Skip to main content
SpringerLink
Log in

NSA and Dual EC_DRBG: Déjà Vu All Over Again?

  • Article
  • Published:
The Mathematical Intelligencer Aims and scope Submit manuscript

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

References

  1. Daniel Bernstein v U.S. Department of State, 922 F. Supp. 1426, 1428 30 (N.D. Cal. 1996).

  2. Bernstein v U.S. Department of State 176 F. 3d 1132, 1141, rehearing en banc granted, opinion withdrawn, 192 F. 3d 1308 (9th Cir. 1999).

  3. Bigo, Didier, Gertjan Boulet, Caspar Bowden, Sergio Carrera, Julien Jeandesboz, and Amandine Scherrer, “Directorate-General for Internal Studies, Policy Department C: Citizens Rights and Constitutional Affairs, Fighting Cybercrime and Protecting Privacy in the Cloud, Study for the European Parliament,” Oct. 2012; http:// www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/study_cloud_/study_cloud_en.

  4. Bogdanov, Andrey, Dmitry Khovratovich, and Christian Rechberger, “Biclique Cryptanalysis of the Full AES,” Advances in Cryptology ASIACRYPT 2011, Lecture Notes in Computer Science Volume 7073, 2011, pp. 344-371.

  5. Boneh, Dan, “Twenty Years of Attacks on RSA,” Notices of the American Mathematical Society, Vol. 46, No. 2, February 1999, pp. 203–213.

  6. Brown, Daniel, “Conjectured Security of the ANSI-NIST Elliptic Curve RNG,” IACR Cryptology ePrint Archive 2006: 117, March 29, 2006.

  7. Campbell, Duncan, “Interception 2000: Development of Surveillance Technology and Risk of Abuse of Economic Information,” Report to the Director General for Research of the European Parliament, Luxembourg, April 1999.

  8. Checkoway, Stephen, Matthew Fredrikson, Ruben Nierderhagen, Adam Everspaugh, Matthew Green, Tanja Lange, Daniel Bernstein, Jake Maskiewisicz, and Hovav Shacham, “On the Practical Exploitability of Dual EC in TLS Implementations,” USENIX Security 2014, https://www.usenix.org/conference/ usenixsecurity14/technical-sessions/presentation/checkoway.

  9. Committee on National Security Systems Secretariat, National Security Agency, “National Policy on the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information,” Policy No. 15, Sheet No. 1, June 2003.

  10. Committee on Responding to Section 5(d) of Presidential Policy Directive 28: The Feasibility of Software to Provide Alternatives to Bulk Signals Intelligence Collection; National Research Council, Bulk Collection of Signals Intelligence: Technical Options, National Academies Press, 2015.

  11. Coppersmith, Don, “The Data Encryption Standard and Its Strength Against Attacks,” IBM Journal of Research and Development, Vol. 38, Issue 3 (1994), pp. 243–250.

  12. Dam, Kenneth and Herbert Lin (eds.), Cryptography’s Role in Securing the Information Society, National Academy Press, 1996.

  13. Diffie, Whitfield and Martin Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory, Vol. IT-22 (November 1976), pp. 725–736.

  14. Diffie, Whitfield and Susan Landau, “The Export of Cryptography in the 20th Century and the 21st,” The History of Information Security: A Comprehensive Handbook, Karl De Leeuw and Jan Bergstra (eds.), Elsevier, 2007, pp. 725–736.

  15. Electronic Frontier Foundation, Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design, OReilly and Associates, 1998.

  16. Ellard, George, Inspector General, National Security Agency, Letter to Senator Charles Grassley, September 11, 2103, https:// www.nsa.gov/public_info/press_room/2013/grassley_letter.

  17. Ellis, J. H., “The History of Non-Secret Encryption.” See https://cryptocellar.web.cern.ch/cryptocellar/cesg/ellis.pdf.

  18. Faurer, Lincoln, Letter to Dr. William LeVeque, Notices of the American Mathematical Society, Vol. 29, No. 4, June 1982, pp. 322–323.

  19. Foerstal, Herbert, Surveillance in the Stacks: the FBIs Library Awareness Program, Greenwood Press, New York, 1991.

  20. Gellman, Barton and Ashkan Soltani, “NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say,” Washington Post, October 30, 2013.

  21. Gjøsteen, Kristian, “Comments on Dual EC_DRBG/SP 800–90 Draft December 2005,” March 16, 2006.

  22. Goldsmith, Jack, Transcript of Frontline interview, PBS, August 22, 2007, http://www.pbs.org/wgbh/pages/frontline/cheney/ interviews/goldsmith.html.

  23. Green, Matthew, “The Many Flaws of Dual EC_DRBG,” A Few Thoughts on Cryptographic Engineering (blog), September 18, 2013.

  24. Hoffman, Kenneth, “Federal Support—Where Do We Stand?,” Notices of the American Mathematical Society, Vol. 30, No. 3, April 1983, pp. 300–301.

  25. Johnson, Thomas R., United States Cryptologic History: The NSA Period, 1952-Present. Volume 5: American Cryptology during the Cold War, 1945–1989; Book III, Retrenchment and Reform: 1972–1980, Center for Cryptologic History, National Security Agency, 1995. Note: The version with the quote regarding DES appears in a Cryptome FOIA request; see http://cryptome.org/0001/nsa-meyer.htm. Earlier released versions have that aspect redacted.

  26. Kelsey, John, “Dual EC in X9.82 and SP 800,” May 2014, http://csrc.nist.gov/groups/ST/crypto-review/documents/dualec_ in_X982_and_sp800-90.

  27. Kerckhoffs, Auguste, “La Cryptographie militaire,” Journal des sciences militaires, Vol. IX, pp. 538, Janvier 1883 and pp. 161191, Fvrier 1883.

  28. Kelsey, John, “Moving Forward with SHA-3,” November 1, 2013, http://csrc.nist.gov/groups/ST/hash/sha-3/documents/ kelsey-email-moving-forward-110113.

  29. Landau, Susan, “Primes, Codes, and the NSA,” Notices of the American Mathematical Society, Vol. 30, No. 1, January 1983, pp. 3–6.

  30. Landau, Susan “Zero Knowledge and the Department of Defense,” Notices of the American Mathematical Society, Vol. 34, No. 1, January 1988, pp. 5–12.

  31. Landau, Susan, “Polynomials in the Nation’s Service: Using Algebra to Design the Advanced Encryption Standard”, American Mathematical Monthly, Vol. 111, 2004, pp. 89–117.

  32. Langenberg, Donald, “Statement of Policy Related to NSF Funding of Cryptologic Research,” Notices of the American Mathematical Society, Vol. 28, No. 1, January 1981, pp. 85.

  33. Laurin, Frederik, “Secret Swedish E-Mail Can Be Read by the U.S.A.” Calle Froste, November 18, 1997.

  34. Menn, Joseph, “Exclusive: Secret Contract Tied NSA and Security Industry Pioneer,” Reuters, December 20, 2014, http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221.

  35. Office of the Inspector General, National Security Agency, Central Security Service, ST-09-0002 Working Draft, March 24, 2009.

  36. Levy, Stephen, Crypto: How the Code Rebels Beat the Government—Saving Privacy in the Digital Age, Penguin Press Science, 2001.

  37. Mayer, Jonathan, “Metaphone: The Sensitivity of Telephone Metadata,” March 12, 2014, http://webpolicy.org/2014/03/12/ metaphone-the-sensitivity-of-telephone-metadata/.

  38. National Security Agency, “Computer Network Operations: SIGINT Enabling,” New York Times, September 5, 2013, http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html.

  39. National Security Agency, “Peeling Back the Layers of Tor with Egotistical Giraffe,” http://www.theguardian.com/world/interactive/ 2013/oct/04/egotistical-giraffe-nsa-tor-document.

  40. National Security Agency, “Tor Stinks,” http://www.theguardian. com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document.

  41. Perlroth, Nicole, Jeff Larson, and Scott Shane, “NSA Able to Foil Basic Safeguards of Privacy on the Web,” New York Times, September 5, 2013.

  42. Perlroth, Nicole and John Markoff, “NSA May Have Penetrated Internet Cable Links,” New York Times, November 25, 2013.

  43. President’s Review Group on Intelligence and Communications Technologies, Liberty and Security in a Changing World, December 12, 2014.

  44. Privacy and Civil Liberties Oversight Board, Report on the Telephone Records Program Conducted under Section 215 of the USA PATRIOT Act and on the Operations of the Foreign Intelligence Surveillance Court, January 23, 2014.

  45. Public Cryptography Study Group, Report of the Public Cryptography Study Group, American Council on Education, 1981.

  46. Rivest, Ronald, Adi Shamir and Leonard Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of the ACM, Vol. 21, No. 2 (1978), pp. 40–47.

  47. RSA, “Sink Clipper” Poster, https://w2.eff.org/Misc/Graphics/ sinkclipper.gif.

  48. “Secret Documents Reveal N.S.A. Campaign Against Encryption,” New York Times, September 5, 2013.

  49. Schrage, Michael, “U.S. Seeking to Limit Access of Soviets to Computer Data,” Washington Post, May 27, 1986, p. A1.

  50. Shumow, Dan and Niels Ferguson, “On the Possibility of a Backdoor in the NIST 800-90 Dual EC PRNG,” Crypto Rump Session, 2005, http://rump2007.cr.yp.to/15-shumow.

  51. Simpson, Jack, Testimony, United States House of Representatives, Committee on Government Operations, Subcommittee, Computer Security Act of 1987, Hearings on HR 145, February 25, 26, and March 17, 1987, One Hundredth Congress, First Session, 1987, pp. 328.

  52. Wertheimer, Michael, “Encryption and the Role of NSA in Internet Standards,” Notices of the American Mathematical Society, Vol. 62, No. 2, February 2015, pp. 165–167.

  53. United States Department of Commerce, National Institute of Standards and Technology, Computer Systems Laboratory, “CSL Bulletin,” http://csrc.nist.gov/publications/nistbul/csl94-11. txt, 1994.

  54. United States Department of Commerce, National Institute of Standards and Technology, Information Security and Privacy Advisory Board, The National Institute of Standards and Technology Computer Security Division: The Case for Adequate Funding, 2004.

  55. United States Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory, Computer Security Division, Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid, “Recommendation for Key Management—Part 1: General (Revision 3),” NIST Special Publication 800–57, July 2012.

  56. United States Department of Commerce, National Institute of Standards and Technology and United States Department of Defense, National Security Agency, “Memorandum of Understanding between the Director of the National Institute of Standards and Technology and the Director of the National Security Agency concerning the Implementation of Public Law 100–235,” March 24, 1989.

  57. United States Department of Commerce, National Institute of Standards and Technology, Information Technology Laboratory, Elaine Barker and John Kelsey, Recommendation for Random Number Generation Using Deterministic Random Bit Generators, Special Publication 800-90, June 2006.

  58. United States Department of Commerce, National Institute of Standards and Technology and United States Department of Defense, National Security Agency, “Memorandum of Understanding between the Director of the National Institute of Standards and Technology and the Director of the National Security Agency concerning the Implementation of the Federal Information Security Management Act of 2002,” December 23, 2010.

  59. United States Department of Commerce, National Institute of Standards and Technology, Report and Recommendations of the Visiting Committee on Advanced Technology of the National Institute for Standards and Technology, July 2014.

  60. United States Department of Commerce, Bureau of Export Administration, Revisions to Encryption Items. 15 CFR Parts 734, 740, 742, 770, 772, and 774, Docket No. RIN: 0694-AC11, Effective January 14, 2000.

  61. United States Congress, Computer Security Act of 1987, Public Law 100–235.

  62. United States Foreign Intelligence Court, Docket Number PR/TT [blanked out], http://www.dni.gov/files/documents/1118/ CLEANEDPRTT%201.

  63. United States Foreign Intelligence Court, “In Re Application for the Federal Bureau of Investigation for an Order Requiring the Production of Tangible Things from Verizon Business Network Services, Inc. on Behalf of MCI Business Services, Inc. D/B/A Verizon Business Services,” Docket BR13-80, April 15, 2013.

Download references

Acknowledgments

I am extremely grateful to Neal Koblitz and Steve Bellovin for reading earlier drafts of this paper and providing extensive comments. I also want to acknowledge the work of Tanja Lange in documenting the complex trail surrounding Dual EC_DRBG. This excellent resource, http:// projectbullrun.org/dual-ec/, provided many source documents to which I referred in this article.

Author information

Authors and Affiliations

  1. Department of Social Science and Policy Studies, Worcester Polytechnic Institute, 100 Institute Road, Worcester, MA, 01609, USA

    Susan Landau

Authors
  1. Susan Landau
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Susan Landau.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Landau, S. NSA and Dual EC_DRBG: Déjà Vu All Over Again?. Math Intelligencer 37, 72–83 (2015). https://doi.org/10.1007/s00283-015-9543-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00283-015-9543-z

Keywords

Search

Navigation