December 18th 2023.
A crucial document from Pakistan’s Inter-Services Intelligence agency, or ISI, undermines a major plank in the high-profile prosecution of the country’s former prime minister, Imran Khan.
Khan remains behind bars while he faces trial for allegedly mishandling a secret document, known as a cypher, which the prosecution claims compromised the integrity of the encrypted communication system used by the state’s security apparatus. But according to an ISI analysis leaked to The Intercept, that claim is entirely false. Internally, the agency concluded that the leak of the text of a cypher could in no way compromise the integrity of the system, an assessment contrary to public claims made repeatedly by prosecutors.
The main charge against Khan relates to his handling of a diplomatic cable describing a key meeting in March 2022 between U.S. and Pakistani officials in Washington. Khan, while prime minister, had repeatedly alluded to the existence of a cypher that outlined U.S. pressure on Pakistan to remove him from power in a vote of no confidence. Though he never disclosed its full contents, at times, in public speeches, he quoted statements recorded in it from U.S. officials promising to reward Pakistan for his ouster. At one rally, Khan even waved what he said was the printed text of the document, without revealing its exact contents.
Prosecutors assert that Khan damaged Pakistani national security by exposing the text of this encrypted document, contents they say could potentially be used by rival intelligence agencies to crack the code of a wide range of other secret Pakistani communications. A criminal complaint against Khan alleges that he “compromised the entire cypher security system of the state and secret communication method of Pakistani missions abroad,” through his alleged mishandling of the cypher. The former prime minister faces up to 10 years in prison if found guilty under Pakistan’s Official Secrets Act and could face the death penalty if charged with treason in the case.
On August 9, 2023, The Intercept published the text of the cypher outlining U.S. pressure against Pakistan to remove Khan. Shortly afterward, Pakistan’s own intelligence agency issued an assessment addressing the very question of how damaging publishing such a text would be.
The internal conclusion of the ISI was crystal clear: No threat to Pakistan’s encryption existed.
Pakistan did not respond to a request for comment.
On August 11, two days after The Intercept story was published, an internal request for information was sent to the ISI by the Ministry of Foreign Affairs. The question at hand: Does the revelation of the plain text of such a cypher compromise the integrity of the system’s encryption? The response, filed by the Inter-Services Intelligence Secretariat under the heading ISI-Policy Matters, and titled “Breach of Crypto Security,” determined that contrary to the present charges against Khan, revealing the text of a cypher poses no risk to the government’s encrypted communications network. “If plain text of an encrypted message … is leaked it has no effect on security of encryptor,” the analysis, which was filed on August 23, concludes. “Leakage of a plain text message does not compromise the algorithm.”
Concern about the security of an encryption system is not entirely unfounded. Some encryption systems can theoretically be compromised by what is known as a “plaintext attack,” in which an attacker has access to a copy of both the plain and encrypted versions of a document’s text and can use the two versions to determine the encryption system.
But the spy agency’s conclusion in the days following The Intercept’s publication of the secret cypher was that the disclosure of the short piece of text alone — without the encryption key — did not pose a risk.
“If plain text of an encrypted message using DTE is leaked, it has no effect on security of the encryptor due to following,” the analysis reads, referring to “an offline encryption device.”
“The encryption algorithm,” it goes on to explain, “is designed with an assumption that the plain/cipher text pairs and algorithms are known to the adversary, the security lies in the secrecy of the key. Therefore leakage of a plain text message does not compromise the algorithm.”
According to the agency’s own analysis, to launch a plaintext attack an adversary would need a minimum of 2256 bits of “plain/cipher text data encrypted with the same key” to figure it out. That would be an amount of text that exceeds not just the length of Khan’s diplomatic cable, but also the total amount of digital storage space available worldwide. In other words, there was never any risk whatsoever that publishing the contents of the cypher could allow an adversary to crack the state’s encryption system.
“Not Compromised”
The cypher published by The Intercept deals with a March 7, 2022, meeting between a senior State Department official, Donald Lu, and Pakistan’s then-ambassador to the U.S. The document describes a tense meeting in which State Department officials expressed their concerns about Khan’s stance on the Russian invasion of Ukraine and threatened that Pakistan could face isolation from the U.S. and European allies. According to the cable, Lu tells the Pakistani ambassador that “all will be forgiven” if Khan were removed from power by a vote of no confidence.A crucial document from Pakistan’s Inter-Services Intelligence agency, or ISI, has revealed a major discrepancy in the high-profile prosecution of the country’s former prime minister, Imran Khan. Khan is currently being tried for allegedly mishandling a secret document, known as a cypher, which the prosecution claims compromised the integrity of the encrypted communication system used by the state’s security apparatus.
The main charge against Khan relates to his handling of a diplomatic cable describing a key meeting in March 2022 between U.S. and Pakistani officials in Washington. Khan, while prime minister, had alluded to the existence of a cypher that contained statements from U.S. officials promising to reward Pakistan for his ouster. At one rally he even held up a printed copy of the document without revealing its contents.
Prosecutors argued that Khan had damaged Pakistani national security by exposing the text of this encrypted document, contents they said could potentially be used by rival intelligence agencies to crack the code of a wide range of other secret Pakistani communications. If found guilty, Khan faces up to 10 years in prison under Pakistan’s Official Secrets Act and could face the death penalty if charged with treason.
On August 9, 2023, The Intercept published the text of the cypher outlining U.S. pressure against Pakistan to remove Khan. Following this, Pakistan’s own intelligence agency issued its own assessment to the Ministry of Foreign Affairs addressing the question of how damaging publishing such a text would be. The internal conclusion of the ISI was crystal clear: No threat to Pakistan’s encryption existed.
The ISI's analysis, filed on August 23, concluded that contrary to the present charges against Khan, revealing the text of a cypher poses no risk to the government’s encrypted communications network. The document explained that the security of an encryption system does not lie in the plain/cipher text pairs or algorithms, but in the secrecy of the key. To launch a plaintext attack an adversary would need a minimum of 2256 bits of “plain/cipher text data encrypted with the same key” – far exceeding the length of Khan’s diplomatic cable and the total amount of digital storage space available worldwide.
The cypher published by The Intercept deals with a March 7, 2022, meeting between a senior State Department official, Donald Lu, and Pakistan’s then-ambassador to the U.S. The document describes a tense meeting in which State Department officials expressed their concerns about Khan’s stance on the Russian invasion of Ukraine and threatened that Pakistan could face isolation from the U.S. and European allies.
The ISI’s analysis thus concluded that there was never any risk whatsoever that publishing the contents of the cypher could allow an adversary to crack the state’s encryption system. The document, titled “Breach of Crypto Security,” determined that “Leakage of a plain text message does not compromise the algorithm.” With this, the ISI has definitively established that Khan’s alleged mishandling of the cypher did not in fact compromise Pakistan’s national security.
[This article has been trending online recently and has been generated with AI. Your feed is customized.]
[Generative AI is experimental.]
