# Cryptography

#### Month: October 2019 Page 2 of 7

As we’ve discussed at length in this course—the history of cryptography is riddled with instances of problems that at first glance seem immutable. The issue of key distribution was one of these supposedly immutable doctrines of secret writing. However, as we have also seen—the history of cryptography is also riddled with people so determined to fix these problems, that they will dedicate their whole lives to finding a solution. Whitfield Diffie and his similarly (and maybe even fruitlessly) determined colleagues identified the problem of key distribution as one worthy of intense study.

Although I may not completely understand the complex computer languages of ASCII or the way that computers can generate millions of key and cipher possibilities in the blink of an eye, the grand concept of sending secure messages through the analogy of Alice, Bob, and Eve is somehow paradoxically easier to understand. This relationship is in essence a great riddle, and a puzzle that I can appreciate. While usually the dedication of famous cryptographers puzzles me, as I find it hard to believe that people will go to such lengths to solve some seemingly tiny problem for a slim chance of going down in mathematics or military history—they problem of key distribution seems so applicable and real, especially looked at in the context of today’s internet age. In this climate of data mining or even straight up data theft, all I can say is thank you to Whitfield Diffie and his collaborators for caring (obsessing?) so much about key distribution and about the privacy of the ordinary person.

In the 1970’s, and to this day, the National Security Agency, or NSA, has been the strongest force in encryption and decryption in America. They put the most resources into cryptography intercept the most messages, and have the most codebreaking power of any organization in America. However, the NSA spends a lot of time and resources trying to maintain its status as the most powerful in the world of encryption. This means it can often run into problems when civilians create cryptographic methods that the NSA can’t handle. This is exactly what happened with Horst Feistel and the Lucifer system. Feistel, a German who had recently immigration to the United States had developed an encryption system, which he called Lucifer, which was extremely strong because it converted messages into binary and then methodically scrambled them 16 times. The NSA could see that businesses would be using this technology, but the problem was that the system required a key. There were too many potential keys that not even the NSA could crack lucifer. So, they officially adopted the Lucifer system as the DES (Data Encryption Standard). However, the DHS explicitly limited the amount of possible keys, so that businesses would still use the technology, but the NSA could crack it. In this action, the NSA was justified. Though it is a slight violation of privacy, they had no other choice.

The DES is a violation of the purest form of privacy. With the DES implemented, businesses and civilians don’t have complete control over their data. They cannot decide what they wouldn’t like to share with the government because they DES is engineered so that the NSA can see all.

Still, the DES doesn’t mean the government is spying on everything. Just because the DES gives the government the capability to read everyone’s data doesn’t mean that the government actually is. The DES is justified because there inevitably will be a case where the government must read a businesses data. Without the DES that is impossible, and it needs to be possible.

In the least controversial way possible, I believe this can be related to arguments for and against the second amendment. In a sense, cryptography, similar to guns, can be easily weaponized. If a person encrypts a message it is because it contains something extreme that they do not want to get out to the public. The key is the word ‘extreme’. For instance, I wouldn’t want the world to know if I had cheated on my S.O., however I would not encrypt an email to my friend discussing the incident considering my everyday acquaintances would not take the time to decipher it, and the people that could decipher it would find no use in the information. On the contrary, if I was planning an event that impedes on national security I would most likely encrypt it considering the U.S. government would probably take special interest in its content. In this case, I understand why the everyday person should not be able to encrypt their messages.

Encryption could also, however, be used to save us in the future. For instance, if for some reason the government turned against the people, we should be able to use cryptography to fight back. If the NSA has full knowledge of our lives they could easily control us or keep us contained in the extreme case of a large uprising.

There were many mathematical concepts related to modern cryptography introduced in this chapter. One topic I was familiar with already was the use of binary digits and modular arithmetic because we had learned about them in class. However, I was not aware of modular arithmetic prior to taking this course and I had only the most basic understanding of binary numbers. I still do not have much knowledge on either topic beyond an elementary level. For example, I was confused by the idea of the Y^x (mod P) function. I do not really understand how it works and how it relates to encryption and communication. I am not sure if this speaks to Singh’s ability (or lack of ability) to explain technical mathematical topics, or my ability (or lack of ability) to understand technical mathematical topics through words rather than examples and someone showing me how they work.

I was also confused about the concept of the mangler function as what the mangler function is exactly was never elaborated upon in the chapter. However, this might be because the function is too complicated or complex for the average individual to understand, so Singh didn’t even bother trying to break it down. I think Singh does a so-so job explaining the more technical sides to cryptography throughout his book, not just this chapter. Some explanations make sense, such as in the first chapter when he introduces the different types of historical ciphers. Others have me completely lost, such as his explanation for how the enigma machine functions. (I still don’t understand how it works!) I understand it is very difficult to explain such advanced and complex concepts to people with no knowledge on the topic, and this will be important to keep in mind when explaining how our cipher works for our podcasts.

Public key cryptography was invented by the academic researchers Diffie, Hellman, Merkle, Rivest, Shamir, and Adleman. They’re the ones who came up with the idea, and they’re the ones who created functions that could work with it. Here’s the issue: British GCHQ researchers Ellis, Cocks, and Williamson did all of those things too. The only difference between the two groups is that the GCHQ researchers couldn’t publish their work because it was classified.

The phenomenon that occurred here happens in another science: biology. There, it’s known as Convergent evolution. Convergent evolution is the independent evolution of some biological feature by two different species. For example, echolocation evolved in dolphins and whales, but also independently in bats. Similarly, birds, bats, pterosaurs, and insects are not closely related to each other but they all have wings. They don’t all share some great winged ancestor, they just evolved to fly because that’s a useful thing to be able to do. The inability to fly was a common problem for all of these animals and independently, they solved it with the development of wings.

Similarly, the American academic researchers and the GCHQ researchers were each facing the problem of key distribution. Cryptography had advanced to the point where making a secure cipher was less challenging than arranging to share the key with the recipient of the cipher. Leading-edge cryptographers had arrived at the same obstacle at around the same time, and they each found the same (or similar) solution to it. That solution came to be associated with the American researchers because the Brits were under oath. They couldn’t even share their findings with their families, much less file a patent. The fact that one group came up with public-key cryptography doesn’t mean that the other didn’t. The two groups independently made convergent solutions.

Whitfield Diffie, having the mind and brain to look beyond the present time, predicted that everyone would have their own computers and would have the ability to send messages to anyone they wanted. With this in mind, he essentially states that all people should have the ability to hide their messages from the government  via encryption. And given the democratic beliefs that our country supposedly abides by, I agree with Diffie’s views to a very large extent.

Singh makes it explicitly clear that Diffie believes that people should “have the right” to make that choice for themselves. And that is the main thing that makes his argument agreeable. There are many people currently in America that could not care less about who is able to see their messages. On the other hand, there are many Americans who are very passionate about making sure no one can get their hands on whatever they deem private and making sure to define what they wish to keep as private or not. It’s similar to Marcus’s argument in “Little Brother” with the bathroom analogy, how there are just things in a person’s life that they wish or desire to keep private and that is completely okay. Similarly, people should have the ability to choose to encrypt the messages they send. Whether they decide to encrypt their messages or not may come down to personal preference. One individual may  prefer to take the extra step to hide something they believe is private and should only be known by them as well as the recipient. There may be another individual that will pick and choose what they want encrypted or not, due to security and/or personal reasons. There might be a third person that, for whatever reason, may not want or care to get anything encrypted on the way. And while it can definitely be agreed upon by many that taking the safe route is preferred, the choice should be up to the individual, case by case.

I agree with Whitfield Diffie in believing that people should have the right to encrypt their messages to secure their privacy. Would it make sending a simple email a bit more of a hassle? Maybe. However, citizens have the right to be able to hide what they are talking about, and the most anyone else can do is just hope that they are encrypting a message about something legal.

Vanderbilt is able to see the emails that I send and get sent. Similar to when I was enrolled at the University of Alabama, they too could monitor my student email. I would not dare talk about anything that I believed to be illegal or wrong over a student email, but if I wanted to, I should very well be allowed to encrypt my messages. It’s not as if I am actually preventing the school from seeing my emails; they can read my emails, but they just will not be able to understand it unless they have some amateur crypt-analysts on their team who can decrypt my messages.

However, it goes further than just Vanderbilt being able to spy on my email communications. It is not even just limited to communication in general. Everyone has sensitive information in their possession, such as social security numbers and credit card information, that needs to be kept secret. And if they were to be able to use encryption technology, they would definitely be more at ease with having that information on a computer.

The National Security Agency has been criticized for decades due to the very nature of its purpose; no one likes the idea that someone can read their emails, listen to their phone calls, or act as an observant third-party on any private two-way communication. But, at the end of the day, so long as the government in and of itself is not a bad actor, the NSA’s sole purpose is to facilitate the protection of the citizenry.

Enter the Data Encryption Standard, a new cipher for the computer age and employed up to 16 enciphering keys to encode blocks of text, designed as a joint venture between IBM and the NSA. While simple enough on the surface, the technique created billions upon billions of possible permutations, so many that the even the most state-of-the-art computers of the time would have trouble cracking it. So what’s the problem? Wouldn’t it be a good thing that after so many years, civilians finally had access to perfect privacy? Well, not if its the height of the Cold War; not if Russian agents could use that very same ultra-secure network to plot attacks or demonstrations to undermine western democracy.

The NSA, vigil as ever, took notice of this inherent risk of the system, and handicapped the DES, leaving it susceptible to brute force attack from their machines, but relatively impervious to commercially available computers. This way, the NSA could still intercept messages sent over private networks, monitoring their content while still allowing a degree of security from unwanted prying eyes. In this sense, the NSA’s decision to handicap the DES was justified, as their reasoning to do so was in line with their cardinal purpose: facilitate the safety and security of the citizenry. In allowing the DES to remain too complicated for commercial computers to crack, the NSA even allowed for the enhancement of civilian privacy while not contradicting their inherent purpose. To this end, the NSA was justified in their actions, as their building in a weakness was not to completely destroy the concept of digital purpose, but rather to better enable their ability to intercept and act on potentially malicious communications; their decision was ultimately for the greater good.

Whitfield Diffie is, in essence, a cryptohipster. Or, one might call him a cryptotarian (crypto libertarian). He graduated from MIT, and studied cryptography just for the thrill of it. In the early 70’s, Diffie had the foresight to realize that one day, people would have their own computers. He believed that “if people then used their computers to exchange emails, they deserved the right to encrypt their messages in order to guarantee their privacy.”

I do agree that private citizens have a right to have access to secure encryption technologies. Encryption technologies would be used to protect communication – the same communication that might take place face-to-face. Since in-person private conversation has never been a right that’s been questioned, why should we give up our communication rights if it’s simply a different medium of communication? Living in America, we have a right to privacy. This right shouldn’t be infringed upon due to the development of the internet. If someone is able to develop their own encryption system, they should be able to use it at their will. There’s a lot of work that goes into developing/utilizing such a system, including the logistical problems that come with key distribution. If people want to go through the trouble of exchanging keys, they should be able to communicate in private.

The NSA seeks to act in its best interests. Therefore the release of the DES should come as no surprise to anyone. Though technically created by IBM, NSA was heavily involved in the creation process. At the center of the encryption are the substitution S-tables, the part where the NSA had the most involvement. Naturally this created suspicion that the NSA put a backdoor in the tables with which they were able to decode every message in seconds. However the NSA also intended the algorithm to be used for its own classified documents. Motivated by historical examples of supposedly perfectly secure ciphers, NSA knew that if it put in a logical caveat into the algorithm eventually it would be found. Therefore the only logical idea was to make it so that ONLY the NSA could break the cipher. One thing that the NSA had above every genius individual or organization was resources. Therefore it made the DES only solvable with brute force attacks, hoping that for the foreseeable future, only the NSA would have the necessary technology to conduct such an attack. Though potentially a moral grey area, the NSA did not do anything wrong technically, as a senate committee which investigated the project found. Making DES a government standard did not force any one business to use it. Interestingly, it seems that the NSA did not learn its lesson from all the backlash it received, as during 1987 it implemented the Capstone project which primarily created the SHA-1 hash function to use as a standard for password encryption. Though it has yet to be determined whether the NSA created a backdoor, SHA-1 is no longer considered secure, and just as the DES has been updated through a public competition.

Page 2 of 7