History repeats itself
3 posters
Page 1 of 1
History repeats itself
<rant>
My first reaction when seeing this news was to ask myself whether it was a joke. Unfortunately it seems it is not.
My 2nd reaction was to take this almost as an insult. Lots of efforts have been done in the cryptographic community to design state-of-the-art algorithms that could fit as best as possible the requirements of mobile phone communications. A well known project is "eStream". Cryptographers all around the world are competing against each other to provide the best algorithm that the industry could dream of.
But no of course that was not enough. I guess greediness is too strong. *AGAIN* you are doing the same mistake. Choose an algorithm from nowhere, without any serious external evaluation, with as sole design goal some random business requirement: "We need to pick an algorithm from China (so that we can win lots of $$$... we are so smart!) because that's a requirement from Chinese government". Sorry, don't want to be mean or anything to my Chinese peers, but "algorithm from China" does not ring with "confidentiality & privacy" to me.
Now, of course I guess you're only trying to cover yourselves by launching this pseudo-external evaluation. Hope you'll win the contest. By the way, how many submissions are there?
</rant>
My first reaction when seeing this news was to ask myself whether it was a joke. Unfortunately it seems it is not.
My 2nd reaction was to take this almost as an insult. Lots of efforts have been done in the cryptographic community to design state-of-the-art algorithms that could fit as best as possible the requirements of mobile phone communications. A well known project is "eStream". Cryptographers all around the world are competing against each other to provide the best algorithm that the industry could dream of.
But no of course that was not enough. I guess greediness is too strong. *AGAIN* you are doing the same mistake. Choose an algorithm from nowhere, without any serious external evaluation, with as sole design goal some random business requirement: "We need to pick an algorithm from China (so that we can win lots of $$$... we are so smart!) because that's a requirement from Chinese government". Sorry, don't want to be mean or anything to my Chinese peers, but "algorithm from China" does not ring with "confidentiality & privacy" to me.
Now, of course I guess you're only trying to cover yourselves by launching this pseudo-external evaluation. Hope you'll win the contest. By the way, how many submissions are there?
</rant>
random- Posts : 1
Join date : 2010-08-11
Calm your rant ....
I'm not surprised (or offended) by this reaction, but let me clear up a few points.
First: this isn't a contest, and there are no dollars to won by anyone. "Greediness" plays no part.
Second: the "algorithm from China" is a genuine requirement. I wish it weren't, but it is. If we don't standardise an algorithm that the Chinese authorities allow to be used, then subscribers in that country - whether Chinese nationals or visiting - will have no encryption for their calls and data over the radio interface. That may not make much difference to state intelligence, but it will make a difference to eavesdropping by criminals, commercial espionage etc.
Finally, the algorithm HAS had some serious external evaluation (read the design and evaluation report), and the aim of this public evaluation is for it to have more.
First: this isn't a contest, and there are no dollars to won by anyone. "Greediness" plays no part.
Second: the "algorithm from China" is a genuine requirement. I wish it weren't, but it is. If we don't standardise an algorithm that the Chinese authorities allow to be used, then subscribers in that country - whether Chinese nationals or visiting - will have no encryption for their calls and data over the radio interface. That may not make much difference to state intelligence, but it will make a difference to eavesdropping by criminals, commercial espionage etc.
Finally, the algorithm HAS had some serious external evaluation (read the design and evaluation report), and the aim of this public evaluation is for it to have more.
Steve Babbage- Posts : 30
Join date : 2010-08-02
And by the way ...
... when I say "an algorithm that the Chinese authorities allow to be used", I mean because it's designed in China - not because they can break it.
Steve Babbage- Posts : 30
Join date : 2010-08-02
Re: History repeats itself
Its really astonishing to see that the stream cipher for 4G network has bypassed eSTREAM project. What is the scope of the successful cadidates of eSTRAEM project then?
Why this cipher is not presented in eSTREAM for evaluation?
Why only China is catered for? The rest of the world will also be using 4G mobile communication.
Why this cipher is not presented in eSTREAM for evaluation?
Why only China is catered for? The rest of the world will also be using 4G mobile communication.
unknown- Guest
Re: History repeats itself
As mentioned in Design and Evaluation report, two encryption and integrity algo sets (SNOW 3G based EEA1 and EIA1; AES based EEA2 and EIA2) has already been developed. What was the need to design another set of algo (ZUC based EEA3 and EIA3)??? Were there any weakness in earlier algo? Whats their future if ZUC based algo is standardized?
unknown- Guest
Re: History repeats itself
unknown wrote:Its really astonishing to see that the stream cipher for 4G network has bypassed eSTREAM project. What is the scope of the successful cadidates of eSTRAEM project then?
Why this cipher is not presented in eSTREAM for evaluation?
The reason the cipher wasn't presented in eSTREAM was because it was developed after the eSTREAM project was finished, (which was a good two years ago).
unknown wrote:
Why only China is catered for? The rest of the world will also be using 4G mobile communication.
China is not the only country catered for. This cipher will be used world-wide. It was developed by Chinese for reasons Steve Babbage has already pointed out.
sgteo- Posts : 8
Join date : 2010-08-13
Re: History repeats itself
China is not the only country catered for. This cipher will be used world-wide. It was developed by Chinese for reasons Steve Babbage has already pointed out.
This seems to be missing the point. Or rather, making the opposite point: China is getting to impose its algorithm on every phone in the world. Why do they get this privilege? If every other country insists on a home-grown algorithm, will every LTE phone have to support 200 algorithms?
It seems like it would be better for an international organization like 3GPP to follow the pattern that the IETF has followed and make the core, mandatory algorithms universal, allowing for nation-specific algorithms as optional variants.
unknown- Guest
Re: History repeats itself
unknown wrote:China is not the only country catered for. This cipher will be used world-wide. It was developed by Chinese for reasons Steve Babbage has already pointed out.
This seems to be missing the point. Or rather, making the opposite point: China is getting to impose its algorithm on every phone in the world. Why do they get this privilege? If every other country insists on a home-grown algorithm, will every LTE phone have to support 200 algorithms?
It seems like it would be better for an international organization like 3GPP to follow the pattern that the IETF has followed and make the core, mandatory algorithms universal, allowing for nation-specific algorithms as optional variants.
Your second paragraphs seems to be in conflict with the first one. A phone could allow for nation-specific algorithms? How many nation-specific algorithms must a LTE phone support then?
sgteo- Posts : 8
Join date : 2010-08-13
Re: History repeats itself
Before this whole Chinese algorithm thing came up, the plan for LTE was to have two algorithm sets supported in every phone and in nearly every network. A few networks might not support encryption because of national laws, but even then they would have to support the integrity algorithms.
The reason for having two algorithm sets is as "belt and braces". Although both algorithm sets are believed strong, having two gives you a fall-back if one of them is ever broken. They were deliberately designed to be different in nature, so that a cryptographic advance affecting one would be less likely to affect the other.
The requirement for the China-specific algorithm came to light later. I would have preferred China to use the same algorithms as everyone else, but 3GPP can't dictate policy to the Chinese government. 3GPP could have refused on principle to introduce a new algorithm set, but I don't think any customers would have benefited in practice.
It hasn't been decided yet whether the Chinese algorithm will be mandatory to support in either phones or networks. In practice I think it is unlikely to be used much outside China - even if other networks support it, they will probably use the other algorithms in practice just because they are earlier on the list. (Unless the other algorithms are ever broken, in which case the Chinese algorithm may become the preferred choice.)
The reason for having two algorithm sets is as "belt and braces". Although both algorithm sets are believed strong, having two gives you a fall-back if one of them is ever broken. They were deliberately designed to be different in nature, so that a cryptographic advance affecting one would be less likely to affect the other.
The requirement for the China-specific algorithm came to light later. I would have preferred China to use the same algorithms as everyone else, but 3GPP can't dictate policy to the Chinese government. 3GPP could have refused on principle to introduce a new algorithm set, but I don't think any customers would have benefited in practice.
A valid hypothetical question, but it's only hypothetical: no other country has shown any sign of wanting its own algorithm. On the contrary, everyone else seems to prefer the benefits of global standardisation, easy international roaming etc.If every other country insists on a home-grown algorithm, will every LTE phone have to support 200 algorithms?
It hasn't been decided yet whether the Chinese algorithm will be mandatory to support in either phones or networks. In practice I think it is unlikely to be used much outside China - even if other networks support it, they will probably use the other algorithms in practice just because they are earlier on the list. (Unless the other algorithms are ever broken, in which case the Chinese algorithm may become the preferred choice.)
Steve Babbage- Posts : 30
Join date : 2010-08-02
Irony
It is ironic that Saudi Arabia, India, and China, can get for the asking what the US Government still does not have. While my working assumption is that the NSA, but not the FBI, can read any message that it wants to, it cannot read every message that it would like to. Each message that it reads, it reads at the expense of others that it might like to read.
RIMM would do well to look at the "Lotus Compromise" under which the US licenses the export of Lotus Notes. A similar mechanism would enable legitimate law enforcement in a country to look at any specific traffic that originates or terminates in that country without compromising all traffic.
Privacy always yields to the awesome police power of the state. The state always over-reaches. It always abuses, misuses, and leaks what it learns.
RIMM would do well to look at the "Lotus Compromise" under which the US licenses the export of Lotus Notes. A similar mechanism would enable legitimate law enforcement in a country to look at any specific traffic that originates or terminates in that country without compromising all traffic.
Privacy always yields to the awesome police power of the state. The state always over-reaches. It always abuses, misuses, and leaks what it learns.
whmurray- Guest
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|