Yenta is still under active development, but this particular page is not. If you're interested in current research papers about Yenta, or obtaining a copy of Yenta, please start here instead. This page is one of many that were written in late 1994 and early 1995, and are being preserved here for historical purposes. If you're viewing this page, you probably found it via an old link or are interested in the history of how Yenta came to be. These pages have not been actively maintained since 1995, so you'll find all sorts of older descriptions which may not match the current system, citations to old papers and old results, and so forth. |
Date: Tue, 22 Nov 1994 12:22:39 -0800
From: Phil Agre <pagre@weber.ucsd.edu>
To: rre@weber.ucsd.edu
Subject: EFF Urges X9 Committee to Adopt Triple-DES Standard
As this action alert from EFF illustrates, a lot of important social policy
is currently being made by technical standards committees. It is therefore
important, in my view, for people on the net to learn about these committees
and organize to monitor their workings. In this particular case it happens
that the political cards are stacked somewhat equitably, with the NSA and its
allies on one side and most banks and civil liberties activists on the other
side. Perhaps action by an informed public can tilt the balance toward the
protection of privacy.
Date: Tue, 22 Nov 1994 15:07:26 -0500 (EST)
From: Stanton McCandlish <mech@eff.org>
To: << half the planet >>
Subject: EFF Urges X9 Committee to Adopt Triple-DES Standard
EFF URGES X9 COMMITTEE TO ADOPT TRIPLE-DES STANDARD
===================================================
EFF sent a letter to 37 members of the Accredited Standards Committee (ASC)
X9 urging the committee to vote to develop a standard for data encryption
based on triple-DES, a strengthened and upgraded form of the popular DES
(data encryption standard). The balloting process, which allows members
one month to cast their vote, closes on November 19.
The vote has important implications on the future of cryptographic
standards and US cryptography policy generally. The banking and financial
services industries are major users of cryptography, and applications
developed for this community tend to drive the market. As a result, the
adoption of a standard based on triple-DES would pose a major setback to
the NSA's efforts to push Clipper or similar government key-escrow based
standards.
The NSA, which is a voting member of the X9 committee, has urged members to
vote against the triple-DES standard.
The ASC X9 committee is charged with setting data security standards for
the US banking and financial services industries. Its membership is
comprised of representatives from the banking, financial services, computer
and communications industries, software manufacturers, and government,
including the NSA, the Federal Reserve, and NIST.
BACKGROUND
----------
Encryption is widely used by banks and other financial institutions to
protect the billions of dollars in transfers and other transactions which
flow every day across the world's communications networks.
Currently, the prevailing encryption standard used in the banking industry
is based on DES (Data Encryption Standard). DES has been available since
the early 1970's, and is popular because it has been repeatedly tested and
is considered unbreakable except by brute force (trying every possible
key). DES is also popular because the US government has allowed banks and
financial institutions to use it overseas -- a limited but important
exception to the strong controls placed on other forms of cryptography.
Despite its enormous popularity and widespread use, the banking and
financial services industries are searching for a new standard because DES
is reaching the end of its useful life.
Although DES can only be cracked through brute force, the increasing speed
and sophistication of computer processing power will soon render the
standard insecure. At a recent cryptography conference, experts
demonstrated that DES codes can be cracked in as little as three hours
using a machine which cost less than $1 million to build.
Triple-DES, a strengthened version of the reliable and trusted DES
standard, is the alternative favored by the banking and financial services
industries. In basic terms, the triple-DES standard is based on the
existing DES, but has been enhanced by tripling the key length. The longer
key will make it more difficult to use brute force to crack the code.
Supporters of triple-DES view it as a temporary, stop-gap solution, which
will provide additional security until a suitable alternative can be
developed. Moreover, because triple-DES is based on an existing standard
that virtually all users are familiar with, it is argued that developing
and using triple-DES will not be a burden to current designers and users
of data security systems.
NSA ATTEMPTS TO PUSH X9 TO ADOPT CLIPPER STANDARD
--------------------------------------------------
Members of the X9 committee agree that an alternative to DES must be found,
the question is what that standard will be. The committee is currently
considering a recommendation to develop a standard based on triple-DES.
Although there appears to be general support for the recommendation (it
passed an X9 subcommittee on a vote of 13 to 2, with 3 abstentions, in
July), the NSA has lobbied the committee to reject the proposal to create a
triple-DES standard. They have circulated a letter to committee members
(attached below) urging them to vote against the triple-DES recommendation.
Without offering specific alternatives, the NSA letter stresses national
security, attempts to discredit the strength of triple-DES, and questions
its exportability.
The NSA appears to believe that the rejection of triple-DES by the X9
committee would create an opportunity to push for the only current
alternative -- Clipper.
By agreeing to develop a triple-DES based standard, the X9 committee can
simultaneously establish a workable transitional measure and send a strong
repudiation of the Clipper proposal and government designed cryptographic
standards. Moreover, such a vote would pose a major setback to the NSA's
efforts to ensure that all cryptography contains government-escrowed back
doors.
The final balloting closes on Saturday, November 19. EFF is tracking the
committee vote, and will update this story as soon as further information
is available.
EFF LETTER TO X9 COMMITTEE MEMBERS
----------------------------------
November 18, 1994
Dear Accredited Standards Committee-X9 Member:
The X9 Committee is currently voting as to whether to recommend the
development of a standard for triple-DES (ballot number X9/94-LB#28). The
Electronic Frontier Foundation (EFF) strongly urges you to vote in favor of
the triple-DES standard.
EFF supports the development of a variety of new data security standards
and alternatives to DES. We believe the triple-DES standard provides the
best immediate short term alternative because:
* The basic algorithm, DES, is strong and has been tested repeatedly.
* There are no known attacks that succeed against triple-DES.
* It is clearly no less secure than DES.
* It eliminates the brute-force problem completely by tripling the key
length.
* It runs at high speeds in easy-to-build chips.
* It can be easily incorporated into existing systems.
NSA's opposition to triple-DES appears to be an indirect attempt to push
Clipper by eliminating credible alternatives. Clipper is not a viable
alternative to triple-DES, and carries substantial liabilities. There has
been no evidence of foreign acceptance of the standard and the skipjack
algorithm is classified. The likelihood of any government accepting secret
standards developed by a foreign security agency is slim. Clinton
Administration efforts, through the NSA, to push Clipper as a domestic
standard over the past two years have failed.
We urge you to carefully consider the alternatives before you cast your
ballot. We believe that the triple-DES issue should be decided on its own
merits.
Sincerely,
John Gilmore
Board of Directors
Electronic Frontier Foundation
Daniel J. Weitzner
Deputy Policy Director
Electronic Frontier Foundation
NSA LETTER TO X9 COMMITTEE MEMBERS
-----------------------------------
X9 Member
I will be casting a NO vote of the NWI proposal for triple-DES,
Letter Ballot X9/94-LB#28. The reasons are set forth below. You may find
these useful as you determine your position.
Jerry Rainville
NSA REASONS FOR NEGATIVE VOTE
While NSA supports the use of DES in the global financial sector,
we believe that standardization of triple-DES is ill-advised for a number
of reasons.
The financial community should be planning to transition to a new
generation of cryptographic algorithms. When DES was first introduced, it
represented the "only game in town." IT supported encryption,
authentication, key management, and secure hashing applications. With a
broader interest in security, the market can now support optimized
algorithms by application. Going through the expense of installing a
stop-gap can only serve to delay progress in achieving interoperable
universal appropriate solutions.
While we understand the appeal of a snap-in upgrade, our experience
has been that any change is expensive, especially one where the
requirements on the key management system change. WE do not agree that
replacing DES with triple-DES is significantly less expensive than
upgrading to more appropriate technology
Tripling of any algorithm is cryptographically unsound. Notice
that tripling DES, at best, only doubles the length of the cryptovariable
(key). Phrased another way, the DES was optimized for security at 56 bits.
We cannot vouch that any of the schemes for doubling the cryptovariable
length of DES truly squares the security.
We understand the financial community has concerns with current key
escrow based encryption, however, we are committed to searching for answers
to those concerns. But the government is also committed to key escrow
encryption, and we do not believe that the proposal for triple DES is
consistent with this objective.
US export control policy does not allow for general export of DES
for encryption, let alone triple-DES. Proceeding with this NWI would place
X9 at odds with this long standing policy. It also violates the newly
accepted X9 cryptographic policy.
The US government has not endorsed triple-DES; manufacturers and
users may be reluctant to use triple-DES products for fear of possible
liability.
Finally, further proliferation of triple-DES is counter to national
security and economic objectives. We would welcome the opportunity to
discuss these concerns with an appropriate executive of your institution.
[end]
Lenny Foner Last modified: Wed Dec 14 00:26:11 1994