01-14-2015 6:43PM ET
Update 3: Our response has been published in the Notices of the AMS as a letter to the editor.
Update 2: Peter Woit has written a blog post reacting to Dr. Wertheimer's letter in the AMS.
Update: Matthew Green has just written a response to Dr. Wertheimer letter.
In a recent letter to the American Mathematical Society titled 'Encryption and the NSA Role in International Standards', Dr. Wertheimer, a former NSA Mathematician and Research Directer, works very hard to leave the impression that the NSA did not place a backdoor in the DUAL_EC_DRBG algorithm. He never directly says that though because the evidence is so overwhelming to the contrary. Instead he chooses to engage in what can only be called aggressive and willfully misleading:
He produces a history of the development of DUAL_EC_DRBG that neglects any facts about the NSA designing it for the purposes of subverting encryption. He does not mention what internal NSA documents called “a challenge in finesse” to get NIST to accept it1.
To further his deception he never once mentions the overwhelming public evidence provided by Snowden that DUAL EC was intentionally backdoored by the NSA2. He mentions nothing about the 10 million dollars the NSA paid to have RSA make the backdoored algorithm, DUAL_EC_DRBG, the default in RSA's library11. Are such "sins of omission" acceptable behavior by a mathematician in a mathematical publication12?
He suggests strongly, but never says, that the NSA does not backdoor encryption, which we know to be false.
The most problematic is the statement that:
"[..] we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to “undermine Internet encryption.” A fair reading of our track record speaks otherwise." - 'Encryption and the NSA Role in International Standards'
A "fair reading" is a very strange test, but the NSA's advocacy for controlling cryptographic research, subverting internet encryption and sabotaging standards speaks quite clearly towards its broad agenda.
The NSA's own history talks about shortening the DES key length so they could break it3. That is, the NSA willfully created insecure standards. This takes place with the backdrop of the NSA's earlier blacklisting of Feistel (the inventor of DES) so he couldn't find employment researching block ciphers4.
ProPublica quotes an NSA document 'One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,"'7 for the purposes of exploitation. In that same document the NSA discusses their successes in backdooring web and VPN encryption hardware to gain further exploitation capabilities6.
The NSA's own leaked documents clearly shows a broad agenda of undermining internet encryption. Dr. Wertheimer, as both a former Technical Director of NSA’s Signals Intelligence Directorate and former Director of Research at NSA8, must know this.
He concludes his letter with:
"During those formative years I had many opportunities to present results at AMS conferences, and I remember the warm embrace of colleagues who encouraged and supported my studies. I felt then, and I feel now, a connection to the mathematics community that goes beyond scholarship."
He is trying to make fools of that same community which showed him such warmth and friendship. This lack of respect and forthrightness to a community which nurtured him saddens me9. It shows how the NSA's relationship with the Mathematical community is morally corrosive. It turns colleagues, friends and communities into marks10.
'The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.” “Eventually, N.S.A. became the sole editor,” the memo says.' - N.S.A. Able to Foil Basic Safeguards of Privacy on Web ↩
"Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency." - Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security ↩
"NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-Boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64-bit to 48-bits. Ultimately, they compromised on a 56-bit key." Book III: Retrenchment and Reform by Tom Johnson ↩
Some details of this are in An Introduction to Cryptography, Second Edition By Richard A. Mollin ↩
"The Clipper Chip was a chipset developed and promoted by the US Government. It was intended for the implementation in secure voice equipment, such as crypto phones, and required users to give their cryptographic keys in escrow to the government. This would allow law enforcement agencies to decrypt any traffic for surveillance and intelligence purposes." - Crypto Museum Clipper Chip ↩
"(TS//SI//REL TO USA, FVEY) Complete enable for [REDACTED] encryption chips used in Virtual Private Network and Web encryption devices [CCP_00009]" - (U) COMPUTER NETWORK OPERATIONS (U) SIGINT ENABLING ↩
'One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.' - Revealed: The NSA’s Secret Campaign to Crack, Undermine Internet Security ↩
One might excuse his behavior if he was being compelled to testify and the maintenance of the secrecy of this backdoor was of great national importance, but he choose to write his letter to the AMS and the backdoor is already well known. This is merely deceit for the sake of PR. ↩
Consider how the NSA also manipulated NIST to get the backdoored standard approved. Damaging the credibility of an organisation which thought itself a partner of the NSA. ↩
"Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show." - Exclusive: Secret contract tied NSA and security industry pioneer ↩
Would it be acceptable for someone to publish a paper that suggested that there was no primes larger than 5, and wittingly neglected to mention 7? ↩