Mathematics > NSA + GCHQ

Tim May tcmay at
Fri Aug 22 10:30:17 PDT 1997

At 1:24 AM -0700 8/22/97, Anonymous wrote:
>Bill Stewart wrote:
>> but there's also really no need for keys longer than 2048 bits unless
>> some radical algorithmic breakthrough
>> 1024 bits is probably enough
>  Other than the above, a very informative post.
>  Perhaps all encryption programs ought to be named Enigma-1,
>Enigma-2, etc.
>  When the Allies gained the capability to break the Enigma code,
>there was no front-page announcement. I checked the news headlines
>today, and there was no front-page announcement of a "radical
>algorithmic breakthrough." I take this to be proof positive that
>the ever-present "they" have indeed made a breakthrough, and that
>I need to use the strongest tools currently available for secure

We haven't discussed this point in  a while, but the belief most
cryptologists have is roughly this:

The world-wide community of mathematics and cryptology researchers, linked
through open publication of new research results, is GREATER than the
cloistered NSA and GCHQ communities of researchers.

Thus, as bright as Brian Snow or Don Coppersmith or John Conway may be, the
"edge" the NSA may have once had is largely gone. Which is not to say that
they are not still a formidable technical organization, with substantial
computer resources.

But modern crypto systems are, as we all know, based on fundamental
mathematical results, e.g., the difficulty in finding the factors of a
large number, the difficulty in extracting logarithms, etc. And while
advances in factoring have occurred, often at government labs (think of
Sandia), the fast factoring of a 1000-decimal-digit number appears

(Leading to our conclusion that anyone who _knows_ the prime factors of a
very large number must have been the one who generated the composite
product, in a kind of zero knowledge proof sort of way. Or someone who
intercepted the numbers, the private key, or who gained access through the
National Key Recovery Suppository.)

>  Like the ZipLock ads where they put the angry bees in the ZipLock
>and in the Generic Brand plastic bags, I am always tempted by the
>statement that "512/1024/etc." is "good enough," to ask the person
>making the statement to write a letter threatening the life of
>"You Know Who," encrypt it and send it to me for forwarding to
>the Whitewaterhouse. ("And don't forget to use the '-c' option.")

Yes, this sort of thing has been proposed many times. Some of us have done
it, back in our earlier and more radical days.

(I don't claim credit for the RSA challenge, in its recent and current
form, but several years ago I suggested at the first RSA Conference that a
prize be encapsulated in a message encrypted with an RSA key, and that so
long as the prize went unclaimed this would be a measure of security.
Bidzos said he'd pass on the suggestion. Prizes are a common way to ensure
or encourage results, so doubtless others suggested similar things.)

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay at  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."

More information about the cypherpunks-legacy mailing list