Yenta is still under active development, but this particular page is not. If you're interested in current research papers about Yenta, or obtaining a copy of Yenta, please start here instead. This page is one of many that were written in late 1994 and early 1995, and are being preserved here for historical purposes. If you're viewing this page, you probably found it via an old link or are interested in the history of how Yenta came to be. These pages have not been actively maintained since 1995, so you'll find all sorts of older descriptions which may not match the current system, citations to old papers and old results, and so forth. |
Date: Tue, 22 Nov 1994 12:22:39 -0800 From: Phil Agre <pagre@weber.ucsd.edu> To: rre@weber.ucsd.edu Subject: EFF Urges X9 Committee to Adopt Triple-DES Standard As this action alert from EFF illustrates, a lot of important social policy is currently being made by technical standards committees. It is therefore important, in my view, for people on the net to learn about these committees and organize to monitor their workings. In this particular case it happens that the political cards are stacked somewhat equitably, with the NSA and its allies on one side and most banks and civil liberties activists on the other side. Perhaps action by an informed public can tilt the balance toward the protection of privacy. Date: Tue, 22 Nov 1994 15:07:26 -0500 (EST) From: Stanton McCandlish <mech@eff.org> To: << half the planet >> Subject: EFF Urges X9 Committee to Adopt Triple-DES Standard EFF URGES X9 COMMITTEE TO ADOPT TRIPLE-DES STANDARD =================================================== EFF sent a letter to 37 members of the Accredited Standards Committee (ASC) X9 urging the committee to vote to develop a standard for data encryption based on triple-DES, a strengthened and upgraded form of the popular DES (data encryption standard). The balloting process, which allows members one month to cast their vote, closes on November 19. The vote has important implications on the future of cryptographic standards and US cryptography policy generally. The banking and financial services industries are major users of cryptography, and applications developed for this community tend to drive the market. As a result, the adoption of a standard based on triple-DES would pose a major setback to the NSA's efforts to push Clipper or similar government key-escrow based standards. The NSA, which is a voting member of the X9 committee, has urged members to vote against the triple-DES standard. The ASC X9 committee is charged with setting data security standards for the US banking and financial services industries. Its membership is comprised of representatives from the banking, financial services, computer and communications industries, software manufacturers, and government, including the NSA, the Federal Reserve, and NIST. BACKGROUND ---------- Encryption is widely used by banks and other financial institutions to protect the billions of dollars in transfers and other transactions which flow every day across the world's communications networks. Currently, the prevailing encryption standard used in the banking industry is based on DES (Data Encryption Standard). DES has been available since the early 1970's, and is popular because it has been repeatedly tested and is considered unbreakable except by brute force (trying every possible key). DES is also popular because the US government has allowed banks and financial institutions to use it overseas -- a limited but important exception to the strong controls placed on other forms of cryptography. Despite its enormous popularity and widespread use, the banking and financial services industries are searching for a new standard because DES is reaching the end of its useful life. Although DES can only be cracked through brute force, the increasing speed and sophistication of computer processing power will soon render the standard insecure. At a recent cryptography conference, experts demonstrated that DES codes can be cracked in as little as three hours using a machine which cost less than $1 million to build. Triple-DES, a strengthened version of the reliable and trusted DES standard, is the alternative favored by the banking and financial services industries. In basic terms, the triple-DES standard is based on the existing DES, but has been enhanced by tripling the key length. The longer key will make it more difficult to use brute force to crack the code. Supporters of triple-DES view it as a temporary, stop-gap solution, which will provide additional security until a suitable alternative can be developed. Moreover, because triple-DES is based on an existing standard that virtually all users are familiar with, it is argued that developing and using triple-DES will not be a burden to current designers and users of data security systems. NSA ATTEMPTS TO PUSH X9 TO ADOPT CLIPPER STANDARD -------------------------------------------------- Members of the X9 committee agree that an alternative to DES must be found, the question is what that standard will be. The committee is currently considering a recommendation to develop a standard based on triple-DES. Although there appears to be general support for the recommendation (it passed an X9 subcommittee on a vote of 13 to 2, with 3 abstentions, in July), the NSA has lobbied the committee to reject the proposal to create a triple-DES standard. They have circulated a letter to committee members (attached below) urging them to vote against the triple-DES recommendation. Without offering specific alternatives, the NSA letter stresses national security, attempts to discredit the strength of triple-DES, and questions its exportability. The NSA appears to believe that the rejection of triple-DES by the X9 committee would create an opportunity to push for the only current alternative -- Clipper. By agreeing to develop a triple-DES based standard, the X9 committee can simultaneously establish a workable transitional measure and send a strong repudiation of the Clipper proposal and government designed cryptographic standards. Moreover, such a vote would pose a major setback to the NSA's efforts to ensure that all cryptography contains government-escrowed back doors. The final balloting closes on Saturday, November 19. EFF is tracking the committee vote, and will update this story as soon as further information is available. EFF LETTER TO X9 COMMITTEE MEMBERS ---------------------------------- November 18, 1994 Dear Accredited Standards Committee-X9 Member: The X9 Committee is currently voting as to whether to recommend the development of a standard for triple-DES (ballot number X9/94-LB#28). The Electronic Frontier Foundation (EFF) strongly urges you to vote in favor of the triple-DES standard. EFF supports the development of a variety of new data security standards and alternatives to DES. We believe the triple-DES standard provides the best immediate short term alternative because: * The basic algorithm, DES, is strong and has been tested repeatedly. * There are no known attacks that succeed against triple-DES. * It is clearly no less secure than DES. * It eliminates the brute-force problem completely by tripling the key length. * It runs at high speeds in easy-to-build chips. * It can be easily incorporated into existing systems. NSA's opposition to triple-DES appears to be an indirect attempt to push Clipper by eliminating credible alternatives. Clipper is not a viable alternative to triple-DES, and carries substantial liabilities. There has been no evidence of foreign acceptance of the standard and the skipjack algorithm is classified. The likelihood of any government accepting secret standards developed by a foreign security agency is slim. Clinton Administration efforts, through the NSA, to push Clipper as a domestic standard over the past two years have failed. We urge you to carefully consider the alternatives before you cast your ballot. We believe that the triple-DES issue should be decided on its own merits. Sincerely, John Gilmore Board of Directors Electronic Frontier Foundation Daniel J. Weitzner Deputy Policy Director Electronic Frontier Foundation NSA LETTER TO X9 COMMITTEE MEMBERS ----------------------------------- X9 Member I will be casting a NO vote of the NWI proposal for triple-DES, Letter Ballot X9/94-LB#28. The reasons are set forth below. You may find these useful as you determine your position. Jerry Rainville NSA REASONS FOR NEGATIVE VOTE While NSA supports the use of DES in the global financial sector, we believe that standardization of triple-DES is ill-advised for a number of reasons. The financial community should be planning to transition to a new generation of cryptographic algorithms. When DES was first introduced, it represented the "only game in town." IT supported encryption, authentication, key management, and secure hashing applications. With a broader interest in security, the market can now support optimized algorithms by application. Going through the expense of installing a stop-gap can only serve to delay progress in achieving interoperable universal appropriate solutions. While we understand the appeal of a snap-in upgrade, our experience has been that any change is expensive, especially one where the requirements on the key management system change. WE do not agree that replacing DES with triple-DES is significantly less expensive than upgrading to more appropriate technology Tripling of any algorithm is cryptographically unsound. Notice that tripling DES, at best, only doubles the length of the cryptovariable (key). Phrased another way, the DES was optimized for security at 56 bits. We cannot vouch that any of the schemes for doubling the cryptovariable length of DES truly squares the security. We understand the financial community has concerns with current key escrow based encryption, however, we are committed to searching for answers to those concerns. But the government is also committed to key escrow encryption, and we do not believe that the proposal for triple DES is consistent with this objective. US export control policy does not allow for general export of DES for encryption, let alone triple-DES. Proceeding with this NWI would place X9 at odds with this long standing policy. It also violates the newly accepted X9 cryptographic policy. The US government has not endorsed triple-DES; manufacturers and users may be reluctant to use triple-DES products for fear of possible liability. Finally, further proliferation of triple-DES is counter to national security and economic objectives. We would welcome the opportunity to discuss these concerns with an appropriate executive of your institution. [end]
Lenny Foner Last modified: Wed Dec 14 00:26:11 1994