Just to expand on today’s brief discussion of the rather circular nature of government support for cryptographic software (and to a lesser extent, new technology in general):
- 1976: After the NBS (National Bureau of Standards) consulted with the NSA, the NSA made a slight modification to the forthcoming DES standard. For years there was significant academic suspicion that the NSA had weakened DES; in fact, they had strengthened it against an attack called “differential cryptanalysis” — a technique that wouldn’t be widely known in academic circles until the late 1980s.
- 1976: The Arms Export Control Act of 1976 is passed, making exporting cryptography that’s too good, as it were, equivalent to exporting munitions.
- 1991: Phil Zimmermann published online and for free PGP, a cryptosystem used to encrypt email (ensuring both privacy and lack of tampering). This would lead to a three-year criminal investigation against him under the 1976 Act.
- 1993: The Clipper chip was announced by the NSA. It would use what is — to the best of my knowledge — a secure cipher (Skipjack) to encrypt voice communications. However, there was a built-in backdoor in Clipper that allowed Skipjack to be “bypassed”, allowing for monitoring of seemingly secure voice communications. The project was abandoned by 1996.
- 1996: NIST (the National Institute of Standards and Technology) begins a massive search for a new cipher to standardize on (competition style!), to replace the aging and increasingly insecure DES. In 2001, Rijndael was announced as the new standard and named AES. To this day, it remains one of the most thoroughly tested and widely used ciphers, and is believed to be secure.
- 2007: NIST begins another competition to replace the now insecure SHA-1 hash, as well as the seemingly secure (but worryingly similar-in-design to SHA-1) SHA-2 family of hashes with a new standard. After a similar intensive search, Keccak was chosen. A few minor variations were made to Keccak to make it more flexible (nothing sinister). The revised version is expected to be named as SHA-3 pretty much any day now.
- Which brings us to now, and our talk today in class.
Back and forth, eh? And I’m sure there are lots more examples of help it / destroy it / help it / destroy it when it comes to cryptography!