|
|
Log in / Subscribe / Register

Bernstein's Blog

Bernstein's Blog

Posted Dec 14, 2025 16:43 UTC (Sun) by farnz (subscriber, #17727)
In reply to: Bernstein's Blog by marcH
Parent article: Disagreements over post-quantum encryption for TLS

No, I mean that even one person doing everything the NSA is tasked with would face trouble resolving the inherent contradiction in its tasks; it's not that different people in the organisation have different priorities and interests, but rather that the NSA is supposed to both ensure that American businesses and government agencies can use unbreakable encryption no matter who they're communicating with, while also ensuring that non-American entities have no access to encryption the NSA can't break no matter who they're communicating with.

Even if the NSA was a singular person, that would be an impossible pair of missions to deliver on - how do you deliver encryption that's both broken by the NSA and unbreakable by anyone simultaneously to a non-American entity communicating with an American business or government agency?

to post comments

Bernstein's Blog

Posted Dec 15, 2025 14:20 UTC (Mon) by paulj (subscriber, #341) [Link] (3 responses)

Standardising encryption that the NSA is confident only the NSA can break would be one way to meet that objective. Course, achieving that confidence in the face of an existence proof of a way to break an algorithm is... a tall order - but perhaps they have methods for that (e.g., judgement calls by analysing what systems other SIGINT agencies approve of/use for their governments and militaries; human intel from sister agencies; etc.).

Bernstein's Blog

Posted Dec 15, 2025 14:33 UTC (Mon) by farnz (subscriber, #17727) [Link] (2 responses)

The objective is that nobody (not even the NSA) can break it if both endpoints are USA entities, but only the NSA can break it if one or more entities using it is non-USA.

The only way to do that is to ban exports of encryption, with associated 1st Amendment concerns, so that the unbreakable encryption is only available to US entities, and to communicate with non-US entities you must use encryption the NSA is confident only the NSA can break.

Bernstein's Blog

Posted Dec 15, 2025 14:39 UTC (Mon) by paulj (subscriber, #341) [Link] (1 responses)

I think experience already shows this approach is impossible.

Bernstein's Blog

Posted Dec 15, 2025 15:08 UTC (Mon) by farnz (subscriber, #17727) [Link]

Indeed, but it's what the NSA is required to do - prevent non-US entities from communicating with encryption the NSA can break, while ensuring that US entities have access to encryption that cannot be broken at all, not even by the NSA, but only when communicating with other US entities.

This is an impossible task, and the NSA trying to do it is why it ends up completely untrustworthy - since you never know whether you're dealing with someone who's focused on the "non-US entities cannot communicate without us breaking their encryption", or whether you're dealing with someone who's focusing on "US entities must have access to unbreakable encryption".

And you'd still have that problem if the NSA was a single person - how do you know whether they're focusing on "non-US entities must not have encryption we cannot break" or "US entities must have encryption no-one can break"?


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds