Cryptography

For the October 23, 2001 class:

The Code Book by Simon Singh, Chapter 6 (Alice and Bob Go Public)  and Chapter 7 (Pretty Good Privacy).

Summary

Historically, the ability of two parties to communicate securely with each other has rested on their possession of a shared secret. Whitfield Diffie and Martin Hellman created a protocol by which two strangers (who do not share any prior knowledge) could communicate with each other, safe from the threat of eavesdropping. With Ralph Merkel, they went on to create the notion of an asymmetric cipher, where a different key was used to lock a message from the one that was used to unlock it. Soon thereafter, Ron Rivest, Adi Shamir and Len Adelman produced the first realization of the latter abstraction. A little earlier, James Ellis and Clifford Cocks had made similar discoveries which remained classified by the British government until recently.

Cryptographers and cryptanalysts are in a perpetual race to erect and bring down walls of secrecy, respectively. Cryptographers create new ciphers that are resistant to techniques that cryptanalysts invent, while the latter strive to find irregularities in the scrambling processes that the former invent. Law enforcement agencies that can not overcome cryptography by technical means attempt to limit its use to enable them to monitor suspicious communication. Simultaneously, there has been an increased need for cryptography to maintain otherwise eroding privacy in an era of widespread use of public networks. The latter led political activist Phil Zimmerman to release PGP (Pretty Good Privacy), a program that enables strong encryption of computer data. The U.S. government's prosecution of Zimmerman catalyzed judicial examination of the tension between the needs/rights of law enforcement and those of the individual.

Questions

• The Industrial Revolution brought with it the ability to mechanize mundane operations. Cryptanalysis is particularly amenable to the use of automata. Yet it was the codemakers, rather than the codebreakers, who were the first to take advantage of this and build machines to this end. What caused this ? What changed (cicrca the Second World War) that enabled the cryptanalysts to start making gains ? Today, it is once again the codemakers who are ahead in the game. What brought this about ? Do you foresee technological changes that will swing the pendulum back to the other side ?

 
• Key distribution is an old problem dating back to the invention of cryptography. The mathematics used by Diffie and Hellman have been understood for a long time. What are the factors that precipitated the invention of their key exchange protocol ? Would it have been created by someone else (in the public eye) had they not attempted to solve the problem ?

 
• The real world analogue of public key cryptography dates back to the invention of padlocks that can be closed without the key used to open them. The mathematics used for implementing it had been around for quite a while. Yet, the same Stanford team conceived the abstraction of the digital equivalent at around the same time, not to mention the GCHQ discoveries in the same decade. What factors drove this ? What happens to the key exchange protocol when Mallory (who has the ability to substitute messages en route with those of his/her own choice) replaces Eve (who was only eavesdropping) ?

 
• How does a cryptanalyst recognize a successful decryption from an unsuccessful one ? Compare secret and public key cryptography in this regard.

 
• There is an inherent tension between the need for law enforcers to inspect communications, and that of an individual's right to privacy. Is there a compromise ? What do you think of key escrow ? What are the arguments for and against each of these needs, rights and constructs ?

 
• In the interest of national security, the government is able to take extreme measures that have questionable effects on the overall public good.  When they discovered his homosexuality, the British government stopped Alan Turing's research due to the fear that he would be blackmailed. The NSA (National Security Agency) hounded Horst Feistel for much of his career as he was rediscovering methods that they wished to maintain a monopoly over. GCHQ did not allow patenting of the work of Ellis and Cocks on key exchange/public key cryptography. Were the benefits gained enough to outweigh the potential losses to science ? How should one determine where the government's limits should be set ?

 
• The NSA is the single largest employer of mathematicians. Their task is to analyze the information gathered to detect risks to the nation's security. Public use of cryptography is at odds with this role. Is it appropriate for the NSA to prevent the publication of academic cryptographic discoveries ? What about the NSA campaigning to discourage the use of cryptography already in the public domain ? What other role should the NSA have ? Should it be responsible for providing guidance to NIST (National Institute of Standards and Technology) regarding the choice of a data encryption standard, given that it falls under the NSA's purview to analyze encrypted data ? (In the defence of the NSA, DES, which was adopted in the late 1970s after an NSA review, has withstood cryptanalysis despite the claims of conspiracy theorists.)