[146663] in cryptography@c2.net mail archive
Re: [Cryptography] Opening Discussion: Speculation on "BULLRUN"
daemon@ATHENA.MIT.EDU (James A. Donald)
Fri Sep 6 13:21:46 2013
X-Original-To: cryptography@metzdowd.com
Date: Fri, 06 Sep 2013 22:24:32 +1000
From: "James A. Donald" <jamesd@echeque.com>
To: cryptography@metzdowd.com
In-Reply-To: <E8D8B9A9-38FF-4F6C-BC3D-94F52CFD2B93@lrw.com>
Reply-To: jamesd@echeque.com
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On 2013-09-06 12:31 PM, Jerry Leichter wrote:
> Another interesting goal: "Shape worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities being developed by NSA/CSS." Elsewhere, "enabling access" and "exploiting systems of interest" and "inserting vulnerabilities". These are all side-channel attacks. I see no other reference to "cryptanalysis", so I would take this statement at face value: NSA has techniques for doing cryptanalysis on certain algorithms/protocols out there, but not all, and they would like to steer public cryptography into whatever areas they have attacks against. This makes any NSA recommendation *extremely* suspect. As far as I can see, the bit push NSA is making these days is toward ECC with some particular curves.
The mathematics of ECC is such that one would expect that curves with
backdoors that are difficult to find, or impossible to find except
through construction, exist.
Therefore, one should never employ a particular curve recommended by
NSA, but rather a random or arbitrary curve.
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography