The History and Mathematics of Codes and Code Breaking

Tag: Lucifer

With an advance in technology, the use of computers for encryption technology wasn’t just limited to the military and government. Increasingly, civilian businesses began using encryption and cryptography to encode their messages. In an attempt to standardize encryption across the United States, the National Bureau of Standards looked to Lucifer. This encryption system developed at IBM was so strong that it offered the possibility of cryptography that couldn’t be broken even by the NSA. The NSA didn’t want civilians to use encryptions that it couldn’t break, so the NSA successfully lobbied to weaken Lucifer by reducing the number of possible keys. The adoption of this weakened Lucifer meant that the civilian world had access to strong but not optimal security, meaning that the NSA could still break their encryptions if it needed to do.

The NSA was justified in pushing for the adoption of a mechanism that they could break even if it meant less security for the civilian world. Allowing civilians and businesses to gain strong encryption mechanisms that no one but them could decipher would have meant an increase in criminal activity that governments couldn’t even begin to monitor. This would have reduced the safety of the populace as a whole. When living in a society we often give up some rights for the greater good, and it should be noted that no right is absolute – my right to free speech doesn’t allow me to yell fire in a crowded theater for example. Thus by merely knowing that the NSA can still decrypt messages that businesses send can often be a deterrence to secretive or illegal activity.

Critics like to point out that giving the NSA the ability to decrypt any message they would like would be giving the government far too much power. But it should be noted that even while the NSA has the means to decipher an encryption, that doesn’t necessarily mean it will. There are billions of texts, emails, and calls exchanged each day in our world – the NSA has neither the means nor the resources to monitor every single message. Thus the NSA must prioritize by possible criminal activity: criminal activity they cannot detect and stop without the use of decryption. Thus, it is not only important but essential that the NSA be able to decrypt the messages of the business world in order to deter criminal activity and better protect our society.


Should Unlimited Security be Limited?

When the Data Encryption Standard (DES) was created, the National Security Agency made sure that it was weak enough that they could break it.  The Data Encryption Standard was a result of Horst Feistel’s product, Lucifer.  Lucifer was a machine that could encrypt data, making the encryption nearly impossible to decrypt.  In 1976, the NSA made the decision to limit the DES to 100,000,000,000,000,000 possible keys.

The strength of a cipher is directly correlated to the number of possible keys.  With so many possible keys, no common computer could possibly decrypt a DES encrypted cipher.  Most powerful computers are capable of finding the correct key when the number of possible keys is only 1,000,000.  By limiting the number of possible keys to a number higher than what a typical computer is capable of breaking, the NSA justified its decision.  The DES was created so that all businesses could communicate securely and reliably.  Even with a limit on the number of possible keys, the same goal was achieved.  Though the security was less than optimal, the security would still be unbreakable.   More importantly, if the DES were too strong, the government and NSA would be incapable of tapping information.  As we’ve previously discussed in Little Brother, there are times where the government needs full access to all forms of communication.  If the NSA did not limit the number of possible keys, it would put domestic and international security at risk.  In this way, the NSA was justified in making sure it was weak enough that they could break it.

Image: “Bokeh Command” by Robert S. Donovan, Flickr (CC)

Weakening the Lucifer: An Abuse of Power

Not all ciphers are created equal. Some are mathematically simple and easy to crack while others are seemingly secure but impractical to use. Then there are the ciphers that are mathematically secure but watered down to be breakable. The Lucifer cipher, created by Horst Feistel in the 1970s, was a secure cipher algorithm that was intentionally weakened so that it could be broken by the government.

The National Security Agency limited the Lucifer cipher to 100 quadrillion keys. This number is extremely large, but the NSA wielded enough computing power to try all the possible keys used to encrypt a message and decrypt the message by finding the correct key. They argued that the encryption was still secure because only the NSA had the computing power to find the correct key, which meant that the cipher could be used for commercial purposes without being broken by rival companies (Singh 250).

The action taken by the NSA to inhibit the Lucifer cipher was unethical and unjustified. Lucifer had the potential to be genuinely unbreakable using available technology if the number of possible keys was unlimited. If the technology is available to generate an unbreakable cipher, then people should have the right to use it without having to use a modified governmental version of it. The argument that the cipher was secure to all computers except those of the NSA is inherently flawed. Even though the NSA may have the most powerful computers at a given time, they may not necessarily keep that status. If they do not even have the capability to develop the Lucifer cipher on their own or to develop the tools necessary to break it, they most likely will be behind in computer development as well. Moore’s law suggests that computing power increases exponentially (, and at this dramatic rate of increase in technological progress, the NSA cannot guarantee that they will be the only ones able to break the cipher. They are jeopardizing commercial communications by granting themselves access to the cipher.

Parallels can be drawn between the NSA’s actions and an economic monopoly.  The NSA wants complete control over this cipher, so it weakens the cipher to a level that only the NSA’s computers can break. In a monopoly, one business eliminates their competition in a region so they raise prices without fear of losing customers ( The government is abusing their power by purposely lowering the security of a cipher that millions of people depend on. If they want to decrypt messages, they should exploit potential weaknesses using cryptanalysis. Weakening the cipher is like changing the rules in the middle of a pokergame to give one person an advantage: it’s cheating.

Simon Singh, The Code Book

Image: “All In!” by Eduardo Carrasco, Flickr (CC)

The Lucifer Controversy

My Calculus professor always says, “If you’re trying to dig a small hole in your backyard, you don’t bring in a bulldozer. It’s costly and it’s inefficient. You just take out a shovel and get the job done.” What she basically means is that if you have a small task, you use small tools, and if you have a big task, you use big tools. The same applies to the commercial use of cryptography.

In the 1970’s, businesses were looking for a secure method of encryption that they could rely on to communicate confidentially with one another (Singh 248). Lucifer, which was generally regarded as one of the strongest commercially available encryption systems, was a candidate for the standard (Singh 249). Before Lucifer was officially adopted as the Data Encryption Standard, the NSA limited the number of possible keys, just to the point that no civilian computer could feasibly crack the encryption (Singh 250). This provided businesses with just the right amount of security they needed to conduct their communications.

There are two other reasons that justify the NSA’s actions. The first is that a country’s security agency should have the strongest available encryption system and limiting the number of keys available to the public enabled it to do so.  The second is that public use of this system would compromise the NSA’s operations. For example, if businesses were using an unlimited Lucifer system, then it would be in the interest of many individuals and organizations to crack the encryption system. However, if the NSA were the only body using the encryption system, then less people would be interested in cracking it, thus providing the NSA with more security.

Powered by WordPress & Theme by Anders Norén