It may have taken them 15 days to respond, but the International Organization for Standardization (ISO) today told Computer Business Review that while the US National Security Agency (NSA)’s cryptography ciphers “Simon and Speck” had indeed been rejected by the organisation, while they were probably dead, they were not yet buried.
The NSA had become embroiled in a heated public dispute over the ciphers in late April. It had put them forward as potential international cryptographic standards, but run into a hailstorm of opposition from ISO experts.
SIMON and SPECK were made public by the NSA in 2013 and are optimised for low-cost processors like Internet of Things (IoT) devices, but fears that they were back-doored, and claims that the NSA refused to answer questions about the choice of matrices in Simon’s key schedule, saw them nixed by ISO delegates.
(Two block ciphers suitable for lightweight cryptography are currently recognised by ISO under ISO/IEC 29192-2:2012: Orange Labs-developed PRESENT: a lightweight block cipher with a block size of 64 bits and a key size of 80 or 128 bits and Sony-developed CLEFIA: a lightweight block cipher with a block size of 128 bits and a key size of 128, 192 or 256 bits.)
“Outrageously Adversarial”
Dr Tomer Ashur, representing the Belgian delegation at the ISO meeting in China that resulted in the ciphers being rejected, had on Twitter described the NSA’s behaviour in promoting the ciphers as “outrageously adversarial”, “aggressive” and rife with “half-truths and full lies”, adding: “spying agencies have no place in civilian standardization”
Responding to questions posed by Computer Business Review on April 15, an ISO spokesman today told us: “According to the Convenor of the Working Group (WG 2), at this point WG 2 and its parent Subcommittee (SC 27) have agreed on its [Simon and Speck’s] cancellation. However, there still needs to be an official ballot at the committee level, so the cancellation hasn’t yet been officially approved at this stage.”
The ISO has a six stage process for recognition, which begins with a proposal stage that needs a simple majority vote from a technical committee to get to stage two; a preparatory stage that involves a working group of experts – working as independent experts rather than national delegates – who review successive working drafts until satisfied that they have developed the best solution to a problem. (This is where the NSA came unstuck).
Content from our partners
Stage three is the committee stage that the ISO referred to in its response. At this stage, comments from national members are taken into consideration with a view to reaching consensus, with a standard drafted following ISO’s formatting rules and distributed for a vote by members of the technical committee.
Vulnerabilities
Cryptography expert Nikos Komninos, a lecturer in Cyber Security in the Department of Computer Science at City University, earlier told Computer Business Review: “Unfortunately the NSA lacks a good reputation in academia. It’s not very long ago when AES was selected and the “optimised code” provided by the NSA had side channel flaws. Likewise, when the NSA proposed SHA-1 as a replacement of SHA then again there were security weaknesses. Bottom line is that in most cases, the NSA has pushed for adoptions/standards in which security vulnerabilities were found very soon after…”
NSA Capabilities Technical Director, Neal Ziring said in a statement earlier emailed to Computer Business Review: “Both Simon and Speck were subjected to several years of detailed cryptanalytic analysis within NSA, and have been subject to academic analysis by researchers worldwide since 2014. They are good block ciphers with solid security and excellent power and space characteristics.”
He added: “NSA devotes our decades of cryptologic experience towards breaking codes for foreign intelligence and making codes to secure US National Security Systems (NSS) — offering strong algorithms for consideration as international standards is often the best way to ensure that such algorithms are implemented in products on which national security depends. That was the basis for submitting Simon and Speck to ISO.”
