the Testimony of two Witnesses to the same overt Act, or on Confession in open Court.”
Under US law, with free speech and all, you’re free to call him whatever you like. It’s just Unamerican to do so (and I seem to recall you’re not, in fact, American). The American definition is so strict specifically because it was drafted while rebelling against a king who had a penchant for declaring as “traitors” anyone he didn’t like.
Re: Re: Re:2
Thank you, I will.
Two things.
Got any other orders for me to disobey, kid?
Re: Re: Re:3
Is it hard to walk straight with that chip on your shoulder?
Re: Re: Re:4
Is it hard to walk around with that projector on your shoulder?
Re: Re: Re:2
Doesn’t inciting a riot at the US Capitol count as levying war, then? Because I thought it did. Trump is definitely a traitor by that standard, it’s just that the team prosecuting him never thought of it.
Re: Re: Re:2 Levying war against the United States
I’m pretty sure engaging in a coup d’etat (which Trump’s phone calls to intimidate state secretaries and his 2021-01-06 bums rush on the Capitol both count absolutely counts as levying war against the United States.
The only reason Trump hasn’t been prosecuted is because the federal government doesn’t prosecute elites if it can find a an excuse to not do so (or can just delay it forever). And Trump despite his history of confidence games and vice, is one of theirs.
Re: Re: Re:
By the letter of the law, in order for someone to be a traitor,
1) The United States has to be at war with an enemy, and
2) That person has to be working for the enemy
Trump is a lot of things — dickhead, asshole, crook, conman, liar, a narcissist with shit hair (thank you, Jonathan Pie!), pathological liar (oh, did I say that already? Oops), and above all manifestly unfit for office — but technically not a traitor. Insurrectionist might be more accurate.
Re: Re: Re:2
People who commit treason are traitors, but it’s possible to be a traitor without committing treason.
Treasonous is a subset of traitorous. Square versus rectangle.
Re:
Also keep in mind that the US had no problems forcing the EU to deny the plane of the Bolivian president access to EU airspace while already in said airspace just because Snowden might be onboard. Then tried to get the plane to crash by trying to force Austria to deny landing rights despite an fuel emergency being declared. Then managed to force Austria to break every rule in the diplomats handbook by forcing the Austrians to break into a plane that thanks to being the temporary residence of the president of Bolivia was considered Bolivian territory. The only reason that that wasn’t a major political incident was because Morales invited them in instead of creating a standoff.
So Snowden getting out of Russia to a less loathsome nation willing to give him asylum and capable of preventing his abduction was close to zero if a mere “he might have snuck onto the plane of the Bolivian president” hunch triggered that kind of reaction.
Re: Re: Bolivian jet hijacked by foreign governments
Thanks for adding that note. The saga is more complete with that there.
https://www.theguardian.com/world/2013/jul/03/edward-snowden-bolivia-plane-vienna
Ehud
Re: Truth
Wow
DJB is been known to make reasonable decisions in his implementations of cryptographic primitives. Here’s hoping he has his own spin to post-quantum cryptography at some point if there is that much suspicion cast onto standards sponsored by entities too closely link to IC.
Re:
Bernstein published post-quantum RSA, in a paper variously described as a template or a joke (because of its 1-terabyte keys, 3-terabyte RAM requirement, and multi-day execution times). It did describe an actual advance in factoring, however.
More practically, DJB’s listed as a submitter on a few of the competition finalists: Classic McEliece, NTRU Prime, and SPHINCS+.
Also see the talks and slides of: The year (2018) in post-quantum crypto.
That’s not the part that’s concerning. Quantum computer progress is slow, to the extent some people are comparing it to fusion: always 20 years off. “in 2012, the factorization of 21 was achieved, setting the record for the largest integer factored with Shor’s algorithm. In 2019 an attempt was made to factor the number 35 using Shor’s algorithm on an IBM Q System One, but the algorithm failed because of accumulating errors.” (It’ll take probably upwards of 6000 stable qubits to realistically break things, and we’re nowhere near that.)
More likely, the new algorithm will be selected in the next few years, and current algorithms will be broken in, let’s say, 20 years. But people (or agencies) might be saving encrypted data now, to break later. If you need today’s data to stay secret for upwards of 30-50 years, that could be a problem.
By the way, one of the competition finalists can be broken in a weekend on a laptop. The NSA didn’t catch that in the first 2 rounds, or didn’t tell anyone. Don’t throw away the old crypto too quickly; instead, use a post-quantum algorithm in conjunction with a more proven algorithm, such that both need to be broken to read the message (i.e.: don’t fuck it up by doing something dumb like using the same private key for both). The latest version of OpenSSH is doing this: “The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange […] as a backstop against any weaknesses in NTRU Prime that may be discovered in the future.”
Re:
The really concerning thing that people are missing is that when Quantum computing becomes practical, any intelligence agency with smarts have been siphoning up encrypted communications for years with the expectation that QC will be able to decrypt it.
So the whole thing with “oh, we must make our encryption resistant to quantum decryption” is ignoring the fact that it’s already too late for all prior and current communications. How much sensitive information that are still relevant will be decrypted and disseminated?
Re: Re:
How good with their algorithms for selecting interesting information, and how many analysts can the pay to deal examine all that selected information. Collect it all has two main uses, figuring out what happened after it happened, and looking for dirt on a few selected targets. Being able to decrypt old messages mainly just adds hay to the haystack, making finding the needles even harder.
A slightly more nuanced take on the subject
Re:
That the NSA has declared there are no known flaws is not a confirmation that they’re not desperately trying to find one.
What benefit of the doubt has the NSA earned, considering that they led a witch hunt to completely destroy a whistleblower leaking the fact that they had a dedicated department for stalking potential love interests?
Re: Re:
Um… NSA claims to be trying to find flaws, and I see no reason to disbelieve them about that. But, if they found a flaw, would they tell us? And are they capable of finding flaws?
An apparently fatal flaw was found in one of the finalists, Rainbow, in February (see the previous “broken in a weekend” link). NSA didn’t find it, or didn’t tell us, and based on the recent interview might still be unaware of it (or pretending to be??).
Usually, a cryptographer can make headlines by finding a security reduction of maybe 10% in an algorithm, or even a weakened version of an algorithm (like “if we had 10 rounds instead of 16”). A total break, in a weekend, no supercomputing cluster needed, is huge—and worrying, this late in the competition. It suggests even the best cryptographers don’t really know how to analyze at least some types of proposed post-quantum algorithms. (I suspect even NSA are struggling. It’s commonly believed among cryptographers that they’re not nearly as far ahead of the general community as they once were—a decade used to be a common guess.)
Re: Re: Re:
The point being, I wouldn’t trust the NSA when they say something is unbackdoorable. They’ve proven themselves to be thoroughly undeserving of trust.
Re: Re: Re: NSA claims to be trying to find flaws, and I see no reason to disbelieve them about that
Well you either don’t know their history or you’re an idiot.
Re: 'Conflict of interest? Never heard of it.'
Oh well if the NSA said it…
Treason
Not to hijack the thread (NSA pinkie swears) but the IC isn’t my goto for whom to trust. DJB, while not being the best speaker at a party, is pretty spot on. Streamlined NTRU Prime is a looker, but then DH seemed great… until we found out (thanks, Mr. Snowden) that the NSA broke that too.
So, yeah, “quantum” whatever doesn’t really mean anything until algorithms and methodologies either break current ciphers or allow breaking them later. For some things (that FB message to the ex), “later” is meaningless. For others (cryptocurrencies lol, and who shot JFK, etc.) it’s timeless.
This is TD so it’s a bit difficult to separate “Hey, the NSA says we have really great encryption even they [say that they] can’t crack” coming down the line at the same time as the US Earn It Act and the war by the US [and other] government[s] against ALL encryption because CSAM or War-on-drugs or whatever ExcuseOfTheDay to ban encryption.
Previous poster:
It’s great to quote the Constitution, and I’m sure Sam Alito thanks you, but codified law comes first.
One more definition to help out:
https://www.law.cornell.edu/wex/treason
A sworn-in government actor who participated in preventing the lawful process of the United States government, in order to prevent his lawful ouster, colluded with countries that are against the US in order to keep that office in US is pretty much boilerplate Trump and treason.
OB Chilling Effect: When last I said in a public forum that Trump should be removed, I did get that FBI “discussion” in person. Great to speak one’s mind on TD… until THAT call.
NSA's promise
A pinky swear, I’m sure
Reminds me of those hyper religious kids who talk their girlfriend into dippin… they end up as parents.
too stupid to know better.
the US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.
funny…..
just give it to a high school computer geek and wait 3 days! it will get cracked……
so you want encryption....
sure….. you can have all the encryption you want! as long as you give us a copy of the key……no backdoors needed!
i can already see how this would play out. it will start out with a 4th amendment fallacy. that lie enforcement will need a rubberstamped warrant to use the key. then after awhile laziness will kick-in and they neglect to even bother with a warrant. then to chisel away at the warrant requirement, will cry that it takes too long and they need access now! no more 4th amendment protection!
Who to trust?
Can’t trust anyone with a vested interest to bypass the very security measure they designed and keep it secret.
NGO of security researchers & experts in the field, that will have its work heavily audited by the community for quite a long time, is the only one i would trust handling that work.
HMAC
HMAC is quantum proof.
Surely this is more than just spying. On it’s own maybe you might have an argument. But look at the total picture. It’s breath-takingingly insane. It’s criminal; it’s also immoral because the US also constantly takes the high moral ground. Moral rot and decay has set in the fabric of America and this is now coming to the surface. So, no I have to disagr
If you mean, ‘apart from GCHQ…. no-one is spying on the US’, then i’d guess yes. Yes they are. At each and every US consulate and embassy, there will be listening posts set up by the host country.
The US is slowly becoming the world’s scariest rogue state it professes for others.