Mok-Kong Shen
2014-06-15 08:35:05 UTC
Recently I was asked by some acquaintances about the potential security
risks of digital signatures. The following is a sketch of what I
answered with my very humble knowledge. Hopefully experts in this group
would (eventually strongly) correct and augment my argumentation.
A. From the theoretical side (concerning math):
(1) There are assumptions in the underlying mathematical foundations
which till the present cannot yet be proved in the absolute exact
sense. These are hence liable to turn out to be false at any time in
the future. Example: Recently Lenstra et al. showed that the method of
discrete logarithms can be very much easier attacked than hitherto
commonly assumed.
(http://actu.epfl.ch/news/epfl-researchers-crack-unassailable-encryption-alg/).
(2) All methods have parameters which should be chosen to lie in
certain numerical ranges such that they may properly function as
desired. The determination of such ranges is apparently by necessity an
issue of more or less arbitrariness, whence the actual security
obtained in any given concrete case is not entirely unquestionable.
(3) Owing to the frequently very advanced math involved, high expertise
is required to be able to verify the correctness of the details. This
entails the risk that under circumstances the number of practically
available capable experts is insufficient to guarantee a neutral (the
opposite of biased/manipulated) examination and evaluation. Example:
The so-called "dual elliptic curve" is reported to contain a backdoor.
(http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331)
(The issue led to a revision of the procedure of processing
cryptological standards of the US national standradization body NIST
(http://fcw.com/articles/2014/02/25/nist-guidance.aspx)).
B. From the practical side (concerning software and CAs):
(1) In case within the entire processing of a digital signature there
is one single non-open-source (proprietary, blackbox) software
component, the risk of potential manipulations (due to possible
disloyality/dissatisfaction of employees of software firms, pressures
from authorities, hacking, etc.) is evidently already impossible to be
excluded.
(2) Also open-source software can contain grave errors, which due to
lack of persons in the public having interest, time and appropriate
knowledge to thoroughly examine them could remain undetected for a long
time. Example: the Heartbleed Bug of OpenSSL.
(https://www.schneier.com/crypto-gram-1404.html).
(3) CAs are organisations of humans and humans could not only commit
errors and mistakes but also be subjected to bribery, extortion,
ideological and other ways of influences. In any digital signature
processing there are in general a number of CAs involved which could be
located inland or overseas (thus beyond normal judicial reaches). How
well one could trust the results of a cooperation of such a group of
organisations (of which one as a rule knows nothing at all) is
apparently a large question mark from the very beginning.
M. K. Shen
-----------------------------------------------
P.S. It may be valuable in safeguarding one's privacy to constantly
keep in mind of the presence of certain quasi-omnipotent secret
agencies of the world, as has been convincingly revealed by Edward
Snowden (see G. Greenwald. No Place to Hide, New York, 2014).
This note is also available at:
http://s13.zetaboards.com/Crypto/topic/7204526/1/, where some other
crypto relevant publications of mine may also be found.
risks of digital signatures. The following is a sketch of what I
answered with my very humble knowledge. Hopefully experts in this group
would (eventually strongly) correct and augment my argumentation.
A. From the theoretical side (concerning math):
(1) There are assumptions in the underlying mathematical foundations
which till the present cannot yet be proved in the absolute exact
sense. These are hence liable to turn out to be false at any time in
the future. Example: Recently Lenstra et al. showed that the method of
discrete logarithms can be very much easier attacked than hitherto
commonly assumed.
(http://actu.epfl.ch/news/epfl-researchers-crack-unassailable-encryption-alg/).
(2) All methods have parameters which should be chosen to lie in
certain numerical ranges such that they may properly function as
desired. The determination of such ranges is apparently by necessity an
issue of more or less arbitrariness, whence the actual security
obtained in any given concrete case is not entirely unquestionable.
(3) Owing to the frequently very advanced math involved, high expertise
is required to be able to verify the correctness of the details. This
entails the risk that under circumstances the number of practically
available capable experts is insufficient to guarantee a neutral (the
opposite of biased/manipulated) examination and evaluation. Example:
The so-called "dual elliptic curve" is reported to contain a backdoor.
(http://www.reuters.com/article/2014/03/31/us-usa-security-nsa-rsa-idUSBREA2U0TY20140331)
(The issue led to a revision of the procedure of processing
cryptological standards of the US national standradization body NIST
(http://fcw.com/articles/2014/02/25/nist-guidance.aspx)).
B. From the practical side (concerning software and CAs):
(1) In case within the entire processing of a digital signature there
is one single non-open-source (proprietary, blackbox) software
component, the risk of potential manipulations (due to possible
disloyality/dissatisfaction of employees of software firms, pressures
from authorities, hacking, etc.) is evidently already impossible to be
excluded.
(2) Also open-source software can contain grave errors, which due to
lack of persons in the public having interest, time and appropriate
knowledge to thoroughly examine them could remain undetected for a long
time. Example: the Heartbleed Bug of OpenSSL.
(https://www.schneier.com/crypto-gram-1404.html).
(3) CAs are organisations of humans and humans could not only commit
errors and mistakes but also be subjected to bribery, extortion,
ideological and other ways of influences. In any digital signature
processing there are in general a number of CAs involved which could be
located inland or overseas (thus beyond normal judicial reaches). How
well one could trust the results of a cooperation of such a group of
organisations (of which one as a rule knows nothing at all) is
apparently a large question mark from the very beginning.
M. K. Shen
-----------------------------------------------
P.S. It may be valuable in safeguarding one's privacy to constantly
keep in mind of the presence of certain quasi-omnipotent secret
agencies of the world, as has been convincingly revealed by Edward
Snowden (see G. Greenwald. No Place to Hide, New York, 2014).
This note is also available at:
http://s13.zetaboards.com/Crypto/topic/7204526/1/, where some other
crypto relevant publications of mine may also be found.