Whether you use it to protect personal data, protect customer data or secure your communications, cryptography is an integral part of our digital world, but the announcement late in 2013 that NIST is reviewing its standards for cryptography seems to have gone largely unnoticed.
The National Institute of Standards and Technology is an American governmental body that is tasked with creating and maintaining de jure standards.
NIST has brought us such popular hits as:
→ Seeing as NIST is a US-based institution, I opted for non-metric measures. Readers in countries who have adopted the metric system – or as it is also known, the rest of the world* – will be more familiar with the International System of Units.
Standards bodies are indeed important.
Think of all the different parts in a car.
More germane to this discussion on encryption, NIST is responsible for standards like the Federal Information Processing Standards (FIPS) which include the Digital Signature Standard and the Advanced Encryption Standard.
Why the review?
In a statement back in November 2013, NIST shared the following:
Recent news reports about leaked classified documents have caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.
So NIST is stepping up and addressing the public’s concern over the National Security Agency’s (NSA) alleged meddling in cryptographic standards.
From a public relations view, this makes sense.
The standards created and maintained by NIST go into virtually every product we consume today.
Everywhere – from the keys you use to encrypt your email to the switch that carries the packets to the electrical grid that powers the infrastructure.
But has the damage already been done?
NIST officially reports to the US Department of Commerce, but by law it is required to consult with the NSA when drafting new cryptographic standards.
NIST also draws heavily on the NSA’s cryptographers because it simply does not have the in-house resources.
In their excellent book, “Privacy on the Line”, Whitfield Diffie and Susan Landau walk through the history of cryptography and describe in great detail how the NSA was not going to let NIST develop any cryptographic standards without their involvement.
Like it or not, the NSA was going to be involved and was going to be instrumental in creating new cryptographic standards.
So the NSA and NIST are intimately involved in creating cryptographic algorithms. So what?
The relationship is not what makes this troubling but NIST has responded in a manner that suggests it is.
Why should we care?
Our mission is to protect the nation’s IT infrastructure and information through strong cryptography. We cannot carry out that mission without the trust and assistance of the world's cryptographic experts. We’re committed to continually earning that trust.
As response to the Snowden leaks, NIST withdrew one cryptographic standard from public.
It was called the Dual EC DRBG and the allegation was that the NSA had influenced NIST into creating a relatively weaker and flawed pseudo random number generator.
→ I have grossly summarized the problem. If interested, there’s a paper found here that was presented at CRYPTO 2007 conference which explains the problem. Be warned, the math contained in the paper is not for the faint of heart!
In 2013, NIST also came under criticism from cryptographers that Keccak, the winning algorithm in the five-year contest to choose a new secure hashing algorithm (FIPS 180-4) [PDF], had been weakened by NIST in the course of standardization.
Some of these changes were made with the help of the Keccak team and others solely by NIST.
There is no evidence to suggest that the NSA had anything to do with the SHA3 incident but trust has been eroded to the point of non-existence by many in the industry.
The NSA will do what it needs to protect the interests of the United States.
That is neither a judgement nor conjecture.
The fact that NIST and the NSA have and will continue to work closely together is also not conjecture.
The question that remains is this: To the extent that we trust the NSA, do we trust NIST to act in the best interest public at large when it comes to cryptographic standards?
To many, the answer is no.
The thing that rankles many is that NIST has been trusted for a very long time to provide unbiased standards. Even in the realm of cryptography.
AES and SHA are prime examples.
While we may still trust NIST to keep accurate time or provide measurements that ensure curling stones have a diameter no greater than 36 inches (91.44 cm.) and weigh no more than 44 pounds (19.96 kg.) regardless of where the game is played, I’m afraid that for many the ship has sailed on things like cryptography.
There are a good number legacy cryptographic algorithms that have stood the test of time and were not created nor influenced by the NSA.
There are also plenty of brilliant minds working on the next set of cryptographic algorithms and they are doing it in an open, peer-reviewed and collaborative manner.
On 18 February 2014, NIST published a document outlining the proposed changes.
If you find yourself interested in such things, NIST is accepting comments until 18 April 2014.
*Yes, I am well aware of the shunning of the metric system in places like Liberia and Myanmar as well.