RSA Laboratories

1.6 What is the role of the United States government in cryptography?

The U.S. government plays many roles in cryptography, ranging from use to export control to standardization efforts to the development of new cryptosystems. Recently the government has taken an even bigger interest in cryptography due to its ever-increasing use outside of the military.

One obvious reason the U.S. government is interested in cryptography stems from the crucial role of secure communication during wartime. Because the enemy may have access to the communication medium, messages must be encrypted. With certain cryptosystems, the receiver can determine whether or not the message was tampered with during transmission, and whether the message really came from who claims to have sent it.

In the past, the government has not only used cryptography itself, but has cracked other country's codes as well. A notable example of this occurred in 1940 when a group of Navy cryptanalysts, led by William F. Friedman, succeeded in breaking the Japanese diplomatic cipher known as Purple.

In 1952, the U.S. government established The National Security Agency (NSA; see Question 6.2.2), whose job is to handle military and government data security as well as gather information about other countries' communications. Also established was The National Institute of Standards and Technology (NIST; see Question 6.2.1), which plays a major role in developing cryptography standards.

During the 1970's, IBM and the U.S. Department of Commerce - more precisely NIST (then known as NBS) - developed along with NSA the Data Encryption Standard (DES; see Section 3.2). This algorithm has been a standard since 1977, with reviews leading to renewals every few years. The general consensus is that DES is no longer strong enough for today's encryption needs. Therefore, NIST is currently working on a new standard, the Advanced Encryption Standard (AES; see Section 3.3), to replace DES. In the intermediate stage, triple-DES (see Question 3.2.6) is the encryption standard. It is expected that AES will remain a standard well into the 21st century.

Currently there are no restrictions on the use or strength of domestic encryption (encryption where the sender and recipient are in the U.S.). However, the government regulates the export of cryptography from the U.S. by setting restrictions (see Section 6.4) on how strong such encryption may be. Cryptographic exports are controlled under the Export Administration Regulations (EAR), and their treatment varies according to several factors including destinations, customers, and the strength and usage of the cryptography involved. In January 2000, the restrictions were significantly relaxed; today, any cryptographic product can be exported to non-governmental end-users outside embargoed destinations (states supporting terrorism) without a license.

Top of the page