NIST Says Don't Use our Crypto Algorithm


Related Links

Related Stories

  • NSA to Recommend TPM Standard for Government Use
    The US National Security Agency (NSA) will advise that all IT products purchased by government agencies to protect information on national security systems make use of hardware-based trusted platform module (TPM) chips or security devices.
  • Did the NSA Subvert the Security of IPv6?
    Following the Snowden leaks revealing Bullrun – the NSA program to crack the world's encryption – there is an emerging consensus that users can no longer automatically trust any security.
  • NSA and GCHQ Crack Majority of Encrypted Traffic
    Given the effort taken by the NSA and GCHQ spy agencies to monitor the greater part of the world’s internet traffic, it was never likely that they would simply ignore all of the encrypted traffic. The latest of the Edward Snowden files show that they did not.
  • Black Budget: NSA's Team of Elite Hackers Tasked with 'Sabotage'
    The Edward Snowden leak is the leak that keeps on giving for news organizations, apparently: New documents have been released that detail the National Security Agency and the CIA’s intelligence budget. And, perhaps not surprisingly, it points to the existence of an elite group of government hackers.
  • NSA Revealed Spying on the UN and EU Embassies
    The latest revelations from Edward Snowden published by Der Spiegel and Laura Poitras, the American film maker based in Berlin and visited by David Miranda before his detention at Heathrow, shows extensive and sophisticated NSA surveillance of both the EU and UN organizations in the US.

Top 5 Stories


NIST Says Don't Use our Crypto Algorithm

13 September 2013

Standing accused of NSA interference in its processes, and backdoors in its algorithms, NIST now says our crypto standards and processes are sound -- but don't use the elliptic curve algorithm.

Just three days ago, following suggestions emanating from Edward Snowden leaks that the NSA engaged in subverting cryptographic security standards, the US National Institute of Standards and Technology (NIST) issued a statement. "We want to assure the IT cybersecurity community that the transparent, public process used to rigorously vet our standards is still in place.

"NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large." 

But it added, "The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA."

This was widely interpreted as a blank denial that the NSA had interfered with NIST standards. But NIST has possibly changed its stance by announcing that "NIST strongly recommends that [SP 800-90A Dual Elliptic Curve Deterministic Random Bit Generation] no longer be used."

This is a crypto algorithm believed to be described, but not specified, in the Snowden-based Guardian report published last week: "NSA makes modifications to commercial encryption software and devices 'to make them exploitable', and that NSA 'obtains cryptographic details of commercial cryptographic information security systems through industry relationships.'" 

Quite separately, John Gilmore has stated that from his own experience NSA agents have been involved in the IPv6 standards process, and have effectively prevented end-to-end encryption on mobile devices.

The existence of a backdoor in the elliptic curve algorithm has long been known. Microsoft cryptologists Dan Shumow and Niels Ferguson described a possible backdoor in 2007. At the time, Bruce Schneier wrote in Wired, "the algorithm contains a weakness that can only be described a backdoor;" adding, "both NIST and the NSA have some explaining to do."

But it seems that it has taken six years and the Snowden leaks for these concerns to be taken seriously. In reality, NIST has not admitted to a backdoor in the algorithm, and its warning against use of the algorithm makes no mention of the NSA. It has merely said that "recent community commentary has called into question the trustworthiness of these default elliptic curve points," and that because of this "NIST Special Publication 800-90A is being re-issued as a draft for public comment," and "NIST is reopening the drafts of SP 800-90B."

It will be interesting to see whether this process discovers absolute proof of an existing backdoor, manages to remove it, or indicates who was responsible for its inclusion. NIST's credibility is on the line. At the very least, it will need to demonstrate that if it did happen, new procedures will ensure that it can never happen again.

This article is featured in:
Encryption  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×