Insight into the NSA's Weakening of Crypto Standards presented at usenix 2014

by Joseph Menn,

Summary : Though most the world has been transfixed by Edward Snowden’s revelations about mass surveillance, nothing has upset the technology world more than the confirmation that the National Security Agency worked through commercial “partnerships” and domestic and international standards bodies to undercut security. In the best-known example that has come to light, documents indicate that Dual Elliptic Curve was compromised from the beginning, and my reporting showed that the sole major adopter of Dual Elliptic Curve as a default, RSA, took $10 million to spread it through the BSafe toolkit. I will draw lessons from my reporting on the topic and explain how both the past and future of the U.S. relationship to good cryptography remain hotly disputed.