Democratic congressman Alan Grayson, who serves on the Science, Space, and Technology Committee in the US House of Representatives, has written a letter to Director of National Intelligence James Clapper. It requests answers related to how the NSA has weakened encryption standards.
As ProPublica and The New York Times reported in September 2013, documents from NSA whistleblower Edward Snowden showed the National Institute of Standards and Technology (NIST), the US’s “encryption standards body,” had adopted a standard in 2006 that contained a “fatal weakness,” which the NSA had developed. The standard was then aggressively pushed so the International Organization for Standardization, which has 163 countries as its members, would adopt the intentionally flawed standard.
Grayson was fairly specific in his questions. He asked in his letter [PDF] if the NSA had generated “parameters of Dual_EC_DRBG.”
“From 2005-2007, outside cryptographers raised the possibility that NSA introduced a ‘trapdoor’ (i.e. knowledge of the mathematical relationship between the elliptic curve points (P,Q)) into his generator.”
“Did NSA introduce such a trapdoor?” Grayson asked. “If NSA did not explicitly introduce such a trapdoor, did NSA also take measures to ensure that in generating these parameters it could not inadvertently have access to a trapdoor?”
For those wondering what this question means, Nick Sullivan, who worked for six years at Apple on cryptography before becoming a part of CloudFlare, wrote a “primer” addressing the issue with Dual_EC_DRBG.
Dual_EC_DRBG is an algorithm. It was the “default random number generator for several cryptographic products from RSA, a computer and network security company. RSA was apparently paid $10 million by the US government allegedly to use this algorithm, which was “obscure and widely maligned,” in their “widely distributed products.”
Also, Grayson asked how the NSA has may have generated certain parameters and if the NSA or any intelligence community entity, government contractor or subcontractor has ever “possessed or retained any information that would allow it to predict future outputs of Dual_EC_DRBG, if provided with a selection of output from the generator.”
Why exactly did the NSA promote the standardization of this algorithm? And, Grayson asked, if NSA explicitly requested that subcontractors, such as CygnaCom, “refrain from discussing the generation and provenance” of the algorithm parameters “with government entities, including NIST”?
Previously, NIST’s Visiting Committee on Advanced Technology (VCAT) conducted a review and released a report [PDF] recommending, “Because of NSA’s SIGINT [signals intelligence] mission, NIST should be very careful in its interactions with NSA regarding standards. NIST should draw on NSA’s expertise, but NIST must not defer to NSA on security-relevant decisions. NIST itself, and the cryptographic community that looks to NIST’s standards, must be able to conclude confidently that NSA did not have any opportunity to undermine any NIST standard.”
VCAT concluded that the algorithm at issue here should have raised at least two red flags for NIST. One, it did not “pass statistical tests for randomness.” It was also well-known that there was a “trapdoor possibility.” Yet, NIST still allowed the NSA to make recommendations, which made it possible for NSA to have a trapdoor in the standard. It trusted the NSA “not to create a trapdoor, which was a serious mistake.”
Grayson has introduced an amendment [PDF] to remove the “statutory requirement for NIST to consult with NSA in developing encryption standards.
When the House Science and Technology Committee adopted it in May, Amie Stepanovich of Access, an international human rights mostly focused on digital freedom, concluded that the amendment would “help support data integrity by ensuring that the standards used to protect all internet users are not artificially weakened.”
Official photo of Rep. Alan Grayson and in the public domain.