A proper law

[Brian Gladman]

From: "David Hansen" <davidh@spidacom.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Thursday, March 06, 2003 11:45 AM
Subject: Re: A proper law


> On 6 Mar 2003 at 11:08, Brian Gladman wrote:
>
> > In practice, faced with an abstract data stream encrypted using a
> > modern encryption and authentication mode (e.g. AES-CTR + HMAC
> > -SHA1), there is currently no known practical way of obtaining its
> > unencrypted content without access to the key.
>
> That is of course what people said about some well known earlier
> encryption systems. For years the best people the British had
> despaired of ever breaking Enigma, while at the same time the Poles
> were doing just that. Eventually the Poles told the British (and the
> French) how to do it and people like Alan Turing and Gordon Welchman
> developed the Poles' ideas.

I don't think AES (for example) can be broken without access to keys (AK)
but I agree that I might be mistaken in this claim.

But since I only oppose GAK in situations where AK is necessary for
decryption, I am not sure this possible mistake has any significant impact
on the GAK argument.

> As I understand it brute force attacks against Enigma would still
> have taken a vast amount of time on the computers of the time until
> relatively recently. Stories of covering the moon in computers in
> fact. The key was in being clever, not being intimidated by the big
> numbers and looking at the problem the other way round. This allowed
> the impressive sounding big numbers to be cut down to a size where
> even an electro-mechanical machine could scan the much smaller range
> of possibilities in a relatively short time.

I could write a book on why some rotor machines failed while others remain
strong even today.

But the main lesson I draw from this period is that it is very easy to take
a strong cryptographic algorithm and then undermine its strength by using it
in the wrong way.

> While this may hold no lessons at all for today I would not be so
> sure. I note that in another area, that of genetic "fingerprinting",
> the impressive sounding large numbers are being shown not to be as
> large as proponents claim.

There are lessons - crypto systems rarely fail because the underlying
mechanisms are weak - for the most part they fail because of weaknesses in
the way they are implemented and used.

> > But I very much agree with your view that there is no evidence to
> > suggest that the availability of strong encryption is 'causing the sky
> > to fall in'. After seeking such evidence on a worlwide basis it seems
> > that we have only a very small number of cases where encryption has
> > even been an issue and fewer still where encryption has resulted in
> > law enforcement failures.
>
> After typing my message I went to Dorothy Denning's web site. She
> agrees with you on the small numbers, though points out that they
> might rise in the future. This may or may not be the case, my crystal
> ball isn't good enough, though I'm inclined to agree with her (though
> what I think is hardly earth shattering). However, she points out why
> access to keys is not important.

Dorothy has shifted back and forth on this over the last 10 years.  I was
not aware that she now says that GAK is not important - do you have a
specific reference for her current position on this?

> > GAK in RIPA is an unnecessary and wasteful diversion of effort and one
> > that will consume resources that could be far more effetively used
> > elsewhere.
>
> I suspect that it was partly a dummy, sold to people in order to
> divert them from looking at the other nonsense in RIP.

I hope you are right but I fear that you are not.

    Brian Gladman