NSA Suite A Cryptography: Security through obscurity?
My opinion (and I am a cryptographer -- I have a shiny diploma which says so) is that:
- We cannot speculate on unknown algorithms, because they are, well, unknown.
- NSA is like all secret services in the World, they really love secrecy and will practice it for the sake of it. So the fact that their algorithms are not published is in no way indicative of some particular strength or weakness of the said algorithms.
- It is entirely plausible that the unpublished algorithms are indeed distinct from publicly known algorithms such as AES or RSA.
- It is also entirely plausible that "Suite A" and "Suite B" are, in fact, identical. At some point, to use some algorithms, you must have implementations, and these things do not grow on trees. Having your own algorithms is thus expensive.
- If I were a US taxpayer, I would be slightly dismayed at the misuse of my tax money, if it turned out that NSA spent it on developing and maintaining custom algorithms instead of reusing perfectly fine ones like the AES.
- There most probably are some people with power to decide a lot of things in the NSA, who believe that not publishing algorithms increases their security. Such people exist everywhere. It does not make them right, though.
- There is no better security than "cannot break it", which is what we already have with (properly used) AES, RSA, DH, ECC... The NSA could know of faster algorithms which are as secure as the public ones; however, it would be hard to beat the performance of hardware-accelerated AES, unless they have their own CPU foundry.
The danger in security by obscurity is in believing that it works well. It may induce people to feel safe with homemade algorithms, because they would assume that the obscurity will hide the weaknesses of their algorithms. However, if you use good algorithms with published and well-studied protocols (i.e. AES, SSL...) then there is no harm done in not saying that you do.
An interesting data point here is the DES s-box constants. Wikipedia NSA Wikipedia DES
NSA recommended changes in the S-box constants to make DES resistant to differential analysis, which was unknown in the academic and commercial cryptography world at the time.
In that case, they were able to make that improvement in a way that was opaque to the users of the algorithm. It's possible that publishing the algorithms for secret crypto systems would reveal some other technique used to counter another attack that's not well-known outside their community yet.
I don't believe in security by obscurity in general, but in case of crypto it's actually worse, because it violates Kerckhoffs Principle
So is it better? Maybe. Is it different? Sure. Is it necessary to hide the algos? If your crypto was good to begin with, you would not need to hide the algorithms, just the keys.
On the other hand, you have the 'many eyeballs make all bugs shallow' idea. However, in case of crypto, there are not too many (well educated) eyeballs to actually point out bugs in crypto algos. So one possible explanation for the hiding would be that the NSA makes the bet that there is a higher chance of another (not friendly) nation state having more and/or better eyeballs, as opposed to the benefits of potential improvement coming from opening algos to the community. Or maybe it's not the probabilities of bug-finding, but the impact that finding a vulnerability would have on the information they use their Suite A to protect. Either way, we will not know, because they will Never Say Anything ;)