30 Comments

You ask "My question is this: Shouldn’t the origin of SHA-256 upend a large part of the crypto narrative?" and say "So you trust the code not its author?".

For computer science/math types, your question is a guilt by association question. So it's not that nobody has noticed, but rather to the STEM mindset that question is silly.

Here's a thought example to illustrate. Suppose in an alternate reality, Adolf Hitler discovered the pythagorean theorem. That in a right triangle, the length of the sides are related by a^2 + b^2 = c^2. Now, you say all these people who use this math identity should be questioning their work because of the origin of that particular piece of math. Since that was from a bad bad bad person. It's Hitler math. It's a guilt by association claim. Or use an even simpler example, 2+2=4 was discovered by Hitler. So anyone who adds 2+2 should question that bad bad bad source of that bit of math.

Now, to you, SHA-256 seems exotic and complicated. And hard to believe. But to people who use this math in the real world, it's merely another 2+2=4 basic piece of every day math. The inventor of it does't mean the math is bad. Math is an identity. It has no moral valence. Of course you can use math in a bad way. But to people who use it, once that math is out in the world, it's just another tool in the toolkit, and the providence of it just doesn't matter.

Maybe it matters to you, because it is appears so complex and odd. But to people who use these tools, it's just another software math library call. So your question will get completely ignored by people who actually use these tools. Why? It will appear to them as a very weird claim they shouldn't add 2+2=4 because the historic originator of that math was someone they are supposed to hate.

Expand full comment
Feb 19, 2022·edited Feb 19, 2022

> Or is there an underlying sociology of professional expertise which means that Satoshi Nakamoto and his ilk trust their counterparts at the NSA and NIST because they are essentially part of the same expert community?

The cryptographic community doesn't trust standards like SHA because they were created by NIST or the NSA; they trust these standards because they have looked at it themselves and failed to break it in practice. Cryptographic algorithms like SHA are under constant scrutiny by the community of security researchers, both in academia and in industry, that look for ways to break their security.

More recent NIST standards like SHA-3 and AES (the U.S. standard for encryption) are the results of multi-round competitions with participants from all around the world. Both competitions ran for ~4 years, and candidate algorithms are examined both by NIST and by the wider community publishing papers and cryptanalysis results left and right. For the winning algorithms, the cryptographic community has had so much time to look at them that trust in either NIST or the NSA is not required, since any "funny business" would have probably revealed itself in the process.

As an aside, we do have one known instance of the NSA attempting to backdoor a cryptographic standard (Dual EC DRBG), and it went poorly: researchers almost immediately found the suspicious part of the standard, and nobody went out of their way to use it. The NSA had to bribe RSA Security to use it as a default in their software for the backdoor to actually be deployed somewhere promient and enabled by default. The NSA probably doesn't actively try to backdoor NIST standards anymore not because of some sense of alturism; it is just very difficult and probably leads to embarrassment further down the line when it gets found out.

Expand full comment

Very much to the point. Why do people trust cryptos could be the core philosophical point to be asked in the near future. My quick two cents are that people's trust in cryptos fundamentally derives from people's trust in the digital revolution and its promises of access, equality and sustainability, but I would love to read your take on the matter.

Expand full comment

History of science is replete with problems that were impossible to solve until they were not.

Expand full comment

You ask: “Shouldn’t the origin of SHA-256 upend a large part of the crypto narrative?” as if you wouldn’t know that any one of the crazy-ass stupidities done by Trump haven’t upended his election. That any one of his otherworldly idiocies haven’t upended his presidency. Or the mountain of brexiteer lies, Brexit. – Man, I think it would be high noon to wake up!

The crypto world is completely delusional. And it’s just one of the many symptoms of today’s society reveling in ignorance, because it has found companions globally and forgot shame.

Expand full comment

You are talking about the Kerckhoffs's principle. Auguste Kerckhoffs stated that one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them.

Expand full comment

Ngl this is one of the weaker post I read recently, still highly insightful :)

But saying crypto is weakened because NIST curves are used is silly. You only need to look at Ethereum's use of keccak256 and secp256k1 to see that there are other cryptographic and hashing algos that are not built by the "state"...

Additionally against, "It points to the unique computing resources and IT-expertise commanded by the state." crypto is in part pointing towards a different model of governance and the state. Just because some of the tech developments were made by the state doesn't mean they can't be used to build a different future. Else let's go back to feudalism...

Anyway my writing isn't as eloquent as that of AT so apologies to anyone who reads it :)

Expand full comment

I am neutral as regards Bitcoin and crypto, but if and to the extent that Bitcoin is suspect because its source code and/or founder are linked with the NSA, that to me begs the question why not build a cryptocoin that has neither of these attributes?

That seems to be an indictment of Bitcoin in particular but not crypto in general.

Expand full comment

Of course you have to trust something else. That's what Ivermectin is for.

Expand full comment

It's not just blockchain that is built on NSA-funded tools; this is also true for the entirety of the internet (which was originally bastion for an earlier generation of crypto-anarchists). Yasha Levine maps this out in his book "Surveillance Valley." https://medium.com/@willszal/the-military-history-of-the-internet-a-book-review-90446a5daa77

Expand full comment

yeah, stop writing public articles on topics you clearly don't understand at all... talk to some experts at least. pure drivel. SHA-256 it's still fine so far. eventually, like all hashes so far (md5, sha1) when cracks begin to show, another better hash will be phased in to replace it before it is too badly broken.

Expand full comment

Sorry, but you waved your hands over the most important piece of this story. Yes, if the SHA code were licensed from the NSA as a compiled library, the way we license Excel or Zoom or Chrome then we should worry about backdoors or other gotchas hiding in the code. But that is not how SHA works.

The algorithm and source code for SHA are published for all to see and analyze. Anyone is free to re-implement SHA however they please. This is how we have custom chips designed for hashing and code running on graphics cards.

It is possible that someday, some mathematician will find a flaw, or that some quantum computer algorithm will be able to brute force a solution in a day, but here in 2022 there is enough analysis of the SHA algorithm for us all to trust that there is no shortcut.

Having the NSA in the processing of picking this algorithm is no different than having NASA in the process of analyzing airplane wings or rocket engines. You don’t have to trust the government to produce those goods, but there is nothing sinister about expertise that happens to be organized into a government agency rather than a university or corporation. Especially when that expertise openly publishes its results for everyone to analyze.

Expand full comment

Actually, I had a similar intuition about it.

In fall 2013, I was wrapping up my degree in mathematics at the University of British Columbia, taking a course in number theory, which is the mathematics field that gives rise to this kind of technology. Since it was 2013, the professor, along with many other Canadian professors, had much to say about the Snowden revelations. One thing was that the NSA and British intelligence service had solved many cryptographic puzzles the world thought had not been solved, and the other was his speculation that Bitcoin was created by an intelligence service, given its technological basis in cryptography.

For these reasons, in addition to the fact that there seems to be a disconnect between how difficult number theory is and the number of crypto ‘experts’ there are out there, I have been deeply

skeptical of crypto-currency.

Expand full comment

Missing in the discussion is mention of the recent book by N Perlroth, "This is how they tell me the world ends' --a journalist covering cyber security for the New York Times, its an accessible account of a how code travels and to what effect.

Expand full comment

The private/public key encryption used in bitcoin is secp256k1 which was not made by the NSA.

SHA-256 meanwhile has been battle tested over long periods of time. Many coders are skeptical of what comes from the NSA and some encryption they’ve released has had backdoors. SHA-256 though has earned trust through the years of study and analysis of it.

In the programmer world, much like science or math, it doesn’t matter a things origins, what matters is the peer review. It actually is in the interest of the NSA to create unbreakable encryption, because any backdoor could be exploited by someone else.

Expand full comment

(Another software engineer here, not a particular expert on cryptography but I use hash functions routinely as part of my work, and have read about the history of my field)

I think your second hypothesis on "the unacknowledged spin-off of publicly-funded investment" is closer to the mark and indeed helps answer your first question as well.

The history of cryptography is a series of expansion of applications that surprised everyone involved. The earliest pioneers thought of themselves as doing number theory, the purest subfield of math and one of the least likely to have any applications. During the cold war, it became a field dominated by national-security institutions like the NSA, with a small number of publicly funded academics popularizing their work. During the dot-com boom it started to become primarily associated with doing business/banking on the Internet: but at the time SHA-2 was published in 2001, the deepest experts in the field still worked at institutions like the NSA, with Silicon Valley cryptographers being relative amateurs in comparison. So the pragmatic dot-coms were happy to make use of the NSA's superior work.

By 2008 when Satoshi wrote the whitepaper, cryptography had largely passed this liminal period and was now as a primarily commercial enterprise. The best new hash functions published in 2008 were mostly authored by private actors (with NIST playing an increasingly minor role as contest organizer). But Satoshi did not trust these because they were too new and unseasoned. He instead picked a slightly older hash function which had by then matured to very wide use. He trusted it because if there had been a problem, commercial users would have found it because they staked their businesses on it, or academics would've found it because they could've published a high-profile conference paper about it.

Expand full comment