A Letter to the AMS

Posted on February 3, 2015 by woit

Leonid Reyzin at Boston University has drafted a letter in response to the recent article published in the Notices by Michael Wertheimer of the NSA (discussed here). He’s collecting signatures, and if you’re a member of the AMS I urge you to consider contacting him and adding yours. If you know others who might be interested in signing, please forward the link to them.

This entry was posted in Uncategorized. Bookmark the permalink.

10 Responses to A Letter to the AMS

  1. Steve Huntsman says:
    February 3, 2015 at 12:28 pm

    NSA strengthened DES against the then-classified technique of differential cryptanalysis by improving the S-boxes. It is not fair to say that NSA weakened DES by reducing its key length without looking at this.

  2. Peter Woit says:
    February 3, 2015 at 12:38 pm

    Steve Huntsman,
    Yes, suspicions about the DES S-boxes turned out to be unfounded (and the NSA via Richard George has used the AMS Notices to suggest that the same is true for DUAL_EC_DRBG). But that this suspicion was unfounded has nothing to do with the DES key length issue mentioned in the letter, where there seems to be no question that the NSA pushed for a shorter key length so that they could break such encryption. Even they haven’t tried to claim that shortening key length was a way to strengthen DES.

  3. Roger says:
    February 3, 2015 at 3:51 pm

    It says “blacklisting an inventor of DES from other cryptography jobs”. Who was that?

    Wikipedia:
    The team at IBM involved in cipher design and analysis included Feistel, Walter Tuchman, Don Coppersmith, Alan Konheim, Carl Meyer, Mike Matyas, Roy Adler, Edna Grossman, Bill Notz, Lynn Smith, and Bryant Tuckerman.
    http://en.wikipedia.org/wiki/Data_Encryption_Standard

    You say: “there seems to be no question that the NSA pushed for a shorter key length so that they could break such encryption.”

    There is some question about that. For details, see this AMS Notices article that only says:
    “There have been persistent rumors that NSA had pressed for the shorter key length.”
    http://www.ams.org/notices/200003/fea-landau.pdf

    Yes, there were rumors, but I do not see those rumors confirmed anywhere.

  5. Peter Woit says:
    February 3, 2015 at 6:15 pm

    Roger,
    “NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits.” is not a “rumor”, it’s based on the declassified, sanitized version of the NSA’s own history. See the reference at the Wikipedia page.

  6. Michael Hutchings says:
    February 3, 2015 at 11:36 pm

    I would like to sign something, but I don’t feel qualified to sign this particular letter, because it refers to a lot of history which I don’t really know anything about. I think one could get more signatures with a letter referring to broader principles, something along the lines of “The AMS should convene a task force to consider reducing or eliminating ties with the NSA, due to serious ethical concerns about this relationship [references].”

  7. Ninguem says:
    February 4, 2015 at 6:45 am

    Is it only for members of the AMS?

  8. Ethan Heilman says:
    February 4, 2015 at 9:25 am

    In regards to the history of the DES key length it is from the NSA’s internal history, “Book III: Retrenchment and Reform” which can be found here at cryptome.

    “NSA worked closely with IBM to strengthen the algorithm against all except brute force attacks and to strengthen substitution tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key from 64 to 48 bits. Ultimately, [*] they compromised on a 56-bit key.”


    Also see NSA attempting to clamp down on feedback register techniques:

    “In 1977, a patent controversy stirred the already-choppy waters. George Davida, a University of Wisconsin professor, applied for a patent on a cryptographic device using advanced mathematics techniques and [—————-] shift registers. The COMSEC organization was unruffled, but DDO, fearing the spread of shift register techniques that would give the SIGINT side problems, recommended a secrecy order, which was duly put in place by the Patent Office. The inevitable public debate turned on the issue of academic freedom. NSA answered that if Davida had published the technique in an academic journal he would have been protected, but since he had instead applied for a patent, it appeared that he was in it for the money and thus lacked First Amendment protection. This was incontrovertible logic but bad politics, and once again NSA was forced to back down. The Davida patent was reinstated.”


    And ITAR restrictions which was used to threaten IEEE authors with censorship.

    “NSA hunted diligently for a way to stop cryptography from going public. One proposal was to use the International Traffic in Arms Regulation (lTAR) to put a stop to the publication of cryptographic material. [..] The Institute of Electrical and Electronics Engineers would be holding a symposium on cryptography in Ithaca, New York. Concerned about the potential hemorrhage of cryptographic information Meyer sent a letter to E. K. Gannet, staff secretary of the IEEE publications board, pointing out that cryptographic systems were covered by ITAR and contending that prior government approval would be necessary for the publication of many of the papers.”


    When threats didn’t work they attempted to slow down academics via other means.

    “It was essential, then, to slow the rate of academic understanding of these techniques in order for NSA to stay ahead of the game. (There was general recognition that academia could not be stopped, only slowed.) ”

  9. Peter Woit says:
    February 4, 2015 at 10:29 am

    Ninguem,
    I don’t think signers necessarily need to be members of the AMS, you should contact Leonid Reyzin if you’d like to add your name.

    Michael Hutchings,
    The letter is specifically intended as a response to the Wertheimer article, but I completely agree that a letter of the sort you indicate would be a great idea (do you want to organize it?).

    My impression is that when all this started post-Snowden, there was little enthusiasm at the AMS for taking any action to cut ties with the NSA. The decision was instead to encourage discussion, and that’s the goal of the Notices articles and letters. Interestingly, I haven’t seen much in the way of practical discussion of exactly what the AMS ties to the NSA are, and exactly what steps might be possible to change them. However, the two articles from NSA people it seems to me have helped make clear what the fundamental problem with that organization is: it operates outside the usual constraints of the bill of rights and democracy. As a result, people working there like George and Wertheimer find it natural to respond to the basic question (did the NSA backdoor DUAL_EC_DRBG?) by writing an evasive and misleading piece in the Notices. Their attitude appears to be that the public and the math community have no right to ask this kind of question, and deserve to be misled if they try.
    This may be having an effect at the AMS, making people more open to a discussion about cutting ties with the NSA. I don’t know if a letter or other action is the best way to move this forward. As of this weekend the AMS has a new president (Robert Bryant), who may bring a different perspective to the question.

  10. Michael Hutchings says:
    February 4, 2015 at 1:09 pm

    I was hoping for a letter that lots of people could sign to express their concern without having to know the detailed history. However the person who organizes this letter should probably still know what they are talking about, so I wouldn’t be the best person for the job. I could still do it though if no one else will. Maybe we should first see if Robert Bryant will do something.

Comments are closed.