Army signals security & "Clansmen" series radios

Brian Gladman ukcrypto at maillist.ox.ac.uk
Thu, 7 Sep 2000 11:29:08 +0100 

From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: "ukcrypto" <ukcrypto@maillist.ox.ac.uk>
Sent: Wednesday, September 06, 2000 11:50 AM
Subject: Re: Army signals security & "Clansmen" series radios

[snip]
> One of the interesting points to ponder is whether - and if not why not -
> the diplomats and military have not seized upon the invention of public
> key ciphers, now 30 years old, as the single, simple and secure
> solution to replace other more complex and expensive cipher systems.
>
> It could be interesting to compile, co-operatively, a list here of all the
> various reasons why this might not have happened.

AFAIK no-one deploys public key methods as the single solution to their
cryptographic security needs. Pretty well all the systems that I am aware of
use hybrid approaches.

Government cryptographic R&D organisations have learnt over the past 50
years that fielding truly secure cryptographic systems is very, very hard.
It is relatively easy to build an encryption system that is secure if it is
working as intended and is used correctly but is is still very hard to build
a system that does not compromise its security in situations in which it is
either misused or one or more of its sub-components fails (or is
'encouraged' to misbehave).  IMHO this is now the only area where the closed
world is still a long way ahead of the open world and the many failures we
see in commercial cryptographic systems provide some evidence for this.

When a radical new cryptographic approach is invented we can expect that it
will take about 10 years of intensive research to understand its strengths
and weaknesses at a pure algorithm level. It will then take around 10 more
years to understand how to implement it in a way that can meet the extreme
systems assurance requirements applied to government cryptographic systems.

I would hence expect to see public key approaches invented in the 70s to
start entering service in the 90s (in areas where their attributes match
security requirements).   And this is exactly what has happened - systems
using public key approaches (in hybrid form) were first deployed in the 90s.

   Brian