Skip to main content

Featured Post

Ed Scheidts Mayan Symbols - Can we solve the puzzle?

In this post I want to talk about a thing from the Kryptos universe that are not directly related to the statue. But i think it may be an indirect hint to some Kryptos related methods. The Mayan Symbols in Ed Scheidts driveway I think everyone who knows Kryptos knows Ed Scheidt. The former Chairman of the Cryptographic Center at the CIA and founder of the cryptosystems used around the Kryptos statue. As already shown in Part 4 of my Kryptos series, in the driveway of Ed Scheidts house, there are two symbols: Figure 1 - Garage driveway of Ed Scheidt We denote the left symbol set with $S_1$ and the right one with $S_2$. It took me a while to find his house on Google Maps - Street View. To save you some time, here is the link with a view on the driveway. I you go back in time in Streetview, you can see that the symbols were already there in 2012. But it is impossible to say when they were built. $S_1$ is clearly visible from the street, $S_2$ is hidden in the view. But you can u...
12 comments

NSA, Decryption and Backdoors

Edward Snowden, a former NSA employee, copied and now is releasing confidential material from internal operations of the NSA and its partners. I don't want do judge his decision to do so, but i want to discuss the information that the NSA can decrypt most of the current internet traffic.

The question that comes up is: How is the NSA able to do this? The cryptographic protocols in question are using hard and well known cryptographic assumptions, e.g., RSA, DH, ECDH etc..., or are based on official and world-wide reviewed scramble routines, e.g., AES. Does the NSA really know much more about cryptanalysis than the rest of the world, especially than its academic counterpart? And if they have secret full blown factoring and discrete logarithm algorithms, why should they pay companies for letting them get access to the user informations? Is it 250 million dollar of distraction money?

Probably not. The NSA has around 40K employees, whereof a large chunk are mathematicians or computer scientists. A lot of these are hired only for special purposes. That is, trying to find some weaknesses in the protocol implementation of xy or trying to optimize the factoring algorithm and its implementation on a special purpose 10 million hardware. They get money for this. And even if they find only a tiny optimization point, its probably worthwhile.

The academic counterpart can not behave equally. Tiny optimization points will not get them a publishable paper, nor can they spent their academic career on just trying to find an algorithm that breaks the discrete logarithm problem. The chances are too high that they will fail and get stuck. You can only behave this way if you are paid for this kind of work and your employer does not (really) care if you are successful or not.

It is believed that the NSA is having a computing power of $\approx 2^{80}$. Hence, this should be the lower bound of any cryptographic algorithm in a security chain in order to establish a secure connection. If you use for example AES-$128$ with preplaced keys for your phone encryption, then NSA must have a technique to reduce the complexity of an attack by $48$-bit before they could successfully apply their breaking-algorithm. As i know, the best algorithm for full-round AES is the Biclique attack [1] and it reduces the complexity by around $2$ bits. So the NSA has to jump $46$-bit ahead of academic research. I don't think that this is possible.

But what strikes me most is not that they pay companies for information or that they might have improved some cryptanalysis algorithms. It is that they could have brought weaknesses into some international standards that will and are probably implemented by the rest of the world. Read for example the old story of the A5/2 GSM algorithm.

Furthermore, the NSA is also able to push a certain technique into the markets if they see some potential benefits (or hidden weaknesses). See for example the blog post of Bruce Schneier, where he states:

Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily. Bruce Schneier

Do they know more about elliptic cryptography than we do? Could we trust the elliptic curves that are published by the NIST or are they chosen in some special way? I am very concerned about this kind of questions, since even if a company does everything right and closes all doors, they are still vulnerable since they trusted and chose the wrong standard.

See also the article from the Crypto Rump-Session [2] and the article from NIST itself, where they recommend not to use its own standard [3].

[1] Andrey Bogdanov, Dmitry Khovratovich, Christian Rechberger: Biclique Cryptanalysis of the Full AES. In: ASIACRYPT 2011 (Lecture Notes in Computer Science. 7073). Springer, 2011, 344−371

Related Posts:

Labels:

Comments

Post a Comment

Popular posts from this blog

Kryptos - The Cipher (Part 4) - Correctly positioned decryption of the word BERLIN

EASTNORTHEAST - This is not exactly the hint Jim Sanborn (JS) gave for K4 on the 29th of January this year. He only gave NORTHEAST - which refers to the positions 26-34 of K4's plaintext.  Beside BERLIN and CLOCK it is the third revealed plaintext word of K4. However, also this hint does not seem to help much.  However, it just so happened, that a member in the yahoo kryptos group had a conversation with Jim Sanborn due to a submitted solution. Sandborn's answer to the question contained again the last clue which surprisingly was EASTNORTHEAST at position 22-34. Jim Sanborns compass rose at CIA There is disagreement if Jim revealed this on purpose or he did it accidentially, but the new extended clue seem to be serious and valid.Interestingly, EASTNORTHEAST is exactly the direction which is illustrated on the compass rose on one of the stones around kryptos, also created by Jim Sanborn. Actually, i dont really kn...
116 comments
Read more

Kryptos - The Cipher (Part 1) - Introduction

Introduction. Since I think that KRYPTOS does not need any introduction, I will only give you a brief description of one of the most famous and only partially solved ciphers known today: KRYPTOS - Von Jim Sanborn - Jim Sanborn, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=8253447 KRYPTOS was constructed in Nov. 1990 on the ground of the CIA Headquarter in Langley, Virginia by Jim Sanborn It contains 4 ciphers (K1,K2,K3,K4) on its left side and some kind of Vigenère-Table on its right side K1, K2 and K3 were solved by James Gillogly in 1999. Afterwards, the CIA and later the NSA claimed that they had a solution to the first three ciphers at an earlier point in time Ed Scheidt, a cryptoanalyst and former director of the CIA, gave Sanborn the input of possible cryptographic techniques to use K1 is a variant of the Vigenère-Cipher (Quagmire 3) with the codewords KRYPTOS and PALIMPSES...
7 comments
Read more

Kryptos - The Cipher (Part 3)

This post is about is more or less a collection of several approaches and facts that has been said as well as some speculations. B-ary integer representation According to [1] during a Question and Answer round, Jim Sanborn was asked again about the hint BERLIN. The question was if N decodes to B, Y decodes to E, etc, etc. and Jim confirmed it does. Emphatically . It is written, that Jim Sanborn rattled through the entire crib: \begin{align}   \texttt{N} &\stackrel{\text{decode}}{\rightarrow} \texttt{B} \\   \texttt{Y} &\stackrel{\text{decode}}{\rightarrow}  \texttt{E} \\   \texttt{P} &\stackrel{\text{decode}}{\rightarrow}  \texttt{R} \\   \texttt{V} &\stackrel{\text{decode}}{\rightarrow}  \texttt{L} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{I} \\   \texttt{T} &\stackrel{\text{decode}}{\rightarrow}  \texttt{N} \end{align} When the same q...
1 comment
Read more