A pertinent question comes to mind: do you suggest NSA hasn’t and could not have stolen the private key that is relevant for the Juniper Q parameter swap?
I wouldn’t find such a claim reasonable and NSA would have it if they want it.
One presumes that the Chinese still have a copy of that other private key for their swapped out Q parameter. Maybe they keep it with their copy of the OPM data that they took. Maybe they use the OPM data for leverage on the actual secret key holders to get the original private key for the original Q parameter. Maybe they don’t care because swapping Q was better and easier. If you think this Dual EC design is a success…
https://eprint.iacr.org/2016/376.pdf
NSA outclasses every other intelligence service on earth but they too have insiders who leave with more than is allowed.
Furthermore, NSA has also been willing to deploy LFSR designs which are still being broken by a single digit number of persons such as the recent PX-1000cr break. Do you know if NSA considered that NOBUS?
https://www.cryptomuseum.com/crypto/philips/px1000/
If NSA considered the LFSR design in the DES replacement cipher in the PX-1000cr NOBUS, their claim of NOBUS was wrong. If they didn’t consider it NOBUS, then on what ground do you claim that they only want to deploy NOBUS backdoors?
Either way, we can observe just from public cases that their backdoor strategy isn’t limited to only deploying NOBUS backdoors. To claim they only want NOBUS is an NSA PR talking point from Vanee’ Vines herself at the NSA press office. It is not only wrong, it’s blatantly ahistorical. NSA wants plaintext and that means they don’t only deploy and push NOBUS backdoors.
There are other examples that aren’t public yet and definitely aren’t NOBUS.
It appears that you’re saying that PX-1000cr isn’t an example NSA backdoor or that the article breaking the cipher in the PX1000cr is incorrect?
It seems like you’re either very aware of how NSA backdoors work and you’re misleading people for some reason or you don’t know what you’re talking about, you’re being hopeful and you are ignoring the evidence that NSA inserts backdoors which can be broken by others. Assuming the latter in good faith, I’m afraid to inform you that you’re simply incorrect.
Do you dispute that the secret key for the Q Parameter in Dual EC may be recovered by anyone with a CRQC? This is assuming that they exist, and if they don’t or won’t exist, why does NSA concern themselves with pq crypto? I agree that someone stealing the key is a different effort but either could have answered your question of what the key is - so the technique is largely irrelevant, but I take your more narrow point and will engage it.
If NSA isn’t misleading us to deploy broken crypto with their pq standardia push, then they probably don’t consider the Q parameter in Dual EC to be a NOBUS backdoor. After all, by your argumentation NOBUS is forever, isn’t it?
There are other backdoored systems pushed by NSA and some are still in use. I assure you, they can be broken in a weekend by someone with the relevant computer science and mathematical background. The trick for finding it is to realize your core assumption is wrong.
One system NSA built was purpose built to trick a community of interest, and it worked. The core break is in the RNG - the RNG only generates keys from a small subset of all possible keys. The users of this system have no clue.
Do you really suggest that this kind of NSA backdoor doesn’t exist and that evidence of it means that it isn’t NSA who did it? It again seems ahistorical of you.
It is a private key probably still stored in a hardware module controlled by NSA CES, isn’t it?
This isn’t a problem: Just ask for decrypts by the usual FISA CES API and you don’t need the private key directly.
