Snarky 1992 NSA Report on Academic Cryptography

The NSA recently declassified a report on the Eurocrypt '92 conference. Honestly, I share some of the writer's opinions on the more theoretical stuff. I know it's important, but it's not something I care all that much about.

Posted on November 18, 2014 at 10:50 AM • 12 Comments

Comments

Dogma PoliceNovember 18, 2014 11:31 AM

"(he still wears a pony-tail)"
This reminds me of GCHQ's old reports on Eric Hobsbawm, the British historian: "He dresses and looks like a communist".

PhilosopherNovember 18, 2014 11:45 AM

"I know it's important, but it's not something I care all that much about."
We, in turn, do not care much about what you care about.

On a more serious note, I think Scott Aaronson hits the nail on the head when he says that these are essentially two different communities with different goals and research interests. The academics are interested in problem solving, concepts and general phenomena, the NSA was there to leech ideas, throw a spanner in the works if/when necessary and tick the right boxes on their report.

AlanSNovember 18, 2014 11:54 AM

The NSA stinks at redaction or the person doing the redaction disliked the author. See earlier discussion here.

EnterNovember 18, 2014 12:02 PM

@AlanS: Can't blame him for disliking the guy. What an opinionated douche-bag! My favorite part of the blog is when Aaronson points out that the research dismissed by the NSA agent as "silly" eventually won three Turing prizes.

IncredulousNovember 18, 2014 12:11 PM

It all sounds interesting and significant to me. This is where advances in cryptography come from: The fundamentals.

If the NSA still has this orientation it must be a surprisingly weak opponent, relying on brute-force and burying itself in more data than it can understand.

A hypothesis:

"Totalitarian mentalities will generally be at a disadvantage to tolerant ones."

Seems likely, but there is probably little agreement on what "totalitarian" means, or even "advantage". Skeptical probably would place me higher on the totalitarian scale than himself. And I'm sure he wrings some advantage from his views.

Maybe a group effect:

"Group mentalities will generally create fewer new and useful ideas than independent ones."

Any traction?

Whether the NSA is strong or not is also hard to assess. It does seem to be a screw up from at least 9/11 on. But an acquaintance who claims to have worked there in the 60s says that it almost always achieves its aims, and that its apparent failures are in service of a higher level meta-strategy.

MichaelNovember 18, 2014 5:16 PM

I thought this looked familiar. These exact same documents, and some funny excerpts from them, were discussed on this very blog in March 2013 : https://www.schneier.com/blog/archives/2013/03/the_nsas_crypto.html .

It appears that the chain was something like
March 2013 Schneier blog post => March 2013 comment about review of CryptoLog ( https://www.schneier.com/blog/archives/2013/03/the_nsas_crypto.html#c1243576 )
=> someone else noticed it => someone passed it on =>
=> Scott heard about it and wrote about it on 16 Nov 2014 ( http://www.scottaaronson.com/blog/?p=2059 )
=> Bruce reblogged it on 18 Nov 2014

Raul MillerNovember 19, 2014 12:25 AM

After seeing some of the utter silliness that goes on in corporate contexts, I am not surprised to hear that someone observed some silliness in an academic context. For that matter, I am rather silly myself, all too often.

Ben KNovember 21, 2014 8:45 PM

I think the value of theoretical cryptography research is largely in defining security notions and demonstrating (or ruling out) their feasibility. Knowing what it means for a system to be "secure" is pretty important, especially for distributed systems. We have also seen a number of vulnerabilities resulting from ad-hoc constructions (e.g. SSL), and those are going to become more expensive to deal with as people start connecting thermostats and other hard-to-update devices to the Internet.

So while I can understand someone whose focus is on practical security not being terribly interested in theoretical work (which is often of the form, "New impractical constructions for a system that has no practical implementation!"), I do not think it should be so easily dismissed.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.