1993-09-19 - Re: NIST proposes software key escrow development

Header Data

From: doug@netcom.com (Doug Merritt)
To: cypherpunks@toad.com
Message Hash: 8c1014c475c6fdbc6b621b4f0c5699a785354f91676d99d31939a87974deac22
Message ID: <9309190211.AA17219@netcom.netcom.com>
Reply To: N/A
UTC Datetime: 1993-09-19 02:15:38 UTC
Raw Date: Sat, 18 Sep 93 19:15:38 PDT

Raw message

From: doug@netcom.com (Doug Merritt)
Date: Sat, 18 Sep 93 19:15:38 PDT
To: cypherpunks@toad.com
Subject: Re: NIST proposes software key escrow development
Message-ID: <9309190211.AA17219@netcom.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain

an12070@anon.penet.fi said:
>I think it would be utmost folly for software developers to work with the NIST
>and NSA on this or invest any time or capital.

Clearly this is true for cypherpunk sw developers, but others see an
opportunity to make some bucks.

>The fundamental 
>requirement for NSA approval is the implementation of Skipjack in 
>*software* in such a way that the algorithm is *protected* like it is in 
>the booby trapped Clipper chips-- that is, impossible to deduce.
>But this appears to be complete *fantasy*. Any such system must rely on
>some kind of a hardware approach.

Not necessarily. Zero knowledge proof techniques, for instance, can be
applied to make source code as impenetrable as one wishes. This tends to
carry a heavy runtime overhead, of course.

And even hardware solutions can be reverse engineered. In fact, it's
guaranteed to happen eventually. Triple layer metal interconnect chips
can be selectively peeled via ion beam etching to reveal them to scanning
tunneling electron microscope probing. Camouflage in the form of unnecessary
functional units that mask actual operation can be uncovered by data flow
analysis. Such a project would be extremely expensive...but someone will
eventually do it. The Mafia or the KGB, for instance, if no one else.

>Doesn't anyone have the faint glimmer of the idea that NSA, the *premier*
>cryptographic agency in the *world*, with unsurpassed technological and
>engineering prowess in the area, would have already *figured out* how to do 
>this if it was *at all* feasible?

I think everyone assumes that the NSA is technologically several steps
ahead of the game at all times, and clearly they have their own agenda.
Some people just don't see their hidden agendas as threatening. C'est
la vie. I think it makes for a very interesting chess game, myself. The
NSA is attempting checkmate, but they're not strongly enough positioned
to do so. In chess parlance, it's a bluff, but one with enough steel behind
it to force a response, which gives them a minor but real tactical advantage.
The obvious counter-response is to advance a pawn towards queening...which
is already in progress.

I'm reasonably happy with what the NSA appears to be doing in regard to
foreign intelligence gathering; it's their domestic agenda that threatens
the constitution. But that's in the nature of spook organizations.

"Eternal vigilance is the price of liberty."