Protecting Assets by Cryptography

Most people do not know what cryptography means, much less what it can and cannot do. Nevertheless, we may all be relying on cryptography -- the protection of valuable or confidential information by using codes and ciphers -- to protect our assets and perhaps our very freedom in the coming decade.

Historically, cryptography has been the almost exclusive domain of the government, particularly the military. But the computer and communications revolutions are spawning a revolution in cryptography as well. Industry, and even individuals, now need cryptographic protection, and new kinds of codes are being developed to meet these needs.

Information sent over modern communiccation networks is extremely vulnerable to spying. Microwave and satellite communications offer even greater cost savings to wiretappers than to the legitimate users. The "wiretapper" need only set up an antenna to listen in on all messages.

Of course, this involves monitoring a tremendous volume of information. But the cost of searching through millions of messages for one of interest is not a deterrent. Information in the proper form can be "edited" by computer at low cost. Approximately a billion words can be searched for a dollar, making the operation cost effective even if only one intercepted message in a million is of interest.

By searching for messages with the words "Congress" and "military appropriations," an opponent could cull out all messages concerning military appropriations in Congress. By searching for any name and the word "alcoholism, " an electronic eavesdropper could set up a good blackmail operation. Sen. Thomas F. Eagleton's vice-presidential candidacy makes it clear how damaging confidential medical records can be.

Clearly, cryptography is needed. But is it cost effective? Accounts of World War II intelligence operations make it clear that everyone -- enemies and allies alike -- was reading everyone else's mail. If the major military powers of 1945 could not afford secure encryption for the soldier in the field, how is industry to afford secure encryption for the secretary working at a computer terminal?

The answer lies in the greatly decreased cost of computation. The scientific pocket calculator that sells for under $100 today would have cost over $1 million in 1945. The military could not afford to give such calculators to the soldier in the field, but today industry can afford to give them to all employees who have even an occasional need for computation.

The National Data Encryption Standard (DES), an encription system designed by the National Bureau of Standards, which sells for tens of dollars today and can fit on a miniature chip of silicon would have cost hundreds of thousands of dollars and required a truck to transport it with the technology of 1945.

Most people are familiar with the role of cryptography in providing privacym -- preventing an eavesdropper from understanding what it being said. But cryptography is at least as useful in authenticationm -- preventing an opponent from injecting a message into the system.

Encryption can be thought of as locking information up in a strongbox with a resettable combination lock. Once you and I have agreed on a combination (a keym in cryptographic parlance), I can easily lock up information (encrypt)m and you can easily unlock it (decrypt)m , but anyone else who intercepts the locked up message cannot open the box either to read what is inside or to alter what is inside. Both the privacy and authenticity of the message are protected by encryption.

In many commercial applications authenticity is more important than privacy. I am unhappy if an unauthorized person can read the checks I have written but it is far more distressing if he can write checks against my bank account.

United States is the most computerized country in the world and is therefore also the most vulnerable to intelligence operations by foreign powers. Commercial information such as a computer manufacturer's marketing plans or a bank's foreign currency operations are of great interest to foreign countries. When our economy is totally dependent on EFt (electronic funds transfers), the Soviets or a terrorist group might "crash" the system with devastating economic effects. Payroll checks, utility bills, etc. would not be properly credited; individual accounts would appear to have too much or too little funds in them; people would be improperly denied access to funds and purchases. In short, our economy could be brought to a halt.

The above argument demonstrates why commercial encryption that is as secure as possible is also in the interests of national security. Unfortunately, there are also arguments in the other direction: If secure codes are publicly available then they can be used by other countries to protect their military and diplomatic messages. The US would lose a valuable source of intelligence.

The second argument won out in the first round of decisions on how secure commercial encryption should be. The National Data Encryption Standard has been designed as difficult, but not impossible, to break. This allows the US to continue its intelligence gathering on those countries with insecure encryption techniques. It is may belief that the next round of decisions should be made in favor of increased security for commercial encryption, even if it is at the expense of some intelligence operations.

Politics has intruded into other areas of encryption as well. In 1976 an mployee of the National Security Agency wrote what was perceived as a threatening letter to some scientific journals which were publishing papers on encryption. The letter claimed that publishing such papers violated the International Traffic in Arms Regulations. According to these regulations a company needs a license to export an implement of war, such as a jet fighter. It also needs a license to export technical data which tells how to build such an airplane. To our surprise, it appeared that research papers on encryption might also be considered technical data on implements of war, and therefore subject to the traffic-in- arms regulations.

The specter of PhD thesis being classified and therefore unpublishable cast a chill over the academic research community. As a result of these episodes, a feeling of mistrust built up between NSA and the academic community. NSA now appears to be trying to heal those wounds and is taking a more open approach to public research in cryptography. It is even offering to support unclassified research in the area, but there is mistrust on the part of some researchers that this is only part of a ploy to gain control of their work.

While only time will tell, it appears that NSA will behave in a reasonable manner. It it attempts highhanded tactics, no one will accept its support, and the whole research prov gram would backfire by badly. This is especially true so long as the National Science Foundation continues to make funds available for unclassified research in cryptography. Therefore I welcome NSA's overtures to establish friendly relations, but also feel it essential that NSF not abdicate its role in providing support to the field.

Important results have already come from research in this field. This is illustrated by a novel way of overcoming what had been a major drawback of conventional encryption. The key to conventional codes must be conveyed by courier, or some other secure means, to the sender and/or receiver. About four years ago I and two of my colleagues at Stanford, Whit Diffie and Ralph Merkle, proposed a radically new kind of encryption. We called it a public key cryptosystem. Important improvements were suggested by Ron Rivest, Adi Shamir, and Len Adleman of Massachusetts Institute of Technology.

In a conventional cryptographic system the same key is used to encipher and decipher, but in a public key cryptosystem these two abilities are separated, by having an enciv phering key "E" and deciphering key "D". The lock analogy is useful for understanding the difference. A public key system is like a strongbox with a new kind of lock with two combinations. One is used in the usual way to unlock the lock. The other is used to lock the lock -- if merely closed it springs open again. The locking combination (E) can then be made public without compromising the unlocking combination (deciphering key D).

Because the enciphering key is public information anyone can encipher messages (lock them up) and send them to you. But only you, because you know your secret deciphering key, can understand (unlock) them.

Besides privacy, public key systems also provide better authentication than conventional cryptosytems. In a conventional system, the sender and receiver share a common key. A third party, who does not know the key, cannot forge messages because he does not know how to generate properly enciphered messages, but the receiver can forge messages to himself. For example, a dishonest stock broker might use this technique to create a false trail to cover up his own attempts to defraud a customer.

Conventional cryptosytems therefore only protect against third party forgeries, and cannot settle disputesm as to what message if any was sent. A public key system destroys the symmetry between sender and receiver (they no longer share the same information) and allows the production of a true digital signature,m a number which can be easily recognized, but not generated, by the receiver.

The sender now uses his secret key D as a signing key (instead of for deciphering). The recipient uses the sender's public key E to check the validity of the signature (instead of for enciphering). In the lock analogy this corresponds to making the unlocking combination public, but keeping the locking combination secret (the opposite of before). Only the owner of the box can lock up information, so anything found in the box must have been put there by him. If the sender (owner of the box) disclaims an agreement, the receiver (holder) of the locked up box) can take it to a judge. Anything found in the box must have been put there by the sender.

The computer and communications revolutions offer great promise for relieving man of much mental and physical drudgery, and for allowing new levels of productivity. They also offer the potential for infringement on inv dividual freedom and for new forms of economic warfare. If properly used, encryption can play an important role in reducing these dangers.