Crypto

Have you read Steven Levy’s Crypto? You should. It chronicles the development—outside of the NSA and Britain’s GCHQ—of public key cryptography, the “non-secret” encryption technique used in things like PGP, SSL, and SSH. I thought about it today as I read Bruce Schneier’s latest article in The Guardian about how the NSA has subverted encryption across the internet.

Two things about Crypto seemed relevant. First, there’s the triumphant tone of the later chapters of the book, as the non-government cryptography researchers finally overcame not only the technical and mathematical difficulties of public key cryptography, but also its legal hurdles, especially in the United States. If you’re old enough, you may recall the encryption battles of the 90s—many software products ran afoul of US laws regarding the export of encryption technology, which was considered a matter of national security. Eventually, these laws were weakened, abandoned, and overturned, and strong encryption became available to all of us through the work of Whitfield Diffie and Martin Hellman of the Diffie-Hellman key exchange and Ron Rivest, Adi Shamir and Leonard Adleman of the RSA algorithm.

The point of Schneier’s article is that maybe we didn’t win out over the spooks and didn’t get the strong encryption we thought we got. The celebratory mood of Crypto may have been premature.

Which leads to the second section of Crypto that I was reminded of. In the epilogue, Levy goes through the earlier history of public key encryption at GCHQ, a history that was kept under wraps until 1997. In this history, people like James Ellis, Clifford Cocks, and Malcolm Williamson worked out the algorithms in secret that Diffie, Hellman, and RSA rediscovered years later.

At the very end of the book, Levy describes meetings between Diffie and Ellis that took place before the GCHQ work was disclosed. Diffie had gotten some hints about Ellis from an acquaintance at the NSA, and he arranged to visit Ellis at Ellis’s home. Because Ellis was still bound by the GCHQ rules of secrecy, he couldn’t say much, but

Later at the pub, Ellis would get Diffie tipsy on hard cider while they spoke of anything but the matter that had drawn them together and permanently bound them. But before leaving the subject, Ellis couldn’t resist a tacit acknowledgement, one that spoke volumes about the world he lived in and the new world of cryptography that Diffie was helping to create.

“You did more with it than we did,” said the father of nonsecret encryption to the father of public key cryptography. And thereafter kept his secret.

I wonder if one of Ellis’s secrets was that his cousins at the NSA were figuring out ways to compromise supposedly secure internet transactions.