1 June 1997: Link to SCI NDA.
31 May 1997: Link to Payne's 1992 Data
Authenticator paper (98K).
29 May 1997: Link to Payne letter to
Secretary of Energy Pena.
16 May 1997: Link to Payne's RSA
papers.
13 May 1997: Add Attachment 2 documents. See
Public Key Break paper.
4 April 1997
Source: William H. Payne
Monday March 24, 1997 17:57
Certified - return receipt requested
Marilyn Hall Patel
District Judge; California, Northern
450 Golden Gate Avenue
San Francisco. CA 94102
Dear Judge Patel:
Purpose of this letter is to file a criminal complaint affidavit
against Sandia National Laboratories [Sandia] Director of
Diversity Leadership Michael G. Robles for violation of the
criminal penalties section of the Privacy Act, 5 USC 552a(i)(1).
Rule 3 of the Federal Rules of Criminal Procedure, entitled the
Complaint provides:
The complaint is a written statement of the essential
facts constituting the offense charged. It shall be made
upon oath before a magistrate.
As you may be aware,
An individual may "make a written complaint on oath before
an examining and committing magistrate, and obtain a warrant
of arrest." This is in conformity with the Federal
Constitution, and "consonant with the principles of natural
justice and personal liberty found in the common law."
[United States v Kilpatrick (1883, DC NC) 16G 765, 769]
You may also be aware,
A complaint though quite general in terms is valid if it
sufficiently apprises the defendant of the nature of the
offense with which he is charged.
[United States v Wood (1927, DC Tex) 26F2d 908, 910, affd
(CA5 Tex) 26 F2d 912.
And for your edification,
The commission of a crime must be shown by facts positively
stated. The oath or affirmation required is of facts and
not opinions or conclusion.
[United States ex rel. King v Gokey (1929, DC NY) 32 F2d
793, 794]
The complaint must be accompanied by an oath.
[Re Rules of Court (1877, CC Ga) 3 Woods 502, F Cas No
12126]
1
A complaint must be sworn to before a commissioner or other
officer empowered to commit persons charged with offenses
against the United States.
[United States v Bierley ( 1971, WD Pa) 331 F Supp 1182]
Such office is now called a magistrate.
A complaint is ordinarily made by an investigating officer
or agent, and where private citizens seek warrants of
arrest, the practice recommended by the Judicial Conference
of the United States is to refer the complaint to the United
States Attorney. However, further reference to him is
rendered futile where a mandamus proceeding is brought to
compel him to prosecute and he opposes the proceeding.
[Pugach v Klein (1961, SD NY) 193 F Supp 630, citing Manual
for United States Commissioners 5 (1948)]
Any attempt to bring criminal complaints to government authorities
would, of course, be futile.
I am a citizen of the United States and you are the assigned
magistrate.
In order to satisfy the requirement of the Constitution
and Rules 3 and 4, a written and sworn complaint should set
forth the essential facts constituting the offense charged
and also facts showing that the offense was committed and
that the defendant committed it.
And,
As to the requirement that the complaint be made on personal
knowledge of the complainant, it is enough for the issuance
of a warrant that a complainant shows it to be on the
knowledge of the complainant.
[Giordenello v United States (1958) 357 US 480, 2 L Ed. 2d
1503, 78 S Ct 1245, rev. (Ca5 Tx) 241 F2d 575, 579 in accord
Rice v Ames (1901) 180 US 371, 45 L Ed 577, 21 S ct 406, and
United States v Walker, (1952, CA2 NY) 197 F 2d 287, 289,
cert den 344 US 877. 97 L Ed 679. 73 S Ct 172]
So as to keep contiguous the requirements of the law and the criminal
complaint affidavits, I will include this complaint in this letter
to you.
CRIMINAL COMPLAINT AFFIDAVIT: Michael G. Robles
Essential material facts are:
1 Saturday March 22, 1997 Sandia employee Richard W. Gallegos
2
[Gallegos] delivered a copy of enclosed April 15, 1994 letter
addressed to Charles L Burtner [Burtner], Director, U.S. Equal
Employment Opportunity Commission [EEOC], Phoenix District Office,
signed by Michael G. Robles [Robles] which Gallegos received
from an EEOC request.
2 Letter to Burtner states,
Attachment 1 contains copies of documents showing discipline/
discharge of employee #01981.
3 Attachment 1 includes Termination of Employment letter dated
July 27, 1992 to: E #1981. This letter is signed by W. H. Payne.
4 Three page DISCIPLINARY REVIEW COMMITTEE MINUTES, July 16,
1992, Case E #0981 is included in Attachment 1.
5 5 USC 552(b) states,
CONDITIONS OF DISCLOSURE - No agency shall disclose any
record which is contain in a systems of records by any means
of communications to any person, or to another agency, except
pursuant to a written request by, or with the prior written
consent of, the individual to who the record pertains, ...
6 Payne did not see the enclosed April 15, 1994 letter and
Attachment 1 until March 22, 1997. And Payne never was requested
nor did Payne ever issue any written consent for the release of any
documents by Sandia.
7 CRIMINAL PENALTIES. - Any officer or employee of an agency,
who by virtue of his employment or official position, has
possession of, or access to, agency records which contain
individually identifiable information the disclosure of which
is prohibited by this section or by rules or regulations
established thereunder, and who knowing that disclosure of
the specific material is so prohibited, willfully discloses
of the specific material is so prohibited, willfully
disclosed the material in any manner to any person or agency
not entitled to receive it, shall be guilty of a misdemeanor
and fined not more than $5,000.
COUNT 1
8 Robles disclosed protected April 15, 1994 letter and
Attachment 1 to Burtner without the consent of Payne.
3
Robles has violated 5 USC 552a(i)(1).
VERIFICATION
Under penalty of perjury as provided by law, the
undersigned certifies pursuant to 28 USC section 1746
that material factual statements set forth in this
criminal complaint are true and correct, except as to
any matters therein stated to be information and belief
of such matters the undersigned certifies as aforesaid
that the undersigned verily believes the same to be true.
3/24/97 [Signature]
Date William H. Payne
13015 Calle de Sandias NE
Albuquerque, NM 87111
505-292-7037
So, judge Patel, I believe that I have complied with all
applicable Rules of Criminal Procedure to have you issue the
warrant of arrest for Robles.
If I have not complied with all applicable rules, then I ask
that you inform me of any non-compliance so that I can correct
my criminal complaint and re-submit it.
I satisfied the requirement of the Constitution and Rules 3 and
4, Rules of Criminal Procedure, and issued written and sworn
complaint that set forth the essential facts constituting the
offense charged against Robles.
I also showed facts showing that the offense was committed by
Robles.
So I ask that you do your job and proceed with supervision of
the arrest of Robles as required by the Federal Rules of Criminal
Procedure.
I expect you to supply me with a copy of the warrant of arrest
you issue for Robles.
This matter deals with cryptography, a subject on which you
recently ruled, and is the subject of a current Freedom on
Information Act lawsuit.
This lawsuit attracts international attention because it results
from an uncovered spy sting involving cryptography.
The news service, NYA, has posted, on Internet at jya.com, click
cryptome, the Baltimore Sun article on how Iran was stung by NSA
in the file,
nsa-sun.htm NSA and Crypto AG, March 8, 1997
4
Also, the lawsuit and final appeal letter to NSA Minihan were
posted in files.
nsasuit2.txt NSA Sued by Cryptographer 2, Rev.
March 8, 1997
nsasuit.txt NSA Sued by Cryptographer 1, Rev.
March 8, 1997
along with what happened to Payne for refusing to do NSA work
and illegal work for the FBI.
whpl.htm Cryptographer William H. Payne,
March 8, 1997
Also Payne's final appeal letter to FBI director Louis Freeh
was also posted,
whp2.htm Cryptographer Payne Slams the FBI,
March 14, 1997
Materials for this criminal complaint affidavit were taken from,
A CITIZEN'S GUIDE ON USING THE FREEDOM OF INFORMATION
ACT AND THE PRIVACY ACT OF 1974 TO REQUEST GOVERNMENT
RECORDS; FIRST REPORT By The COMMITTEE ON GOVERNMENT
OPERATIONS, May 24, 1993.
Page 2 of this document quotes,
A popular Government without popular information
or the means of acquiring it, is but a Prologue to a
Farce or a Tragedy or perhaps both. Knowledge will
forever govern ignorance, and a people who mean to be
their own Governors, must arm themselves with the
power knowledge gives. - JAMES MADISON
Therefore, this criminal complaint affidavit is posted on Internet.
Sincerely,
[Signature]
William H. Payne
13015 Calle de Sandias NE
Albuquerque, NM 87111
5
Sandia National Laboratories
P.O. Box 5800
Albuquerque, New Mexico 87185-1088
Managed and Operated by Sandia Corporation
a subsidiary of Martin marietta Corporation
Michael G. Robles
Director
Diversity Leadership Center
April 15, 1994
Mr. Charles Burtner, Director
U. S. Equal Employment Opportunity Commission
Phoenix District Office
4520 N. Central Ave., Suite 300
Phoenix, AZ 85012-1848
Attn: Ms. Mary Ann Cantor, Supervisor
Re: Richard W. Gallegos, Charge No. 351-94-0138
Enclosed please find the additional information you requested with regard to the above referenced EEOC charge in a letter from the Phoenix District EEOC office dated April 2, 1994, and received by this office April 11, 1994.
REQUESTED INFORMATION
1. Any documents showing the ages of Mr. Hilgartner, and those individuals receiving disciplinary action (#14429, #01981, #21715).
SANDIA RESPONSEFollowing is a list of the individuals referenced above including their ages:
Individual/Employee # Age
Mr. Hilgartner 61
#14429 56
#01981 56
#21715 44
2. Provide a copy of any documents showing discipline/discharge of those individuals identified in No. 1 above.
SANDIA RESPONSEPlease refer to Sandia's response dated March 30. 1994, Exhibit 7, for a copy of Mr. Hilgartner's disciplinary documentation.
Attachment 1 contains copies of documents showing discipline/discharge of employee #01981.
Attachment 2 contains copies of the Disciplinary Review Committee's recommended disciplinary action for employees #14429 and #21715 that
[1]
Exceptional Service in the National Interest
Richard Gallegos vs. Sandia [Nation]al Laboratories EEOC# 351-94 0138 4/15/94
2
management later implemented. Our files reveal that the memorandums recording the disciplinary action are no longer available.
If you have any questions regarding the information provided in this response, please contact Linda Vigil Lopez at (505) 844-4262.
Sincerely,
[Signature of Michael G. Robles by LVL]
Attachment 1
UCAI
Sandia National Laboratories
Albuquerque, New Mexico 87185
date: July 27,1992
to: E#01981 [note: this number is handwritten in all cases of the attachments],5911
from: [Initials CAS] C. A. Searls, 5911
subject: Termination of Employment
This is to advise you that effective July 27, 1992, you will be terminated from Sandia National Laboratories. This action is the result of your flagrant attack on a valued Sandia customer and repeated insensitivity to security/classification requirements. These acts violate Sandia National Laboratories Code of Conduct, specifically the Personal Conduct section, Sandia's Corporate and Personal Standards section, and the Safeguarding Information and Records section.
If you have any questions regarding your benefits status, please contact Doris Mason, Health Planning and Administration Department, 7543, at 845-9702.
I have read this document:
[W. H. Payne signature 7/27/92]
E#01981 Date
CAS:5911:pn
Copy to:
5000A H. Brewster
5900 C. W. Childers
7531 A. M. Torneby
5911 C. A. Searls
UCAI
DISCIPLINARY REVIEW COMMITTEE MINUTES
July 16, 1992
Attending:
Voting Members: Non-Voting and/or Advisory: G. H. Libman, 250 R. A. Poloncasz, 611 D. B. Davis, 2732 M. E. Courtney, 5000 W. R. Geer, 7161 C. A. Searls, 5911 J. D. Giachino, 7401 R. L. Ewing, 5914 A. M. Torneby, 7531 R B. Craner, 7180 C. W. Childers, 5900 E. Dunckel, 7531 D. S. Miyoshi, 9500 J. J. McAuliffe, 7560
Case: E# 01981 E.No.: 01981 Org: 5911 Position SMTS
Issues: Flagrant attack against a valued Sandia customer; repeated insensitivity to Security/classification requirements including divulging sensitive information to a foreign national, and violations of the Code of Conduct.
On July 8, 1992, the Disciplinary Review Committee (DRC) met regarding this case. At that time, the DRC agreed on a conditional recommendation pending the receipt of further information. The additional information has subsequently been furnished, and therefore, the DRC was reconvened today.
E# 01981 works in the Systems Research Center at Sandia This Center is involved in some extremely sensitive (Classified) initiatives for which extremely high security must be maintained. In addition, the work is being funded by customers who are also considered sensitive, some of whom do not want their association with Sandia to be divulged. In some instances, there are special agreements with the sponsoring agency regarding dissemination of information or procedures which must be followed. The Sandia employees who work in this Center have special accesses and much of the information is compartmentalized.
On June 15, 1992, E# 01981, wrote a letter to a foreign national residing in a foreign country. Attached to this letter was a copy of three reports E# 01981 had written while employed by SNL. One of the reports, a SAND document, was marked "For Official Use Only", and the other two documents were unmarked but contained sensitive information. As the result of an agreement between Sandia and a sponsoring agency, all work pertaining to activities within the control of this sponsor will be protected as classified until the sponsor specifically authorizes the release of the information and, as such, without a determined need-to-know, would never be released to a foreign national.
The cover letter that accompanied these reports contained some inflammatory and derogatory comments about the particular sponsoring agency. The agency, which does not openly divulge its association with Sandia unless there is a need-to-know, is specifically named in the letter. Sandia works closely with this agency and it is considered by all levels of Sandia management to be a valued customer. E# 01981 gave a copy of this letter to a representative of this agency who is located on-site at SNL. In doing so, he placed the relationship between SNL and this agency in jeopardy.
The cover letter also included a statement in which E# 01981 notes that he would prefer to present his technical proposals on this sensitive work directly to the foreign national's government rather than to the government of the United States.
The representative of the sponsoring agency brought his copy of the letter to the attention of Jim Gosler, 5931, who then notified Craig Searls, 5911; E# 01981's manager, and C. W. Childers, Director, 5900. Subsequently, various meetings were held to determine the rationale behind E# 01981's actions.
[1]
During these meetings, E# 01981 claimed that he had the authority to release the sensitive information since he had checked with Sandia Classification regarding release of the SAND document, had authored the other two reports, and had done the work on his own time. However in contradiction to this claim, all three documents had a "Sandia National Laboratories" banner on them. In addition, E# 01981 utilized the Sandia mail system to send out the letter and reports rather than providing his own stamps.
The reports are clearly Sandia property and are therefore subject to the standard security regulations governing the release of sensitive information to outside agencies. In addition, SLI 1008 states: "Organizations working on reimbursable programs follow the distribution and marking requirements specified by the reimbursing agency. In addition to the standard approvals, approval of the DOE program manager is required before information relating to that program can be released." The release of these reports required approval of the valued reimbursing customer and Sandia management.
Due to the sensitive nature of the work which is done in this Center, E# 01981's organization/Center also has a policy governing the release of unclassified material to outside agencies. The policy requires that all such material should be reviewed by management prior to its release. The level of review is dependent on whether the information is classified or unclassified. E# 01981 claims that he was not aware of this policy.
In addition, it is a requirement, as set forth in DCID-1/14, for employees involved in all special access programs that they report all contacts/meetings with foreign nationals, not just foreign nationals from sensitive countries. At the special access in-brief, conducted by the Center Security staff, E# 01981's responsibilities regarding the protection of information and the requirements for continued special access, including the necessity for reporting contacts with foreign nationals, were detailed. His signature on Form 4414 SCI Non-disclosure Agreement (NdA) which details the requirements for protection of information is a demonstration of this presence at that briefing. However, E# 01981 has recently stated that he was unaware of this policy.
It should be noted that E# 01981, due to the type of work he is performing at the Center, has a number of special accesses. The Center itself has additional security regulations and procedures, including limited physical access by other Sandians. Working in a special access environment should have made E# 01981 very cognizant of the need for additional care and caution in his interactions with others.
Sandia's Code of Conduct, Personal Conduct, specifically states "we should conduct ourselves, both on and off the job, in a manner consistent with the national interest and the reasonable expectations of fellow employees and our customers." "Holding a Department of Energy granted security clearance and maintaining the confidence entrusted by Sandia are requirements for continued employment. Maintaining a security clearance and Sandia's trust require that employees follow high standards of personal integrity and reliability. All employees must conduct themselves, both on the job and off the job, in such a way that their reliability is not compromised. Furthermore, employee conduct must not endanger or harm the company's reputation or mission."
Under Sandia's Code of Conduct, Sandia's Corporate & Personal Standards, it states "we will deliver goods and services that meet commitments made to sponsors, and that maintain and promote the customer's confidence in us. Improprieties will not be tolerated". The Code of Conduct also addresses Safeguarding Information and Records by stating "the exchange of scientific and technical information is encouraged; however, some information cannot be freely disseminated and is subject to special restrictions. Each employee should read the rules that apply to the dissemination of information such as the following (see SLI 1008):... d. Sensitive information... Each employee must make certain that such information is disseminated only in accordance with these restrictions." E# 01981's actions were in violation of these guidelines.
The Committee discussed other DRC cases related to this particular case in determining the resolution of this case.
[2]
Resolution: The following resolution were adopted by the Disciplinary Review Committee by a unanimous vote (7 to 0):
(1) E# 01981 should be terminated for conduct that has the potential to compromise the mission of a valued customer and behavior designed to offend the valued customer. The termination is also warranted due to E# 01981's violation of the SNL Code of Conduct, violation of Security Regulations, disregard of an agreement between SNL and a valued customer concerning the release of sensitive information, and his disregard of his line organization's policy concerning the release of unclassified information.
Prepared by: [Signature, 7/20/92]
E. Dunckel, 7531
Approved: [Signature, 7-20-92]
A. M. Torneby, 7531
Approved: [Signature for, 7/20/92]
D. Martin, 7400
Approved: [Signature, 7/20/92]
R. C. Bonner, 7500 Date
[3]
[Handwritten notes by William H. Payne]
3/28/97
John,
1. I worked in the spool shop (Systems Research Center) in 1986-1989.
2. 1989-1991 I was moved to the seismic building.
3. 1992 I moved back into the Systems Research Center (spool shop).
4. The spool shop adopted NSA rules AFTER I left in 1989.
5. I NEVER SIGNED ANY NSA-type agreements.
6. I followed all Sandia rules applicable to my sending out documents.
7. But look at the trouble, some thanks to you, Sandia is now in!
Bill
21 April 1997
See Sandia affidavits (one of which references the termination document above) and US Attorney letters on classified data:
http://jya.com/nsasuit4.htm
13 May 1997: The following packet of documents was received from William Payne on 12 May 1997. The Packet included the documents above: Sandia National Laboratory letter of April 15, 1994 to Charles Burtner, USEEOC, and Attachment 1 documents, as well as Attachment 2 composed of the documents below.
A t t a c h m e n t 2
[Note: Employee numbers (E#) in original text are handwritten]
PRIVATE
DISCIPLINARY REVIEW COMMITTEE
Minutes
July 6, 1989
Attending:
Voting Members: Non-Voting and/or Advisory:
J. E. Mitchell, 3160 J. D. Martin, 3400 E. M. Moore, 3562
D. L. Hughes, 3437 D. E. Jerome, 3432 C. Hartwigsen, 5210
A. M. Torneby, 3530 J. K. Gabaldon, 3510
H. L. Folley, 4010 J. P. Sanchez, 3533
J. R. Xelsey, 5260 A. J. Villareal, 3533
_____________________________________________________________________
Case: E# 2l7l5 E.No.: 21715
Org: 5265 Position: MTS Div. Supervisor
Case: E# l4429 E. No. 14429
Org: 5265 Position: DMTS
_____________________________________________________________________
Background:
Organization 5200 has been involved for many years in a technical
project with the Transportation Safeguards Division (TSD) at DOE.
Recently, however, the DOE indicated a desire to reduce support
of this activity which E# 14429 had been involved in for about
15 years. Without the knowledge and consent of his management, or
the project leader, E# 21715 advised E# 14429 to contact DOE
to find out how to go about continuing work on this project.
Subsequently, E# 14429 prepared a proposal which was submitted
to TSD throuqh a third party, Spectra Research Institute.
The proposal letter to DOE, which was on Spectra's letterhead,
described the work that had previously been done in the area and
proposed continued activities. The technical material accompanied
Spectra's letter, but was added to the letter by E# l4429 .
(Spectra signed the letter without seeing the technical
material.) The proposal did not mention Sandia's or E# 14429's
name; however, he planned to take leave of absence and become a
principal, at his same Sandia salary, if the contract were placed
with Spectra. The proposal indicated that the person to do the
work would be named at a later time. On May 20, 1989, E# 14429
met with E# 21715 who told E# 14429 to take the proposal to
DOE. On May 22, l989 the proposal was submitted to TSD, and
eiqht copies were sent to DOE in Washington, DC.
On May 24, 1989, the project leader, Mr. Neil Hartwigsen, 5210,
received a copy of the proposal from the DOE. The DOE's concern
was that the proposal contained classified informatior. but that
it was not treated as classified. Mr. Hartwigsen notified his
management and Security He also talked with E# 21715 about the
proposal. However, it wasn't until the following morning that
[ 1 ]
July 6, 1989
Page 2
E# 21715 brought E# 14429 in to explain their involvement.
That same morning Mr. Hartwigsen advised E# 21715 and E# 14429's
Department Manager, James Kelsey, 5260, who was then briefed on
the circumstances surrounding the proposal.
Subsequently, the proposal was withdrawn by Spectra, and the
copies of the proposal sent to DOE in Washington, DC were
destroyed. Security also interviewed Stotts and Cover who
provided written statements; no security infractions were
assessed. An Inspector General investigation is currently
pending.
Resolution:
The following resolution was adopted by the Disciplinary Review
Committee by a 5 to O vote:
The Disciplinary Review Committee recommends that Messrs. E# 21715
and E# 14429 receive written reprimands and a reduction of planned
FY89 compensation increases for: 1) Allowing sensitive Sandia
information with competitive value to be used by a prospective
contractor, and 2) Subjecting Sandia and its government sponsor
to possible criticism or embarrassment.
(The Committee reserves the right to re-open this case should
additional information become available.)
Prepared by. [Signature] 7/11/89
A. J. Villareal, 3533 Date
Approved:
[Signature] 7/12/89
J. D. Martin, 3400 Date
[Signature] 7/12/89
R. C. Bonner, 3400 Date
U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION
Phonenix District Office
45 N. Central Ave., Suite 300
Phoenix, AZ 85012-1848
PH: (602) 640-5000
TDD: (602) 640-2692
FAX: (602) 640-2489
September 6, 1995
Charge No 351-94-0138
Gallegos v. Sandia National Labs
Mr. Richard W Gallegos
101 Ortega, N W
Albuquerque, NM 87114
Dear Mr Gallegos:
This letter is to advised you that the Commission is in
receipt of your letter regarding the Commission's disclosure of the
above referenced charge and this office has enclosed a copy of this
file for litigation purposes.
Any questions regarding this matter please direct them to the
undersigned at (602) 640-2232.
Sincerely,
[Signature]
Larry J. Trujillo
Investigator
5
June 19, 1992
Professor Masanori Fushimi
Department of Mathematical Engineering and Information Physics
Faculty of Engineering
University of Tokyo
Bunkyo-Xu, Tokyo 113
JAPAN
Dear Masanori,
Congratulations on your award from IMSL. Richard Hanson tells me
how grateful Ted Lewis and I should be that you have successfully
championed the GFSR. We are.
Enclosed ia a technical report describing my implementation of an
NSA authentication algorithm. I checked with the classification
officer, Bruce Green, this morning to see if it is okay to send
an OUO report to a foreign national. It is. We all must
remember that a Honda is an American made automobile.
I may be re-entering the random number business. Or I may not be
depending on the outcome of a proposal I wrote. I sometimes
think that my proposals should be directed to the Ministry of
Education, Science and Culture of Japan instead of agencies in
the United States.
The problem with random number funding here in the United States
is that it is too close to encryption which the National Security
Agency wants to totally control. You realize, of course, that
the GFSR can be adapted to a very high speed encryption
algorithm. Many encryption algorithms rely on complication for
their security. This leads to slow operation and large
transistor count. The number of transistors is inversely related
to the reliability of a unit.
Please read the paragraph at the bottom of 35 and the associated
draft memorandum at the end of the report. I did not list all
the problems associated with the algorithm. You will, of course,
see that the V register does not contribute anything to the
security of the algorithm. It only XORs high and low bytes with
the input data stream. Best not to tell NSA too much, especially
if I am not getting paid to help.
I enclose a DRAFT of an algorithm I discovered for computing
Euler's Phi function without factoring. I was wrong about my
statement of the amount of work, but you see I have other ideas
about how public key encryption can be broken.
[ 1 ]
Again, congratulations on your award. If you happen to be in the
US and close to Albuguergue, please let me know 80 that we can
meet. Please keep me informed about about your work.
Sincerely,
[Signature]
W. H. Payne
Division 5911
Sandia Labs
POB 5800
Albuquergue, NM 87185
505-844-6847 505-844-7593 FAX
[ 2 ]
Telephone: (03) 812-2111
Telex: 2722111 FEUT J
University of Tokyo
Faculty of Engineering
Department of Mathematical Engineenng and Information Physics
Bunkyo-ku, Tokyo 113, Japan
June 26, 1992
Dr. William H. Payne
Division 5911
Sandia Labs
POB 5800
Albuquerque, NM 87185
U.S.A.
Dear Bill,
Thank you very much for your recent letter as well as a SANDIA REPORT
and a DRAFT on Public Key Cryptography. I have not read through the
REPORT yet. The DRAFT is quite interesting for me although I have not
checked the details. I am enclosing copies of my recent papers on
quasi-random numbers: one is accepted for publication in Mathematics of
Computation, and the other (with a minor revision) will be presented at
the 1992 Winter Simulation Conference to be held on December 13-16, in
Arlington, VA. I will attend the Conference together with the co-
author Tezuka. I hear many people interested in random number
generation will come, including H. Niederreiter, L. Devroye,
P. L'Ecuyer, B.L. Fox and R.C. Tausworthe. If you can come to the
Conference, it will be a good occasion to discuss about our common
interest.
Best regards.
Sincerely yours,
[Signature]
Masanori Fushimi
Enclosures: 2 copies of papers [Not provided]
WORKING AGREEMENT BETWEEN
SANDIA NATIONAL LABORATORIES
AND
THE NATIONAL SECURITY AGENCY
CONCERNING RESEARCH IN CRYPTOGRPAHY AT SANDIA NATIONAL LABORATORIES
Sandia National Laboratories (SNL) and the National Security Agency (NSA) have established a working relationship which has grown substantially over the last decade. Currently, there exist several joint project areas of mutual interest.
Different policies and administrative procedures exist at SNL and NSA which govern the handling of sensitive and classified material, and the documentation and dissemination of such work. It is the purpose of this Agreement tto specify the general guidelines under which work will be administered in the area of cryptographic research at SNL.
First, SNL, in its role as system integrator, requires and indigenous cryptographic capability to support its Department of Energy missions in the design and development of safe and secure nuclear weapons and in treaty verification. SNL and NSA agree to a cooperative effort to support SNL's needs in a manner consistent with the role of such work to national security.
Second, NSA, in its role as the U.S. Government approval authority for cryptographic systems developed for and used in national security applicaitons, recognizes its responsibility to provide support and guidance to SNL's activities in applying cryptography.
Third, SNL will regard cryptographic research as classified when it is initiated or created, i.e., will protect such work as "created classified", and will consult with NSA prior to handling such work as unclassified. Periodic technical and managerial discussions between SNL and NSA will be held to increase the awareness of the security concerns of both organizations and to develop and maintain an SNL cryptographic classification guide which will protect the national security interests of both organizations.
This working Agreement shall be effective on the date of the last signature and will be reviewed annually by SNL and NSA. It will be valid until terminated by mutual agreement.
AGREED:
[Signature] [Signature] ALBERT NARATH RADM JAMES S. MCFARLAND (USN) President Plans and Policy
TITLE TITLE SANDIA NATIONAL LABORATORIES NATIONAL SECURITY AGENCY June 10, 1991 22 July 1991
DATE DATE
[1 July 1997: Link to SCI NDA.]
SENSITIVE COMPARTMENTED INFORMATION NONDISCLOSURE AGREEMENT
Data authentication is the process of computing a key-dependent checksum of a message. The checksum is appended to the message by the transmitter and checked by the receiver. Messages that contain valid checksums are called authentic messages. Messages with bad authentication checksums either contain errors in the checksum, errors in the message, or are counterfeit.
A data authentication algorithm produces a pseudorandom checksum for each processed message bit. A key is the "seed" for the pseudorandom sequence.
The National Security Agency (NSA) provides data authentication algorithms for treaty verification applications. Most of the algorithms are classified. NSA will declassify a treaty verification algorithm to a classification level that allows it to be shared with a treaty participant after the treaty has been signed.
In 1973 NSA supplied to Sandia National Laboratories (SNL) a data authentication algorithm, called the Unmanned Seismic Observatory algorithm, for use in the Comprehensive Test Ban Treaty seismic verification systems. The report, submitted by R. Benincasa of NSA, is classified and therefore cannot be cited here.
The purpose of this SAND report is to document the construction at SNL of the data authenticator used for the Deployable Seismic Verification System (DSVS). This documentation should be of value in the years to come for those who may want to know how it was built, how to maintain it, and how to upgrade it. Thus far, SNL has implemented the algorithm three times. Each time, the hardware and software were upgraded. The first implementation was done in 1974, by R. E. D. Stewart, D. A. Reynolds, and J. G. Deasey. This was a "bench test" implementation in the sense that the algorithm was done in hardware wire, wrapped on "cash" cards, and placed in a test rack. This algorithm implementation was done entirely in the hardware. The authenticator hardware was exercised by a Nova 800 minicomputer (Data General Corp.). They did not try to make the authenticator small, low power, or to enclose it in a TEMPEST container. This implementation was for a feasibility study. R. Stewart provided complete documentation, including schematics and computer codes; this also cannot be cited here because it is classified.
The second implementation, by M. A. Schaefer, took place between January 1978 and September 1979. This was done in low-power 4000-series CMOS logic; an NSC800 microcomputer was used to pass bytes to the authenticator hardware and read back the values. This authenticator, which processed data at 19,200 bits per second, was housed in a TEMPEST container that had been tested and approved by NSA. There were, however, three major problems with this second authenticator:
1. Its hardware was classified.2. Its cost was high--about $75,000. This included two authenticators and the TEMPEST containers for both. Cost of each container was about $20,000 of this $75,000.
3. Its processing speed was low.
The author was assigned to build a third version for the Deployable Seismic Verification System. The goal was to eliminate the problems attributed to the second version. Additional requirements were
OFFICIAL USE ONLY
[End of document provided]
[31 May 1997: Balance of 185-page
report provided]
MAY 08 '92 08:09 SANDIA LAB ORG 9240 505-846-6652 P.2/5
DRAFT
Public Key Cryptography is Easy to Break
William H. Payne
Sandia National Laboratories
October 16, l990
ABSTRACT
Public key, also know as Rivest, Shamir, and Adleman,
cryptography is broken without factoring the modulus m.
The product of the encryption and the decryption expontent is
computed directly with order log2 m shifts, adds, and compares.
A continued product between the modulus and its multiplier which
matches a criterion solves the Fermat-Euler theorems simply for
even very large moduli.
DRAFT
[Handwritten note:
"5/8/92
Jim Omura,
this draft has some incorrect
statements BUT; watch out. Public
key may be breakable without
factoring."]
1
MAY 08 '92 08:09 SANDIA LAB ORG 9240 505-846-6652 P.3/5
DRAFT
Euler's theorem states
aø(m) = 1 mod m
for a relatively prime to m where ø(m) is the number of numbers
less than and relatively prime to m. For prime p and q, ø(pq) =
(p-l)(q-1). For example, if p=5 and q=7, then (5x7) =
4x6-2x2x2x3=24. Then for any number a relatively prime to m, say
2,
224 = 1 mod 35.
Euler's theorem does not mean that 24 is the smallest value for
which the equality is true. The values 2, 4, 8, 6, and 12 must
also be checked to determine if they too may solve the equation.
Here is an algorithm to solve Euler's theorem but it does not
require factoring the modulus (from which the exponent is
computed). The algorithm is extemely simple and obviously
correct (to those who think in binary). Its explanation is best
done by example so the reader can intuitively understand its
importance and practical ramifications.
The smallest even prime 2 is relatively prime to any odd modulus.
Therefore,
2x = 1 mod 35
for some value of x. This means that
2x - l = 35y
for some value of y. A solution 2x -1 is represented in binary
as
1
11
111
lll1
11111
.
.
.
DRAFT
2
MAY 08 '92 08:09 SANDIA LAB ORG 9240 505-846-6652 P.4/5
DRAFT
for some value of x. Computation of 35y must be one of these
values. Computation of y is easy. 35 in binary is 100011. A
product of 35 times y is developed from right to left forcing the
low order bits to one. The algorithm terminates when the high
six bits are all one. Here is the algorithm computation.
[Handwritten]
1 0 0 0 1 1
1 0 0 0 1 1
______________________
1 0 1 0 1 1 1 1
1 0 0 0 1 1
____________________________
1 0 1 1 0 1 1 1 1 1
1 0 0 0 1 1
_______________________________
1 1 1 0 0 1 1 1 1 1 1
1 0 0 0 1 1
___________________________________
1 1 1 1 1 1 1 1 1 1 1 1
12 11 10 9 8 7 6 5 4 3 2 1
which means
212 = 1 mod 35
3
MAY 08 '92 08:09 SANDIA LAB ORG 9240 505-846-6652 P.5/5
DRAFT
Ones are developed for the low order bits of the computation by
shift and add. At each step of the algorithm the high order six
bits are check to see if they are all one. If so (the
termination criterion) the algorithm terminates, and the solution
is immediate.
The algorithm finds the least value for which equality is true.
The modulus can be a product of any number of primes exluding
two and the algorithm continues to work.
The amount of work required for the algorithm to complete is a
linear function of the number of bits in the modulus. Fermat's
theorem gives a good example of the worst case amount of work for
the theorem to execute. The algorithm finds x such that
2x = l mod 13
Here are the computations.
[Handwritten]
1 1 0 1
1 1 0 1
________________
1 0 0 1 1 1
1 1 0 1
______________________
1 0 0 0 1 1 1 1
1 1 0 1
_________________________
1 0 1 0 1 1 1 1 1
1 1 0 1
____________________________
1 0 1 1 1 1 1 1 1 1
1 1 0 1
___________________________________
1 1 1 1 1 1 1 1 1 1 1 1
12 11 10 9 8 7 6 5 4 3 2 1
or 212 = 1 mod 13
DRAFT
4
MAY 08 '92 08:09 SANDIA LAB ORG 9240 505-846-6652 P.6/5
DRAFT
The author discovered this result between 8;30 and 10:08 pm on
October 16, 1990. Implications of the alogrithm are great. +
5
The author thanks Michael O. Vahle for conversations on
strategies to break public key encryption which spanned several
years.
[Handwritten: "+ More than Euclid's algorithm?"]
5
[Image 149K]
_____________________________________________________________________
Vol. 43, No. 8 September 16, 1991
Technical Information Being Transmitted
To Sensitive Countries
Per DOE requirement, all technical information being transmitted to sensitive countries, as listed in SLI 1003, must be reviewed before leaving Sandia. This review will now be performed by Classification and Sensitive Information Review Dept. 3180. All Laboratory information transmittals mailed to sensitive countries in response to requests for information must be forwarded to Dept. 3180 for review. At the time of review, information about the technical information transfer will be entered into the Sensitive Countries Information Logging System (SCIIS, formerly RIDS). To facilitate data entry, each response to a request for information from a sensitive country must be accompanied by the request for information (or a copy of the request or a copy of the mailing envelope showing the addressee) and a copy of the title and abstract of the technical information that is being transmitted. Dept. 3180 will remove these copies for recordkeeping and data entry purposes. Failure to include these copies with technical information that is being transmitted to sensitive countries will result in delay of the mail. The SCILS data base is intended to include requests for information even if there is no response; therefore, unfilled requests for information from sensitive countries should also be forwarded to Dept. 3180 with an explanatory note. Personal correspondence is exempt from the requirement for data entry into SCILS and therefore is exempt from the requirernent for copies. Contact Duane Landa on 5-8904 or Carmela Gallegos on 6-8827 if you have questions. Remember to mark all foreign addressed mail with the correct export license annotation. (LHP:3100)
[Handwritten NOTE]
9/16/91 -- Can I have list? [with arrows to Landa and Gallegos]
COUNTRY CODE
Four pages, hand-dated 1989, list countries and their status of "Embargo/Sensitive" or "Sensitive" or neither. This is a summary:
Embargo/Sensitive:
Cuba, Iran, Iraq, North Korea
Sensitive:
Afghanistan, Albania, Algeria, Andorra, Angola, Argentina, Bahrain, Benin, Brazil, Bulgaria,Burundi, Cambodia (Kampuchea), Chile, China, Czechoslovakia, Djibouti, Ethiopia, Guyana, Hungary, India, Israel, Kuwait, Laos, Lebanon, Libya, Mongolia, Mozambique Namibia, Nicaragua, Niger, Oman, Pakistan, Poland, Qatar, Romania, South Africa, South Korea.
Neither:
Anarctica, Antigua, Australia, Austria, Bahamas, Bangladesh, Bantyre Malawi, Barbados, Belgium, Belize, Bermuda, Bolivia, Borneo, Botswana, Brunei, Burkina Faso, Cameroon, Canada, Cape Verde, Cayman Islands, Cen Africa Rep, Chad, Colombia, Costa Rica, Cyprus, Denmark, Dominican Republic, Ecuador, Egypt, El Salvador, Fiji, Finland, France, French Polynesia, Gabon, Gambia, Germany, Ghana, Greece, Greenland, Guadeloupe, Guatemala, Haiti, Honduras, Hong Kong, Iceland, Indonesia, Ireland, Italy, Ivory Coast, Jamaica, Japan, Jordan, Kenya, Kiribati, Lesotho, Liberia, Liechtenstein, Luxembourg, Madagascar, Malaysia, Maldives, Malta, Martinique, Mauritius, Mexico, Monaco, Morocco, Nauru Island, Nepal, Netherlands, New Caledonia, New guinea, New Zealand, Nigeria, Norway, Panama, Paraguay, Peru, Philippines, Portugal, Rwanda, San Marino, Saudi Arabia, Scotland, Senegal, Sierra leone, Singapore, Solomon Islands, Somalia.
