Encryption

The use of encryption to disguise the meanings of messages goes back thousands of years (the Romans, for example, used substitution ciphers, where each letter in a message was replaced with a different letter). Mechanical cipher machines first came into general use in the 1930s. Dur-ing World War II the German Enigma cipher machine used multiple rotors and a configurable plugboard to cre-ate a continuously varying cipher that was thought to be unbreakable. However, Allied codebreakers built electrome-chanical and electronic devices that succeeded in exploiting flaws in the German machine (while incidentally advancing computing technology). During the cold war Western and Soviet cryptographers vied to create increasingly complex cryptosystems while deploying more powerful computers to decrypt their opponent’s messages.

In the business world, the growing amount of valuable and sensitive data being stored and transmitted on comput-ers by the 1960s led to a need for high-quality commercial encryption systems. In 1976, the U.S. National Bureau of Standards approved the Data Encryption Standard (DES), which originally used a 56-bit key to turn each 64-bit chunk of message into a 64-bit encrypted ciphertext. DES relies upon the use of a complicated mathematical function to create complex permutations within blocks and charac-ters of text. DES has been implemented on special-purpose chips that can encrypt millions of bytes of message per second.

Public-Key Cryptography

Traditional cryptosystems such as DES use the same key to encrypt and decrypt the message. This means that the key must be somehow transmitted to the recipient before the latter can decode the message. As a result, security may be compromised. However, the same year DES was officially adopted, Whitfield Diffie and Martin Hellman proposed a very different approach, which became known as public-key cryptography. In this scheme each user has two keys, a private key and a public key. The user publishes his or her public key, which enables any interested person to send the user an encrypted message that can be decrypted only by using the user’s private key, which is kept secret. The sys-tem is more secure because the private key is never transmitted. Further, a user can distribute a message encrypted with his or her private key that can be decrypted only with the corresponding public key. This provides a sort of signa-ture for authenticating that a message was in fact created by its putative author.

In 1978, Ron Rivest, Adi Shamir, and Leonard Adelman announced the first practical implementation of public-key cryptography. This algorithm, called RSA, became the pre-vailing standard in the 1980s. While keys may need to be lengthened as computer power increases, RSA is likely to remain secure for the foreseeable future.

Legal Challenges

Until the 1990s, the computer power required for routine use of encryption was generally beyond the reach of most small business and consumer users, and there was little interest in a version of the RSA algorithm for microcomput-ers. Meanwhile, the U.S. federal government tried to main-tain tight controls over encryption technology, including prohibitions on the export of encryption software to many foreign countries.

However, the growing use of electronic mail and the hosting of commerce on the Internet greatly increased con-cern about security and the need to implement an easy-to-use form of encryption. In 1990, Philip Zimmermann wrote an RSA-based email encryption program that he called Pretty Good Privacy (PGP). However, RSA, Inc. refused to grant him the necessary license for its distribution. Further, FBI officials and sympathetic members of Congress seemed poised to outlaw the use of any form of encryption that did not include a provision for government agencies to decode messages.

Believing that people’s liberty and privacy were at stake, Zimmermann gave copies of PGP to some friends. The pro-gram soon found its way onto computer bulletin boards, and then spread worldwide via Internet newsgroups and ftp sites. Zimmermann then developed PGP 2.0, which offered stronger encryption and a modular design that made it easy to create versions in other languages. The U.S. Customs Department investigated the distribution of PGP but dropped the investigation in 1996 without bring-ing charges. (At about the same time a federal judge ruled that mathematician Daniel Bernstein had the right to pub-lish the source code for an encryption algorithm without government censorship.)

Government agencies eventually realized that they could not halt the spread of PGP and similar programs. In the early 1990s, the National Security Agency (NSA), the nation’s most secret cryptographic agency, proposed that standard encryption be provided to all PC users in the form of hardware that became known as the Clipper Chip. How-ever, the hardware was to include a “back door” that would allow government agencies and law enforcement (presum-ably upon fulfilling legal requirements) to decrypt any mes-sage. Civil libertarians believed that there was far too much potential for abuse in giving the government such power, and a vigorous campaign by privacy groups resulted in the mandatory Clipper Chip proposal being dropped by the mid-1990s in favor of a system called “key escrow.” This system would require that a copy of each encryption key be deposited with one or more trusted third-party agencies. The agencies would be required to divulge the key if pre-sented with a court order. However, this proposal has been met with much the same objections that had been made against the Clipper Chip.

In the early 21st century, the balance is likely to con-tinue to favor the code-makers over the code-breakers. While it is rumored that the NSA can use arrays of super-computers to crack any encrypted message given enough time, and a massive eavesdropping system called Echelon for analyzing message traffic has been partially revealed, as a practical matter most of the world now has access to high-quality cryptography. Only radically new technology (see quantum computing) is likely to reverse this trend.