The core of this book is a series of personal interviews conducted between 1992 and 2000. Throughout that period, I attended conferences, visited key sites, and performed my own version of Signals Intelligence, using the Internet’s vast resources to gather information. (Monitoring discussions on sci.crypt or cypher punks@toad.com was almost a full-time job.) Besides published texts, sources include government and court documents and memos, as well as corporate memos and reports.
Besides personal interviews and communications, the Diffie material is supplemented by unpublished autobiographical notes, “Personal Memories on the Discovery of Public Key Cryptography,” July 1981.
Page
7 classical cryptographic systems Sources for background on conventional cryptography include Kahn’s The Codebreakers as well as Dorothy Denning’s Cryptography and Data Security, Gaines’s Cryptanalysis, Wrixton’s Codes and Ciphers, and Gustavus J. Simmons’s “Cryptology” entry in the Encyclopaedia Britannica.
7 all thingsThe Codebreakers, p. 146.
11 Enigma Explained thoroughly in Hodge’s Turing: The Enigma. There is a working Enigma unit at the National Cryptologic Museum in Maryland.
13 National Security Agency Bamford’s The Puzzle Palace is the definitive study of the NSA. The Baltimore Sun did a well-researched series of articles by Scott Shane and Tom Bowman, “America’s Fortress of Spies,” December 3–15, 1995.
14 By joining “NSA Employees Security Manual,” reprinted in Phrack, No. 45, March 30, 1994.
15 Triple Fence Bamford, The Puzzle Palace, p. 88. “The entire complex is surrounded by a ten-foot Cyclone fence crowned with multiple rows of barbed wire. . . . Inside this is another fence, consisting of five thin strands of high-voltage electrified wire attached to wooden posts planted around the building in a bed of green asphalt pebbles. Finally there is another tall Cyclone fence reinforcing the others.”
17 Shannon His complete work can be found in N.J.A. Sloane and Aaron D. Wyner, Shannon: Collected Papers, Los Alamitos, CA, IEEE Press, 1993.
23 attempt to sandbag Bamford, The Puzzle Palace, p. 168. Bamford drew upon the papers of Lt. Gen. Marshall S. Carter to verify the NSA’s attempts to quash Kahn’s book.
25 low on the hog Whit Diffie e-mail to Eric Jungbluth, April 25, 1999.
27 Friedman The Friedman information was drawn from Kahn’s The Codebreakers and Lambros D. Callimahos, “The Legendary William F. Friedman,” Cryptologia, Vol. 15, No. 3, July 1991, p. 219.
28 dinner plate Bruce Schneier, Applied Cryptography, p. 29.
For all that has been written about DES, there has never been a fully developed account of its development. Walt Tuchman gave a speech revised as “A Brief History of the Data Encryption Standard,” in Internet Besieged, pp. 275–280. There are helpful sections about DES in Bamford’s The Puzzle Palace, Diffie’s Privacy on the Line, Kahn on Codes, Schneier and Banisar’s The Electronic Privacy Papers, and Schneier’s Applied Cryptography. A number of internal IBM memos helped me sort out the dates and provided detail.
Page
38 key size Whitfield Diffie, “Preliminary Remarks on the National Bureau of Standards Proposed Standard Encryption Algorithm for Computer Data Protection,” May 1975.
39 Feistel Biographical information on this seminal figure is sparse. Diffie’s Privacy on the Line does the best job.
40 during the war David Kahn, unpublished notes on an interview with Feistel, March 29, 1976.
40 told Whit Diffie Diffie, Privacy on the Line, p. 57.
40 a co-worker Alan Konheim
41 Computers now constitute Horst Feistel, “Cryptography and Computer Privacy,” Scientific American, Vol. 228, No. 5, May 1973, pp. 15–23.
41 IBM colleague Feistel told Diffie that the Watson Labs researcher John Lynn Smith came up with the name.
49 his report “A Study of the Lucifer Crypto-Algorithm,” August 18, IBM Memorandum, 1973.
52 dez While the Kingston engineers commonly used this single syllable, the mathematicians at Watson fussily referred to it as Dee-Ee-Ess.
55 technical article “The Data Encryption Standard and Its Strength Against Attacks,” IBM Research Journal, Vol. 38, No. 3, May 1994.
63 summary U.S. Senate, Select Committee on Intelligence, Unclassified Summary: Involvement of the NSA in the Development of the Data Encryption Standard (1978).
64 differential cryptanalysis E. Biham and A. Shamir, Differential Cryptanalysis of the Data Encryption Standard, New York, Springer-Verlag, 1993.
64 linear cryptanalysis M. Matsui, “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology: Proceedings of Eurocrypt ’93, New York: Springer-Verlag, 1994.
The key papers are Diffie and Hellman’s “New Directions in Cryptography” (IEEE Transactions on Information Theory, Vol. IT-22, No. 6, November 1976) and Merkle’s “Secure Communications Under Insecure Channels” (Communications of the ACM, Vol. 21, No. 4, 1978). Diffie recounts some history in “The First Ten Years of Public Key Cryptography” (in Simmons’s Contemporary Cryptography) and “Personal Memories.” More technical descriptions on how the actual algorithms work are found in Bruce Schneier’s Applied Cryptography and Garfinkel’s PGP.
Page
75 the result Diffie, Whitfield, and Martin Hellman, “Multiuser Cryptographic Techniques,” Proceedings of the AFIPS National Computer Conference, 1976, pp. 109–12.
84 problems Diffie, “First Ten Years of Public Key Cryptography,” op. cit.
Page
96 going downhill . . . extremely lucky Adi Shamir, “Cryptography: Myths and Realities,” ICAR Distinguished Lecture, delivered at Crypto ’95, August 30, 1995.
97 factoring Len Adleman, “Algorithmic Number Theory—The Complexity Contribution.” Unpublished paper.
98 The problem of distinguishing Ibid.
101 Technical Memo Later revised and published as R. A. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of the ACM, Vol. 21 (2), pp. 120–26, February 1978.
104 Gardner’s column “A New Kind of Cipher That Would Take Millions of Years to Break,” Scientific American, Vol. 237, No. 2, August 1977.
106 Church U.S. Senate, Select Committee on Intelligence, Subcommittee on Intelligence and the Rights of Americans, Foreign Intelligence Surveillance Act of 1978, Hearings, Ninety-fifth Cong. Second Sess. (1978). Bamford’s The Puzzle Palace offers a concise summary of Shamrock and Church’s investigation.
107 National Science Foundation The NSF events were revealed in U.S. House of Representatives, Committee of Government Operations, Government Information, and Individual Rights Subcommittee, The Government’s Classification of Private Ideas, Ninety-sixth Cong., Second Sess. (1980). Bamford, Diffie and Landau and Gina Bari Kolata, “Computer Encryption and the National Security Agency Connection,” Science, Vol. 97, July 29, 1977, pp. 438–40 also describes the activities.
110 J. A. Meyer The article was “Crime Deterrent Transponder System,” Transactions on Aerospace and Electronics Systems Vol. 7, No. 1, January 1971.
110 Confirmed the rumors Deborah Shapley and Gina Kolata, “Cryptology: Scientists Puzzle over Threat to Open Research, Publication,” Science, Vol. 197, September 30, 1977, pp. 1345–349.
113 I have tenure Malcolm Browne, “Scientists Accuse Security Agency of Harassment Over Code Studies,” New York Times, October 18, 1977.
114 As usual with NSA A. Shamir, “Cryptography: Myths and Realities,” op. cit.
115 Davida Deborah Shapley, “DOD Vacillates on Wisconsin Cryptography Work,” Science, Vol. 201, July 14, 1978, p. 141. Louis Kruh, “Cryptology and the Law—VII,” Cryptologia, Vol. 10, No. 4, October 1986, p. 248. Also Bamford’s The Puzzle Palace, pp. 449–50.
116 Nocolai Deborah Shapley, “NSA Slaps Secrecy Order on Inventors’ Communications Patent,” Science, Vol., 201, September 8, 1978, pp. 891–94. Also Louis Kruh “Cryptology and the Law—VII,” Science, “DOD Vacillates . . .” and Bamford’s The Puzzle Palace, pp. 446–51.
117 soft sell Statement given in U.S. House of Representatives, Committee of Government Operations, Government Information, and Individual Rights Subcommittee, The Government’s Classification of Private Ideas, hearing cited above. Ninety-sixth Cong., Second Sess. (1980)
119 bombshell John M. Harmon, “Constitutionality Under the First Amendment of ITAR Restrictions of Public Cryptography,” memo to Dr. Frank Press, science advisor to the president, May 11, 1978. Reprinted in Hoffman’s Building in Big Brother.
119 brilliant new lawyer His name was Dan Silver.
121 went public Deborah Shapley, “Intelligence Agency Chief Seeks ‘Dialogue’ with Academics,” Science, Vol. 202, October 27, 1978, pp. 407–9.
121 public speech Inman’s address to the Armed Forces Communication and Electronics Association is reprinted as “The NSA Perspective on Telecommunications Protection in the Nongovernmental Sector” in Schneier and Banisar’s The Electronic Privacy Papers, p. 347.
124 minority report “The Case Against Restraints on Non-governmental Reseach in Cryptography,” reprinted in Cryptologia, Vol. 5, No. 3, July 1981, p. 143.
Some of this material was drawn from taped journals and documents of early RSA provided by Jim Bidzos. There is also a good account of RSA’s origins in Garfinkel’s PGP.
Page
128 Diffie later recounted Diffie, “The First Ten Years of Public Key Cryptography,” op. cit.
129 seen this territory Diffie, Privacy on the Line, p. 283.
Page
157 Project Overtake Bob Davis, “A Supersecret Agency Finds Selling Secrecy to Others Isn’t Easy,” Wall Street Journal, March 28, 1988.
158 public interview The official was David McMais, chief of staff for information security.
165 “mental poker” A. Shamir, R. A. Rivest, and L. Adleman, “Mental Poker,” MIT/LCS Technical Memo 125, February 1979.
165 “secret sharing” A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 24, No. 11, November 1979, pp. 612–13. Shamir and G. R. Blakley are generally granted shared credit for the innovation.
166 Mafia-owned store A. Shamir, lecture at Securicom ’89, quoted in Schneier’s Applied Cryptography, p. 92.
166 Landau “Zero Knowledge and the Department of Defense,” Notices of the American Mathematical Society (Special Article Series), Vol. 35, No. 1 (1988), pp. 5–12.
166 Merkle John Markoff, “Paper on Codes Is Sent Despite U.S. Objections,” New York Times, August 9, 1989.
177 NIST, “A Proposed Federal Information Processing Standard for the Digital Signature Standard (DSS),” Federal Register, Vo. 56, August 1991, p. 169.
178 white flag NIST memo, “Twenty-third Meeting of the NIST/NSA Technical Working Group,” March 18, 1991.
179 the wrong agency Diffie, Privacy on the Line, p. 74.
181 “What crypto policy” Rivest’s remarks were made at the 1992 Computers, Freedom, and Privacy Conference.
182 National Security Decision Directive Background on NSDD 145 can be found in Diffie’s Privacy on the Line, Schneier and Banisar’s The Electronic Privacy Papers, and Tom Athanasiou, “Encryption: Technology, Privacy, and National Security,” Technology Review, August–September 1986.
183 orchestrated Clinton Brooks, Memo, April 28, 1992.
183 Memorandum of Understanding The MOU between the directors of NIST and the NSA “concerning the implementation of Public Law 100-235” is reprinted in Schneier and Banisar’s The Electronic Privacy Papers, pp. 401–4.
183 General Accounting Office “Communications Privacy: Federal Policy and Actions,” GAO/OSI-92-2-3 (November 1993).
184 hearings U.S. House of Representatives, Economic and Commercial Law Subcommittee of the Judiciary Committee, The Threat of Foreign Economic Espionage to U.S. Corporations, April 29 and May 7, 1992, 102d Congress, Second Sess.
Some portions of this chapter draw on my previous articles, “Crypto Rebels,” Wired, May/June 1993, and “E-Money (That’s What I Want),” Wired, December 1994.
Page
191 Merritt Background on Charlie Merritt was drawn in part from Garfinkel’s PGP and Maureen Harrington, “Cyber Rebel,” Denver Post, March 3, 1996.
196 consultant Identified as W. H. Murray in Jim Warren, “Is Phil Zimmermann Being Persecuted? Why? By Whom? Who’s Next?” MicroTimes, April 1995.
197 Goen Ibid.
202 1993 interview Jon Lebkowsky, “The Internet Code Ring,” Fringeware Review, No. 9, January 1995.
205 Prince of Wales Salley Bedell Smith, Diana in Search of Herself, New York, Signet, 2000, p. 247.
205 Quarterbacks Gordon Forbes, “Helmet Radios Give Scrambling New Meaning,” USA Today,” April 7, 1994.
208 a speech Gilmore’s talk is reprinted as “Preserving Privacy in America,” Intertek, Vol. 3, No. 2, Summer, 1991.
210 Crypto Anarchist Manifesto Reprinted in Ludlow’s High Noon on the Electronic Frontier, pp. 237–39.
212 Cypherpunk Manifesto Posted to cypherpunk listserv October 5, 1992.
213 Parker “Crypto and Avoidance of Business Information Anarchy,” speech to the ACM Conference on Computer and Communication Security, November 1993.
215 Numbers In David Chaum, editor, Smart Card 2000, North Holland, 1991.
216 Dining David Chaum, “The Dining Cryptographer’s Problem: Unconditional Sender and Receiver Untraceability,” Journal of Cryptology, Vol. 1, No. 1, 1988, pp. 65–75.
221 University of Washington Matt Thomlinson, posting to cypherpunk list-serv, January 30, 1994.
223 Anonymity A good discussion is found in Jonathan D. Wallace, “Nameless in Cyberspace: Anonymity on the Internet,” Cato Briefing Papers, No. 54, December 8, 1999.
224 BlackNet May’s posting is reprinted in Ludlow’s High Noon on the Electronic Frontier, pp. 241–44.
225 Parker “Crypto and Avoidance,” op. cit.
The bulk of this chapter was derived from personal interviews and a wealth of declassified documents supplied to me by EPIC or John Gilmore. My contemporary account of the Clipper battle was “The Cypherpunks vs. Uncle Sam,” Sunday New York Times Magazine, June 12, 1994. Another helpful article was Bob Davis, “Clipper Chip Is Your Friend,” Wall Street Journal, March 22, 1994.
Page
231 Issue One Meetings of the “TWG” were summarized in (now partially declassified) memoranda. In the first meeting, held at Fort Meade on May 5, 1989, NIST called public key “TWG Issue Number One.”
232 Capstone The workings of Capstone and Clipper are described in more detail in Dorothy Denning, “The Clipper Encryption System,” American Scientist, Vol. 81, July–August 1993.
234 presented these . . . draconian and invasive Lynn McNulty, NIST Memo, “Summary of 7/23-24/92 Off-Site Meeting,” July 27, 1992.
237 Sessions call David Stipp, “Techno-Hero or Public Enemy,” Fortune, November 11, 1996.
239 Barlow “Jackboots on the Infobahn,” reprinted in Ludlow’s High Noon on the Electronic Frontier, pp. 207–13.
240 going forward J. R. Davis, “Use of Clipper Chip in AT&T TSD 3600 During Phase of Production,” memo to Sessions, December 23, 1992.
240 Encryption, Law Enforcement Briefing document sent to Tenet, February 19, 1993.
244 slide show “Telecommunications Overview” prepared by the FBI’s Advanced Telephony Unit.
248 Barlow “Jackboots on the Infobahn,” reprinted in Ludlow’s High Noon on the Electronic Frontier, pp. 207–13.
249 Denning See Steven Levy, “Clipper Chick,” Wired, September 1996.
249 Pilgrim maiden Sterling, The Hacker Crackdown, p. 299.
249 important step “Statement by the Press Secretary,” The White House, April 16, 1993.
250Times article John Markoff, “New Communication System Stirs Talk of Privacy vs. Eavesdropping,” April 16, 1993.
252 It’s not America Steven Levy, “Uncle Sam.”
252 Safire “Sink the Clipper,” New York Times, February 4, 1994.
253 lion’s den Baker’s speech was adapted as “Don’t Worry Be Happy: Why Clipper Is Good for You,” in Wired, June 1994.
253 Skipjack E. F. Brickell, D. E. Denning, S. T. Kent, D. P. Maher, and W. Tuchman, “Skipjack Review—Interim Report,” unpublished, July 28, 1993.
253 Micali Silvio Micali, “Fair Cryptosystems,” Technical Memo, Laboratory for Computer Science, MIT, August 21, 1992.
254 Hall of Fame Levy, “Uncle Sam . . . ,”
254 War Tim May, “The Coming Police State,” posting to cypherpunk listserv March 9, 1994.
254 hearings U.S. Senate, Committee on the Judiciary, Subcommittee on Technology and the Law, Clipper Chip Key Escrow Encryption Program, hearings, May 3, 1994, 103d Congress, Second Sess.
260 there it was John Markoff, “Flaw Discovered in Federal Plan for Wiretapping,” New York Times, June 2, 1994. Blaze’s paper on the Clipper flaw is “Protocol Failure in the Escrowed Encryption Standard,” Proceedings of the Second ACM Conference on Computer and Communications Security, November, 1994.
261 poll Philip Elmer-Dewitt, “Who Should Keep the Keys?” Time, March 14, 1994.
263 Gejdenson and Cantwell U.S. House of Representatives, Committee on Foreign Affairs, Subcommittee on Economic Policy, Trade, and Environment, Export Controls on Mass Market Software, Hearings, October 12, 1993, 103d Congress, First Sess.
267 Gore’s letter Reprinted in Schneier and Banisar’s The Electronic Privacy Papers, p. 692.
Some of this chapter was drawn from my article “Wisecrackers,” Wired, April 1996.
Page
271 his talk Robert Morris, “Ways of Losing Information,” Invited Lecture at Crypto ’95, August 29, 1995.
275 quantum factorization Giles Brassard, CryptoBytes, Vol. 1, No. 1, Spring, 1995.
287 the local paper David Bank, “The Keys to the Kingdom,” San Jose Mercury News, June 27, 1994.
289 hearingExport Controls on Mass Market Software.
291 filed a complaint Accounts of the search warrant are told in Wendy M. Grossman, “alt.scientology.war,” Wired, December 1995 and Wallace and Morgan’s Sex, Laws, and Cyberspace.
294 lost the patents The story is most completely recounted in “How Digicash Blew Everything,” originally published in Dutch-language Next! Magazine.
296 classified details In Dam and Lin’s Cryptography’s Role in Securing the Information Society,
297 ended in flames Judge Charles R. Richey, Memorandum Opinion, Karn v. State, CA-95-1812 (D.C.C), March 22, 1996.
297 Bernstein Besides personal interviews and court documents, additional background on Bernstein was drawn from Peter Cassidy, “Reluctant Hero,” Wired, June 1996.
299 no exempt groups Tapes Bernstein made of this and other conversations are included in the court record.
302 DES-cracking machine The project is described in great detail in the Electronic Frontier Foundation’s Cracking DES.
303 the objective Freeh’s remarks were made at the Conference on Global Cryptography, September 26, 1994.
306 Weldon Mike Godwin, “The New Cryptographic Landscape,” E-Commerce Law Weekly, Vol. 1, No. 1, October 19, 1999.
307 price tag Don Clark, “Bidzos Holds Key to Guarding Internet Secrets,” Wall Street Journal, April 16, 1996.
307 lawsuits Though much of the case is sealed, some documents in RSA Data Security, Inc. vs. Cylink Corporation and Caro-Kann Corporation are public.
311 expiration date In fact, two of the Stanford patents, covering Diffie-Hellman key exchange and knapsacks (and arguably the concept of public key itself) had expired in 1997. The MIT patent covering RSA expired September 20, 2000.
Some of the information here first appeared in Wired, April 1999, “The Open Secret,” which was the first complete account of the Communications-Electronics Security Group (CESG) advances. (Simon Singh’s account in The Code Book was to follow.) Ellis’s paper “The Story of Non-Secret Encryption” lays the outline for the discoveries and, like the other CESG papers, is available on its Web site. Some of Clifford Cocks’s remarks here were drawn from “The Invention of Non-Secret Encryption,” a talk given at Bletchley Park on June 20, 1998, at a “History of Cryptography” seminar hosted by the British Society for the History of Mathematics.
Page
316 Project C43 The paper is still not available. It is unclear whether this research was related to speech-encryption work known as “Project X” in Bell Labs. In Turing: The Enigma, Andrew Hodges describes Alan Turing’s participation in that project, which also benefited from the input of Claude Shannon (also at Bell Labs then) and William Friedman. If there was any cross-influence of those projects, that means that public key’s heritage directly flows from the century’s major prepublic key cryptographic figures.
323 finished his memo M. J. Williamson, “Non-Secret Encryption Using a Finite Field,” CESG Report, January 21, 1974. Cocks’s scheme was “A Note on Non-Secret Encryption,” CESG Report, November, 20, 1973.
325 small step M. J. Williamson, “Thoughts on Cheaper Non-Secret Encryption,” CESG Report, August 10, 1976.
327 Prime Prime’s story is told in the afterword of Bamford’s The Puzzle Palace.
327 Walker family The Walker tale is nicely laid out in Howard Blum’s I Pledge Allegiance . . . New York, Simon & Schuster, 1987.
327 Boyce and Lee Boyce and Lee are the protagonists in Robert Lindsey’s The Falcon and the Snowman, New York, Simon & Schuster, 1979.