next up previous
Next: Technical and other errors Up: Other Credibility Problems Previous: Other Credibility Problems

Reasons for algorithm choice

At the June meeting, the BMA asked the IMG whether they had considered encryption algorithms such as SAFER, WAKE and Blowfish. They admitted looking at SAFER but had not heard of WAKE or Blowfish. This causes concern for a number of reasons:

In view of this, we were unable to accept the IMG claim that strong encryption algorithms were not available, which was their declared reason for recommending Red Pike. It was clear to us that the full range of candidate encryption algorithms had not been properly considered. We pointed this out, and also pointed out that triple DES has been in the public domain for years.

When this point was made, it was explained that the choice of algorithm had been constrained by UK export regulations. However, this explanation is not consistent with p 26 of the strategy which talks about the export prospects of products developed according to the strategy with no mention of the export controls issue; it also appears to clash with p 52 where export controls are claimed to be a disadvantage of hardware as opposed to software cryptography.

When we pointed out that UK medical software is not exported, due to Read coding and other features, it was explained that the choice had been constrained by US rather than UK export regulations; that US companies operating in the UK as NHS suppliers, such as AT&T, would not be allowed by the US state department to use available algorithms such as triple DES even in products created by its staff in the UK and sold only in the UK.

As the writer believed that this conflicted with the statement on p 44 where the availability of Red Pike to non-UK systems developers is stated to be require `more detailed discussions with CESG', he wrote to the minister responsible, Ian Taylor, suggesting that UK crypto policy is being dictated by US requirements. This was strongly denied [82]:

`for the record, I would like to stress that HMG Policy is not determined by US Government requirements. The desire to balance the needs of business for strong cryptography, with the requirements of law enforcement, has, and always will be, determined by the United Kingdom national interest.'

We therefore seek clarification of the following two points to determine whether what we believe is implied can be explained, or preferably refuted, with evidence and authority.

Firstly, as the IMG strategy states that 56 bit keys are inadequate for the NHS (p 55), and as 56 bit crypto is the maximum that US companies can export (even with escrow) we need to know how a supplier subject to US export controls could possibly comply with the strategy.

The implication could be drawn that some deal might be done between the British and American governments that would enable AT&T to sell products in the UK using a 64 bit algorithm provided that the algorithm was Red Pike. (This is not entirely clear; on p 57, the strategy states that `within the last 12 months, the position has changed. CESG has responded to the situation ... by developing an algorithm known as Red Pike.' One might infer that the action of CESG that remedied the alleged algorithm shortage was not the negotiation of a deal with the US government, but the creation of Red Pike.)

Secondly, we need to know why the UK government can prevail on the US government to give AT&T a dispensation for Red Pike, but could not also obtain a dispensation for the use of a public domain algorithm of US design such as triple-DES.

There are a number of other points of apparent confusion in the arguments that the strategy presents for the adoption of Red Pike:

It is also of interest that the US National Institute of Standards and Technology has initiated a process to find a replacement for DES, which will be called AES (the Advanced Encryption Standard) [63]. This will presumably become an international standard and have an adverse impact on the marketability and credibility of systems using Red Pike.

One further comment in the IMG strategy is revealing. On page 44, it states that further discussions with GCHQ would be needed about `the possibility of the NHS being allowed to use alternative algorithms' (our emphasis). We shall return later to this point.

next up previous
Next: Technical and other errors Up: Other Credibility Problems Previous: Other Credibility Problems

Ross Anderson
Mon Oct 6 12:47:34 BST 1997