Bruce Schneier, America’s foremost expert on cryptography and security, is understandably concerned about the recent revelations concerning the NSA:
By subverting the Internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards.
But Schneier also points out that the problem is not with the mathematics behind RSA and other public-key algorithms. More and more high schools, including Weston, have joined thousands of colleges and universities in teaching public-key cryptography. Students in Algebra II learn the mechanisms of RSA and why it is secure. Yet they read or hear all the recent news about the NSA, and they are of course worried. But the problem is not with the math. The problem is with the use of back doors to go around the math, to circumvent it:
There’s a saying inside the NSA: “Cryptanalysis always gets better. It never gets worse.” It’s naive to assume that, in 2013, we have discovered all the mathematical breakthroughs in cryptography that can ever be discovered. There’s a lot more out there, and there will be for centuries.
And the NSA is in a privileged position: It can make use of everything discovered and openly published by the academic world, as well as everything discovered by it in secret.
The NSA has a lot of people thinking about this problem full-time. According to the black budget summary, 35,000 people and $11 billion annually are part of the Department of Defense-wide Consolidated Cryptologic Program. Of that, 4 percent — or $440 million — goes to “Research and Technology.”
That’s an enormous amount of money; probably more than everyone else on the planet spends on cryptography research put together. I’m sure that results in a lot of interesting — and occasionally groundbreaking — cryptanalytic research results, maybe some of it even practical.
Still, I trust the mathematics.
So do I.