DES Key Size

Henry Corrigan-Gibbs filed this request with the National Security Agency of the United States of America.
Tracking #

103203

Est. Completion None
Status
Fix Required

Communications

From: Henry Corrigan-Gibbs

To Whom It May Concern:

This is a request under the Freedom of Information Act. I hereby request the following records:

I request access to and copies of all information pertaining to the NSA's attempt in the 1970s to convince IBM to shorten the key size of the Data Encryption Standard (DES) to 48 bits from the original 64 bits.

A. BACKGROUND
The key size issue is raised in a document released in a prior FOIA request (requested by Mr. John L. Young, FOIA Case: 60251, Release dated: 18 December 2009). The citation for the document describing the key size issue is:
American Cryptology during the Cold War, 1945-1989
Book III: Retrenchment and Reform, 1972-1980
Series VI, Volume 5, Book III
One version of this document is published at:
https://www.nsa.gov/news-features/declassified-documents/cryptologic-histories/assets/files/cold_war_iii.pdf
A version with different redactions is published in the Stanford Archives:
https://stacks.stanford.edu/file/druid:wg115cn5068/nsa-meyer.pdf
In a discussion about the design of DES, the document (page 232 in the original) states:
"Narrowing the encryption problem to a single, influential algorithm might drive out competitors,
and that would reduce the field that NSA had to be concerned about. NSA worked closely with IBM
to strengthen the algorithm against all except brute force attacks and to strengthen substitution
tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key
from 64 to 48 bits. Ultimately, they compromised on a 56-bit key."
I am requesting any and all records relevant to the NSA's efforts to convince IBM to reduce the key length of the DES cipher.

B. FEE WAIVER
Please waive any and all applicable fees. Per 32 C.F.R. 286.28(d), “furnishing the information is likely to contribute significantly to public understanding of the operations or activities of the Department of Defense and is not primarily in the commercial interest of the requester.”
Disclosure of the requested information is in the public interest. This request will further public understanding of government conduct as it relates to the development and standardization of cryptographic algorithms for use by the public at large. American citizens and businesses rely on cryptographic algorithms developed by the U.S. government (such as DES—the subject of this FOIA request) to maintain the integrity and confidentiality of their communications. and thus these government activities implicate basic privacy and associational rights protected by the Constitution.

Moreover, disclosure of the requested information will aid the public understanding of future cryptographic standardization efforts by the U.S. government (e.g., updates to the “Suite B” cryptographic algorithms). Government agencies that have the dual goals of collecting signals intelligence on foreign targets and of safeguarding domestic computer systems face a conflict of interest when it comes to designing cryptographic standards: publishing strong cryptographic algorithms could make the task of intelligence collection more difficult, while publishing deliberately weakened algorithms could render the task of safeguarding domestic systems more difficult. It is in the public benefit to understand how the Department of Defense has grappled with this tension in the past, as the same tension exists today.

The records requested are not sought for commercial use, and I plan to disseminate the information disclosed as a result of this FOIA request to the public at no cost.

In the event that my fee waiver request under 32 C.F.R. 286.28(d) is denied, as I am a member of an educational institution, please waive all fees except duplication charges in excess of 100 pages, per 32 C.F.R. 286.28(e)(ii)(B).

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.

Sincerely,

Henry Corrigan-Gibbs

From:

An acknowledgement letter, stating the request is being processed.

From:

Greetings Henry Corrigan-Gibbs,

This further responds to your Freedom of Information Act (FOIA) request of 23 December 2017 for, "copies of all information pertaining to the NSA's attempt in the 1970's to convince IBM to shorten the key size of the Data Encryption Standard (DES) to 48 bits from the original 64 bits." Your request has recently been assigned for processing from our initial backlog. Before we continue processing your request, we want to establish your continued interest.

Please advise this office within 30 days of the date of this email of your continued interest. You may advise us by facsimile at 443-479-3612, in writing to National Security Agency, ATTN: FOIA Office (P132), 9800 Savage Road STE 6932, Ft. George G. Meade, MD 20755-6932, or via email at FOIARSC@nsa.gov. In any instance, please reference the Case Number 82062. If no response is received by the end of the 30 days, we will assume that you are no longer interested in pursuing the request, and we will administratively close your case with no further processing.

Thank you,

FOIA Customer Representative

Files

pages

Close