4 January 2010

Related to:

kahn-crypto.htm       Cryptology Goes Public by David Kahn             January 3, 2010
nsa-meyer.htm         NSA FOIA Documents on Joseph Meyer IEEE Letter   January 2, 2010
diffie-nsa.htm        Whitfield Diffie on NSA and Joseph Meyer Letter  January 2, 2010
hellman-nsa.htm       Martin Hellman on NSA and Joseph Meyer Letter    December 31, 2009

New York Times, Op Ed, April 3, 1976

Tapping Computers

By David Kahn

David Kahn, a journalist, is author of "The Codebreakers."

GREAT NECK, N.Y. -- Like people, computers talking to one another can be wiretapped. To protect themselves, more and more companies, such as the oil giants and banks, are putting their digital correspondence into secret form.

This has led to a demand for a common cipher -- a system that would both permit intercommunication among computers and safeguard the privacy of data transmissions. The National Bureau of Standards, with the help of the National Security Agency, the Government code-making and code-breaking body, has proposed one.

The interesting thing is that while this cipher has been made just strong enough to withstand commercial attempts to break it, it has been left just weak enough to yield to Government cryptanalysis.

Under the plan, all participating computers would incorporate the cipher hardware -- tiny integrated-circuit, chips, each mounted on an inch-long plastic wafer. For privacy, each pair of correspondents would have an individual key -- a string of zeroes and ones, each string different.

The lender would use this to put outgoing messages into cipher; the recipient, to decipher incoming texts. Competitors would not be able to use their keys to unlock these messages any more than your neighbor's house key will open your front door. And even if a competitor has somehow gotten hold of an original message, so many keys are to exist as to make it impractical for him to find the right one and so uncover other messages enciphered in it.

Each individual key in the cipher as proposed would have 56 zeroes and ones, or bits (short for "binary digits"), This length, two computer scientists at Stanford University say. has been craftily chosen to make it too expensive for private firms to cryptanalyze the digital messages -- but not for the Federal Government.

Prof. Martin E. Hellman and a graduate student, Whitfield Diffie, suppose that someone wanted to crack these missiles by "brute force" -- that is by trying all keys possible for a particular situation. This someone could build a computer using a million of the chips. It could test a trillion keys per second. With 58 bits, the total number of possible keys is 70 quadrillion. The computer could thus exhaust all keys in 70,000 seconds, or less than 20 hours.

In large quantities, Hellman and Diffie say, the chips would cost perhaps $10 each at today's prices. To design and build a million-chip machine would come to about $20 million. If this were amortized over five years, the cost of each day's operation -- in effect, the cost of each solution -- would amount to about $10,000.

Who, they ask, has the money to spend on such a machine and the need for daily solutions that would justify it? Only the Government. For private industry, the gains would hardly be worth the investment.

Now suppose the key length were 48 bits. The price of a machine to generate a solution a day would fall to $78,000 and the cost of each solution to $39. On the other hand, if the length were 64 bits, the price of such a machine would soar to $5 billion and of each solution to $2.5 million. This seems beyond even the bottomless pocketbooks or the intelligence agencies.

The National Security Agency and National Bureau of Standards argue that the two men's assumptions are off and that people wanting this information would find cheaper ways to get it than by breaking codes. But just because a house has windows is no reason for not locking the front door, Hellman and Diffie reply, and computer security experts at International Business Machines, at Bell Telephone Laboratories, at Sperry Univac, and at the Massachusetts Institute of Technology agree with them that 56 bits is too small. Indeed, one major New York bank has decided not to use the proposed cipher, called the "data encryption standard," in part for the same reason. And the House of Representatives Government Information and Individual Rights Subcommittee is now looking into the matter.

Hellman and Diffie urge a key length variable at the will or the user up to 768 bits, which they claim can be done at a negligible increase in cost. This would render messages insoluble forever, despite the continuing drop in computation costs.

Why should the National Security Agency be so passionately interested in the 56-bit key that it asked to attend a meeting that Hellman set up on the question and flew a man across the country for it? The N.S.A. expert declined to say. But one obvious reason is that, with a solvable cipher, N.S.A. would be able to read the increasing volumes of data that are flowing into the United States time-sharing and other computer networks from abroad.

The problem is that it would gain this information at the expense of American privacy. For it would also be able to crack domestic computer conversations as well as masses of enciphered personal files. And recent history has shown how often an agency exercises a power simply because it has it.

But perhaps the intelligence is worth it? The answer to that was given a long time ago. "For what shall it profit a man if he shall gain the whole world and lose his own soul?"