Cryptography
Reading
For the October 23, 2001 class:
The Code Book by Simon Singh, Chapter 6 (Alice and Bob Go Public)
and Chapter 7 (Pretty Good Privacy).
Summary
Historically, the ability of two parties to communicate
securely with each other has rested on their possession of a shared secret.
Whitfield Diffie and Martin Hellman created a protocol by which two strangers
(who do not share any prior knowledge) could communicate with each other,
safe from the threat of eavesdropping. With Ralph Merkel, they went on
to create the notion of an asymmetric cipher, where a different key was
used to lock a message from the one that was used to unlock it. Soon thereafter,
Ron Rivest, Adi Shamir and Len Adelman produced the first realization of
the latter abstraction. A little earlier, James Ellis and Clifford Cocks
had made similar discoveries which remained classified by the British government
until recently.
Cryptographers and cryptanalysts are in a perpetual
race to erect and bring down walls of secrecy, respectively. Cryptographers
create new ciphers that are resistant to techniques that cryptanalysts
invent, while the latter strive to find irregularities in the scrambling
processes that the former invent. Law enforcement agencies that can not
overcome cryptography by technical means attempt to limit its use to enable
them to monitor suspicious communication. Simultaneously, there has been
an increased need for cryptography to maintain otherwise eroding privacy
in an era of widespread use of public networks. The latter led political
activist Phil Zimmerman to release PGP (Pretty Good Privacy), a program
that enables strong encryption of computer data. The U.S. government's
prosecution of Zimmerman catalyzed judicial examination of the tension
between the needs/rights of law enforcement and those of the individual.
Questions
-
The Industrial Revolution brought with it the ability
to mechanize mundane operations. Cryptanalysis is particularly amenable
to the use of automata. Yet it was the codemakers, rather than the codebreakers,
who were the first to take advantage of this and build machines to this
end. What caused this ? What changed (cicrca the Second World War) that
enabled the cryptanalysts to start making gains ? Today, it is once again
the codemakers who are ahead in the game. What brought this about ? Do
you foresee technological changes that will swing the pendulum back to
the other side ?
-
Key distribution is an old problem dating back to
the invention of cryptography. The mathematics used by Diffie and Hellman
have been understood for a long time. What are the factors that precipitated
the invention of their key exchange protocol ? Would it have been created
by someone else (in the public eye) had they not attempted to solve the
problem ?
-
The real world analogue of public key cryptography
dates back to the invention of padlocks that can be closed without the
key used to open them. The mathematics used for implementing it had been
around for quite a while. Yet, the same Stanford team conceived the abstraction
of the digital equivalent at around the same time, not to mention the GCHQ
discoveries in the same decade. What factors drove this ? What happens
to the key exchange protocol when Mallory (who has the ability to substitute
messages en route with those of his/her own choice) replaces Eve (who was
only eavesdropping) ?
-
How does a cryptanalyst recognize a successful decryption
from an unsuccessful one ? Compare secret and public key cryptography in
this regard.
-
There is an inherent tension between the need for
law enforcers to inspect communications, and that of an individual's right
to privacy. Is there a compromise ? What do you think of key escrow ? What
are the arguments for and against each of these needs, rights and constructs
?
-
In the interest of national security, the government
is able to take extreme measures that have questionable effects on the
overall public good. When they discovered his homosexuality, the
British government stopped Alan Turing's research due to the fear that
he would be blackmailed. The NSA (National Security Agency) hounded Horst
Feistel for much of his career as he was rediscovering methods that they
wished to maintain a monopoly over. GCHQ did not allow patenting of the
work of Ellis and Cocks on key exchange/public key cryptography. Were the
benefits gained enough to outweigh the potential losses to science ? How
should one determine where the government's limits should be set ?
-
The NSA is the single largest employer of mathematicians.
Their task is to analyze the information gathered to detect risks to the
nation's security. Public use of cryptography is at odds with this role.
Is it appropriate for the NSA to prevent the publication of academic cryptographic
discoveries ? What about the NSA campaigning to discourage the use of cryptography
already in the public domain ? What other role should the NSA have ? Should
it be responsible for providing guidance to NIST (National Institute of
Standards and Technology) regarding the choice of a data encryption standard,
given that it falls under the NSA's purview to analyze encrypted data ?
(In the defence of the NSA, DES, which was adopted in the late 1970s after
an NSA review, has withstood cryptanalysis despite the claims of conspiracy
theorists.)