NSA misuse of mathematics: Secret formulas and backdoor cryptography.

The NSA Is Misusing Mathematics for Dangerous Ends

The NSA Is Misusing Mathematics for Dangerous Ends

The state of the universe.
Sept. 30 2013 12:42 PM

The Perils of Hacking Math

The National Security Agency is undermining fundamental principles of mathematical knowledge.

NSA cryptography.
The time-honored principle of freedom of mathematical information is now being compromised.

Photo by Kerem Yucel/iStock/Thinkstock

Recently, I co-authored and published a math paper that solved a 15-year-old mystery. But, unlike a book or a gadget, the work cannot be copyrighted or bought and sold. In fact, my co-author and I have made our paper available for free, for the whole world to see, on arXiv, an online depository of scientific articles. This inherent democracy has always been the mark of mathematics: It belongs to us all, even if people are not aware of it. Mathematicians don't expect to be paid for their discoveries; we do math because we want to understand how the world works.

This principle has deep roots in history as well as in legal systems. No one can own mathematical knowledge; no one can claim ownership of a mathematical formula or idea as a personal possession. Though he discovered it, Albert Einstein couldn't patent his famous formula E=mc2. In the landmark Gottschalk v. Benson decision, the U.S. Supreme Court concluded:

A scientific truth, or the mathematical expression of it, is not a patentable invention. ... A principle, in the abstract, is a fundamental truth; an original cause; a motive; these cannot be patented, as no one can claim in either of them an exclusive right. ... He who discovers a hitherto unknown phenomenon of nature has no claim to a monopoly of it which the law recognizes.

Unfortunately, this time-honored and essential principle of freedom of mathematical information is now being compromised. According to published reports, the National Security Agency has attempted to undermine mathematical formulas used in widely used encryption systems. They did it both by using advances made in secret by mathematicians on their payroll and by intentionally subverting commonly used security protocols by installing "backdoors" that make these protocols easier to break.

The legality and broad implications of the NSA large-sale surveillance have already been discussed at great length. My point here, however, is that tampering with mathematics is by itself a dangerous precedent that raises a host of legal and ethical issues.

We should be especially alarmed by the reported attempts by the NSA to intentionally undermine cryptosystems. In a nutshell, to ensure that a third party can't read your email message, credit-card number, or password, communications sent over the Internet are encrypted. Many cryptosystems are based on sophisticated mathematical objects called "elliptic curves" (these are discussed in my new book Love and Math: The Heart of Hidden Reality). There are plenty of elliptic curves to choose from. A cryptosystem based on a random one is virtually impregnable and hence protects our privacy. But it turns out that there are some elliptic curves that look random but actually allow for easy decryption; that's an example of a backdoor. It's a nontrivial mathematical problem to generate such curves (equipped with some extra data), but it can be done. And according to the reports, the NSA has been pushing the National Institute of Standards and Technology, the body that sets encryption standards in the United States, and various vendors to adopt such special elliptic curves since as early as 2006, knowing full well that they were prone to attacks. After these allegations came to light, encryption company RSA Security issued an unprecedented advisory noting that one of its widely used toolkits is based on the compromised algorithm and advising clients to stop using it.


Courtesy of Basic Books

Secrecy in cryptography is nothing new. We remember Bletchley Park, where mathematicians such as Alan Turing, working in secret, were able to decode German communications during World War II. But what’s different now is the ubiquity of the security protocols that are being compromised. Encryption is now woven in the very fabric of our daily lives. That’s why creation of secret means for breaking commonly used cryptosystems by the government is so troubling.

Furthermore, by secretly installing backdoors into these systems, the NSA makes all of us more vulnerable to outside attacks. If these backdoors allow the NSA to easily break these systems, what's to stop other players from maliciously doing the same? They may steal this information from the NSA or a rogue on the inside may disclose or sell it. Besides, others may discover these backdoors on their own.

Mathematics is a great equalizer. A young man from India named Srinivasa Ramanujan received no formal training but in the early 20th century was able to make dazzling mathematical discoveries that stumped professional mathematicians. For a more recent example, consider this: In 1973, three mathematicians working for the U.K.’s Government Communications Headquarters discovered a new method of encryption. Their discovery was kept secret by GCHQ, but shortly afterward two other mathematicians rediscovered the same thing and published their result (now called Diffie-Hellman key exchange in their honor).

Who's to say that the sophisticated math the NSA has been keeping secret from the rest of the world will not be discovered by someone else?

You can hide a formula, but you can't prevent others from finding it. One might only need a pencil and a piece of paper to do that. And once the secret is out in the open, it’s not just Big Brother that will be watching us—other “brothers” will be spying on us, intercepting our messages, and hacking our bank accounts.

We live in a new era in which mathematics has become a powerful weapon. It can be used for good—we all benefit from technological advances based on math—but also for ill. When the nuclear bomb was built, theoretical physicists who had inadvertently contributed to creating something monstrous were forced to confront deep ethical questions. What is happening now with mathematics may have similarly grave implications. Members of my community must initiate a serious discussion about our role in this brave new world. We need to find mechanisms to protect the freedom of mathematical knowledge that we love and cherish. And we have to help the public understand both the awesome power of math and the serious consequences that await all of us if that power is misused.