{"id":6243,"date":"2013-09-11T17:26:56","date_gmt":"2013-09-11T21:26:56","guid":{"rendered":"http:\/\/www.math.columbia.edu\/~woit\/wordpress\/?p=6243"},"modified":"2013-10-22T12:29:59","modified_gmt":"2013-10-22T16:29:59","slug":"trust-the-math","status":"publish","type":"post","link":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/?p=6243","title":{"rendered":"Trust the math?"},"content":{"rendered":"

The last few days have seen some new revelations about the NSA’s role in compromising NIST standard elliptic curve cryptography algorithms. Evidently this is an old story, going back to 2007, for details see Did NSA Put a Secret Backdoor in New Encryption Standard?<\/a> from that period. One of the pieces of news from Snowden is that the answer to that question is yes (see here<\/a>):<\/p>\n

Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort \u201ca challenge in finesse.\u201d<\/p><\/blockquote>\n

The NIST has now, six years later, put out a Bulletin<\/a> telling people not to use the compromised standard (known as Dual_EC_DRBG), and reopening for public comment draft publications that had already been reviewed last year. Speculation is that there are other ways in which NIST standard elliptic curve cryptography has been compromised by the NSA (see here<\/a> for some details of the potential problems).<\/p>\n

The NSA for years has been pushing this kind of cryptography (see here<\/a>), and it seems unlikely that either they or the NIST will make public the details of which elliptic curve algorithms have been compromised and how (presumably the NIST people don’t know the details but do know who at the NSA does). How the security community and US technology companies deal with this mess will be interesting to follow, good sources of information are blogs by Bruce Schneier<\/a> and Matthew Green<\/a> (the latter recently experienced a short-lived fit of idiocy by Johns Hopkins administrators).<\/p>\n

The mathematics being used here involves some very non-trivial number theory, and it’s an interesting question to ask how much more the NSA knows about this than the rest of the math community. Scott Aaronson has an excellent posting here<\/a> about the theoretical computation complexity aspects, which he initially ended with advice from Bruce Schneier: “Trust the math.” He later updated the posting saying that after hearing from experts he had changed his mind a bit, and now realized there were more subtle ways in which the NSA could have made number-theoretic advances that could give them unexpected capabilities (beyond the back-doors inserted via the NIST).<\/p>\n

Evidently the NSA spends about $440 million\/year on cryptography research, about twice the total amount spent by the NSF on all forms of mathematics research. How much they’re getting for their money, and how deeply involved the mathematics research community is are interesting questions. Charles Seife, who worked for the NSA when he was a math major at Princeton, has a recent piece in Slate that asks: Mathematicians, why are you not speaking out?<\/a>. It asks questions that deserve a lot more attention from the math community than they have gotten so far.<\/p>\n

Knowledgeable comments about this are welcome, others and political rants are encouraged to find somewhere else. There’s a good piece on this at Slashdot<\/a>…<\/p>\n","protected":false},"excerpt":{"rendered":"

The last few days have seen some new revelations about the NSA’s role in compromising NIST standard elliptic curve cryptography algorithms. Evidently this is an old story, going back to 2007, for details see Did NSA Put a Secret Backdoor … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6243","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6243","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6243"}],"version-history":[{"count":8,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6243\/revisions"}],"predecessor-version":[{"id":6361,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6243\/revisions\/6361"}],"wp:attachment":[{"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6243"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6243"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.math.columbia.edu\/~woit\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6243"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}