Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: NSA

The Cost of Safety

Though almost every American instinctively cringes at the mention of government limiting freedoms and invading privacy, I believe that often this invasion of privacy is a necessary evil to ensure safety. By limiting the DES, or Data Encryption Standard, to 56 bits or less for civilian business use, the NSA ensured that they would be able to crack an encryption through brute force if needed. Though this meant that businesses would be less secure, it also meant that the NSA would be able to investigate any dubious behavior by cracking the encryption. This is only a small example of the greater debate of privacy vs security. Unfortunately, it is almost impossible for a government to ensure both privacy and security; one must be greater than the other.

“Privacy” by Alan Cleaver

Though the business encryption of 56 bits is less secure than it could be, Singh states that 56 bits would be almost impossible for any civilian computer to brute-force break (250). Though some might argue that civilian computer power has increased to be able to break 56 bit encryption and the NSA has left businesses vulnerable, this is not true. Within the U.S., there is no restriction on the level of cryptography that one can use, and the only restrictions lie on exporting cryptography (Johnson 2002). This is because the NSA needs to be able to break encryption from possible terrorists or other groups that might want to harm the U.S. The government has even realized the weakness of DES and has encouraged a new encryption system called Advanced Data Encryption that can use up to 256 bits instead of 56 (Institute 2001). By increasing the standard encryption level, the NSA has shown that they are working to promote security for civilians, not intentionally limiting security to put people in danger.

A small amount of limiting of security, though it may put companies at risk, is a small price to pay to allow the NSA to, if necessary, break the encryption of data that would help protect the U.S. from a disaster that would cost lives. Though a break in security at a large company might cost them millions of dollars, the cost of lives lost from not being able to decrypt data is priceless.

Johnson, M. (2002, October 14). Where to Get PGP. Cryptography.org. Retrieved November 5, 2012, from http://www.cryptography.org/getpgp.htm#IS_PGP_LEGAL_

Institute of Standards and Technology. (2001, November 26). Federal Information Processing Standards Publication 197. Csrc.nist.gov. Retrieved November 5, 2012, from csrc.nist.gov/publications/fips/fips197/fips-197.pdf

The Invisible Hand of the NSA

In the 1970’s, Internet was still new technology and cryptography was not even considered a legitimate field of mathematics. Cryptography was considered a pen and paper tactic for wartime security and the general public was not equipped to apply any sort of cryptography to computer technology. In the United States, cryptography was solely researched and discussed by the National Security Agency (NSA).

In this regard, the NSA wielded a considerable amount of knowledge and power. The National Bureau of Standards issued a request to the public for an encryption algorithm that would be made available to the public as a free encryption standard. The IBM labs answered this request by producing the Data Encryption Standard (DES). Of course, the DES needed to be reviewed and looked at by an outside company. The NSA was uniquely qualified and highly equipped to respond to this request. When presented with the DES, the NSA decided to abuse their power and alter the algorithm slightly and shrink the key size to half its original size, thus making the algorithm more susceptible to decryption.

People were outraged by the NSA’s ability to have an “invisible hand” in public security systems. The strength of any given cipher is directly related to the key length and the quality of the algorithm or mathematics. Thus, by shrinking the key length, the NSA intentionally weakened the DES. The NSA did the public a huge disservice by not presenting the most secure algorithm available. The NSA clearly overstepped their boundaries by tampering with the efficiency of the algorithm when their task was to analyze it and improve it. As opposed to improving it, the NSA selfishly left the algorithm at a stage simplistic enough that they could break it.

The NSA’s actions were unjustified and did not have the public’s best interest in mind. The NSA purposefully limited technological advancement and allowed the public to send confidential information utilizing an algorithm lacking optimal security.

http://news.cnet.com/Saluting-the-data-encryption-legacy/2010-1029_3-5381232.html

Image: “National Security Agency Seal” by DonkeyHotey, Flickr (CC)

Sufficiently Safe

Although it is fair to say that businesses were forced to rely on security that was less than optimal, the security they were using was more than sufficient. The Data Encryption Standard (DES) has a maximum amount of keys of around 100,000,000,000,000,000. This is referred to as 56 bits because when it is written in binary, it consists of 56 digits. Although there is a cap to the amount of keys that can be used, the number is large enough that no civilianwould have a computer powerful enough to determine which key was used. The NSA, which has the most powerful computing abilities in the world, is able to determine which key is used.

I believe that the NSA is justified in doing this because I believe that the NSA has the country’s interests in mind. The DESis secure enough to prevent anyone with malicious intentions from deciphering a message; therefore it is affective. The NSA should have the ability to decipher something if it is a matter of national security.

It is comforting to know that in the most dire circumstances, high ranked officials in our nation’s government, who vow to protect all of us, have the ability and access to great resources to do whatever it takes to do so.

Limiting Lucipher

I believe that the NSA was justified in limiting the strength of the Data Encryption Standard (DES) so that they would be able to decipher any message that was sent using Lucipher. Lucipher was a complicated encryption system that relied on a keyword made up of numbers. The number of possible keys and the length of time it takes to crack the cipher text are positively correlated. Therefore, when the NSA limited the number to 100,000,000,000,000,000 keys, they made it so “…no civilian organization had a computer powerful enough to check every possible key within a reasonable amount of time” (250). It only makes sense that the leading security agency of a country should be able to decipher any message sent or received along its territory. This is for the good of the country and provides protection from possible attacks or illegal operations.

I think that as long as a secure standard is in use, there should be someone overlooking this, even though I am not in favor of the “Big Brother” type of government at all. Some may argue that this limit the NSA implemented also limits the advancements that can happen in cryptography, but the present advances in cryptography are all the proof needed against this.

Simon Singh, The Code Book

Weakening the Lucifer: An Abuse of Power

Not all ciphers are created equal. Some are mathematically simple and easy to crack while others are seemingly secure but impractical to use. Then there are the ciphers that are mathematically secure but watered down to be breakable. The Lucifer cipher, created by Horst Feistel in the 1970s, was a secure cipher algorithm that was intentionally weakened so that it could be broken by the government.

The National Security Agency limited the Lucifer cipher to 100 quadrillion keys. This number is extremely large, but the NSA wielded enough computing power to try all the possible keys used to encrypt a message and decrypt the message by finding the correct key. They argued that the encryption was still secure because only the NSA had the computing power to find the correct key, which meant that the cipher could be used for commercial purposes without being broken by rival companies (Singh 250).

The action taken by the NSA to inhibit the Lucifer cipher was unethical and unjustified. Lucifer had the potential to be genuinely unbreakable using available technology if the number of possible keys was unlimited. If the technology is available to generate an unbreakable cipher, then people should have the right to use it without having to use a modified governmental version of it. The argument that the cipher was secure to all computers except those of the NSA is inherently flawed. Even though the NSA may have the most powerful computers at a given time, they may not necessarily keep that status. If they do not even have the capability to develop the Lucifer cipher on their own or to develop the tools necessary to break it, they most likely will be behind in computer development as well. Moore’s law suggests that computing power increases exponentially (cnet.com), and at this dramatic rate of increase in technological progress, the NSA cannot guarantee that they will be the only ones able to break the cipher. They are jeopardizing commercial communications by granting themselves access to the cipher.

Parallels can be drawn between the NSA’s actions and an economic monopoly.  The NSA wants complete control over this cipher, so it weakens the cipher to a level that only the NSA’s computers can break. In a monopoly, one business eliminates their competition in a region so they raise prices without fear of losing customers (econlib.org). The government is abusing their power by purposely lowering the security of a cipher that millions of people depend on. If they want to decrypt messages, they should exploit potential weaknesses using cryptanalysis. Weakening the cipher is like changing the rules in the middle of a pokergame to give one person an advantage: it’s cheating.

Simon Singh, The Code Book

http://news.cnet.com/FAQ-Forty-years-of-Moores-Law/2100-1006_3-5647824.html

http://www.econlib.org/library/Enc/Monopoly.html

Image: “All In!” by Eduardo Carrasco, Flickr (CC)

The Availability of Ingenuity

I’m a staunch supporter of sharing information. In fact, I believe that patents should have a quicker expiration date (especially in fields where innovation moves very rapidly). Consider this: a patent filed in 1993 for a particular style of trackball mouse would still be in effect until next year. However, the vast majority of us do not utilize such hardware anymore.

What does this have to do with the NSA restricting the strength of encryption available to businesses? Without equal access to innovations and information, there is a lag between discovery and improvements. If everyone has equal access to information, there is a greater chance that breakthrough ideas will emerge. This simple principle is demonstrated by Singh’s description of the development of our modern encryption techniques. Because information was shared among different groups, a team tackled one security problem (key distribution) while another group on the other side of the United States worked on another issue (one-way encryption functions).

by Nick CarterBeyond this fact, there is the consideration that the NSA was effectively lying to the public about security. The NSA wanted to promote DES as a universal standard of secure communication. However, they made provisions to keep it from being as secure as it could be. In effect, the NSA was convincing businesses that DES offered adequate protection of corporate secrets. This sort of repression of information brings to mind “Big Brother” and “doublethink” in a realization of George Orwell’s intrusive government.

I can see no rationale adequate enough to justify the NSA’s paranoia. Their attempt to keep  the public’s secrets under their thumb was a bad idea.

Photo: Broken Rusty Lock by Nick Carter

Settling at 100,000,000,000,000,000

The National Security Agency’s request to have a standard encryption system for businesses to communicate with one and other is a controversial topic, yet definitely justifiable. Horst Feistel developed the Lucifer system, which was known to be one of the strongest encryption products. In fact it was too strong to be adopted by the National Security Agency (NSA) because it had too many possible keys. Once the NSA decided to limit the number of keys to 100,000,000,000,000,000, it was officially chosen to be the NSA’s standard program and renamed the Data Encryption Standard (DES).

The point of encrypting codes is to hide information for the intended recipient’s eyes only. Thus one can imagine that businesses would be angry at the NSA’s decision to use DES, which ensures that they can break any possible code. However, it is justified because “the same message can be encrypted in a myriad of different ways depending on which key is chosen” (249). Had the businesses only been able to use one designated key, complaints would be understandable. However, there are 100,000,000,000,000,000 different keys to choose from. Although one can object that the NSA lowered the number of possible keys to weaken the cipher, you can further justify their decision. The number of possible keys they decided on is secure because “within the civilian community, […] no civilian organization had a computer powerful enough to check every possible key within a reasonable amount of time” (250). Therefore the NSA is the only source that can hack into a company’s information.

 

The Lucifer Controversy

My Calculus professor always says, “If you’re trying to dig a small hole in your backyard, you don’t bring in a bulldozer. It’s costly and it’s inefficient. You just take out a shovel and get the job done.” What she basically means is that if you have a small task, you use small tools, and if you have a big task, you use big tools. The same applies to the commercial use of cryptography.

In the 1970’s, businesses were looking for a secure method of encryption that they could rely on to communicate confidentially with one another (Singh 248). Lucifer, which was generally regarded as one of the strongest commercially available encryption systems, was a candidate for the standard (Singh 249). Before Lucifer was officially adopted as the Data Encryption Standard, the NSA limited the number of possible keys, just to the point that no civilian computer could feasibly crack the encryption (Singh 250). This provided businesses with just the right amount of security they needed to conduct their communications.

There are two other reasons that justify the NSA’s actions. The first is that a country’s security agency should have the strongest available encryption system and limiting the number of keys available to the public enabled it to do so.  The second is that public use of this system would compromise the NSA’s operations. For example, if businesses were using an unlimited Lucifer system, then it would be in the interest of many individuals and organizations to crack the encryption system. However, if the NSA were the only body using the encryption system, then less people would be interested in cracking it, thus providing the NSA with more security.

Illegal Cryptography is Illegal Mathematics

The excerpt in Doctorow’s Little Brother that caught my attention the most and interested me was the very beginning of Chapter 17. Mathematics is an integral part of our society and the technological advances behind its development. Also, isn’t Cryptography just another application of math? So when Doctorow explained that the “government classed crypto as a munition and made it illegal for anyone to export or use it on national security grounds,” it jumped out to me how ridiculous this statement was. The thought of having “illegal math” is like throwing people in jail because they were thinking creatively. The NSA has a standard maximum strength cipher and no one was allowed to create a cipher stronger than that standard. When a graduate student may have created a possible cipher in a paper, the NSA decided to ban the publishing of this paper. Reading about this in Little Brother made me realize the extent of our freedom of expression nowadays. If these crypto wars in the 19th century continued and the government prevailed, then modern advancements in technology would have never have even happened. I believe that we depend more on free cryptography than we may realize because it spawns innovative thinking and creations.

Page 3 of 3

Powered by WordPress & Theme by Anders Norén