Independent panel urges NIST to develop internal cryptography expertise

A group of outside experts recommend the National Institute of Standards and Technology hire more cryptographers and lessen its reliance on the National Security Agency for approving cryptographic algorithms, according to a report released Monday.

The report is the work of the Visiting Committee on Advanced Technology, NIST’s primary external advisory board convened last year to review the agency’s cryptographic standards development process.The VCAT, as it is known, convened a committee of visitors from academia and the private sector in May to help with the report.

NIST has been criticized harshly in the aftermath of leaks by former NSA contractor Edward Snowden that showed the standards-setting agency approved a random number generator, known as Dual EC_DRBG, that had been deliberately weakened by NSA. Because it did not have enough cryptography experts on staff, NIST was overly-reliant on NSA for expert advice on the standard and failed to notice problems even as private sector researchers were raising concerns, the report concluded.

“In order to be better positioned to exercise independent judgment on critical technical questions regarding cryptographic and security standards, NIST should strive to increase the number of technical staff with such expertise,” the report states. The group of experts, led by the likes of Vint Cerf of Google and Princeton computer science professor Edward Felten, also recommended that NIST expand its efforts to seek input from experts in academia and the private sector.


“NIST may seek the advice of the NSA on cryptographic matters but it must be in a position to assess it and reject it when warranted,” the report states, recommending that senior NIST officials review “the current requirement for interaction with the NSA and requests changes where it hinders its ability to independently develop the best cryptographic standards to serve not only the United States Government but the broader community.”

The report comes one week after a group of privacy advocates called for NSA to be stripped of its information assurance mission and for Congress to pass legislation that would make it impossible for NSA to covertly influence commercial product design or NIST standards development.

“NIST is a body that needs to rebuild its credibility,” Danielle Kehl, a policy analyst at New America Foundation’s Open Technology Institute, said during an event July 7.  “They claim they didn’t know what was happening in 2006 when this compromised standard was issued. They’re facing a trust deficit right now.”

The allegation that NSA had deliberately undermined Dual EC_DRBG calls into question all cryptographic standards developed by NIST, according to the report.

“The reconstruction of events showed that the issues with the DRBG had been identified several times – formally and informally – during the standards development process, and that they had been discussed and addressed at the time,” the report states. “NIST now concludes, however, that the steps taken to address the issues were less effective than they should have been, and that the team failed to take actions that, in the light of hindsight, clearly should have been taken. The root causes of the failure were identified as trust in the technical expertise provided by NSA, excessive reliance on an insular community that was somewhat impervious to external feedback, group dynamics within the standards development team, and informal record keeping over the course of a multi-year development process.”


In a June 6 assessment attached to the report, Felten said NSA’s signals intelligence mission gives the agency “an undeniable incentive to influence standards in ways that allow NSA to defeat the standards’ security.” As a result, although NIST is required by law to consult with NSA on security standards, Felten recommended NIST keep its distance from NSA.

“NIST should be very careful in its interactions with NSA regarding standards,” Felten said. “NIST should draw on NSA’s expertise, but NIST must not defer to NSA on security-relevant decisions. NIST itself, and the cryptographic  community that looks to NIST’s standards, must be able to conclude confidently that NSA did not have any opportunity to undermine any NIST standard.”

Latest Podcasts