SIMON and SPECK made public in 2013; critics fear backdoors.

The NSA (US National Security Agency) has responded with disappointment to widespread reports that the ISO (International Organisation for Standardisation) has rejected its ciphers “Simon and Speck” as international cryptographic standards.

NSA Capabilities Technical Director, Neal Ziring said in a statement emailed to Computer Business Review: “Both Simon and Speck were subjected to several years of detailed cryptanalytic analysis within NSA, and have been subject to academic analysis by researchers worldwide since 2014. They are good block ciphers with solid security and excellent power and space characteristics.”

He added: “NSA devotes our decades of cryptologic experience towards breaking codes for foreign intelligence and making codes to secure US National Security Systems (NSS) — offering strong algorithms for consideration as international standards is often the best way to ensure that such algorithms are implemented in products on which national security depends. That was the basis for submitting Simon and Speck to ISO.”

ISO Keeps Schtum

The Geneva-headquartered ISO did not respond to multiple requests for comment from Computer Business Review, left by email and voicemail with its press team.

The story, initially broken by the WikiTribune’s Jack Barton, said ISO delegates had reported the NSA “refused to provide the standard level of technical information to proceed”, without specifying what was withheld.

SIMON and SPECK were made public by the NSA in 2013 and are optimised for low-cost processors like Internet of Things (IoT) devices.

Critics have warned that the NSA has a track record of trying to install backdoors into security tools, including forms of encryption. Cryptography expert Bruce Schneier, currently Chief Technology Officer of IBM Resilient, wrote on his blog.

“The risk of using NSA-designed ciphers, of course, is that they include NSA-designed backdoors. Personally, I doubt that they’re backdoored. And I always like seeing NSA-designed cryptography (particularly its key schedules). It’s like examining alien technology.”

Cryptography expert Nikos Komninos, a lecturer in Cyber Security in the Department of Computer Science at City University, told Computer Business Review: “Unfortunately the NSA is lacking good reputation in academia. It’s not very long ago when AES was selected and the “optimised code” provided by the NSA had side channel flaws. Likewise, when the NSA proposed SHA-1 as a replacement of SHA then again there were security weaknesses. Bottom line is that in most cases, the NSA has pushed for adoptions/standards in which security vulnerabilities were found very soon after…”

Dr Tomer Ashur, who was representing the Belgian delegation at the ISo meeting, said on Twitter: “I worked very hard for this in the last year and a half. Now I can finally tell my story. I am being asked why we objected to Simon & Speck but are seemingly fine with Russian & Chinese algorithms. There’s a long discussion to have here but one reason is this: the NSA’s behavior was outrageously adversarial to the process. They refused to motivate design choices they made such as the choice of matrices U, V, and W in Simon’s key schedule. Instead, they chose to personally attack some of the experts (including @ hashbreaker, Orr Dunkelman and myself) as incompetent.

He added: “Being international in nature, ISO’s decision making process is about building consensus. NSA’s aggressive behavior together with half-truths and full lies they provided us with discouraged such consensus which brought us to where we are today. This is yet another example as to how the NSA’s surveillance program is bad for global security. If they had been more trustworthy, or at least more cooperative, different alliances would have probably been formed. But instead, they chose to try to bully their way into the standards which almost worked but eventually backfired.”

He concluded: “On a personal note: spying agencies have no place in civilian standardization. If you can’t motivate your decisions, we can’t trust you. The Russians and Chinese seem to understand that and are much more cooperative in addressing concerns.”