December 24, 1997

British Document Outlines Early Encryption Discovery

By PETER WAYNER

o the list of institutions that Tony Blair's Labor Party is shaking up, add the British Secret Service. Last week, the British government's eavesdropping organization known as the Government Communications Headquarters, or GCHQ, posted a document to its Web site describing its role in the discovery of public key cryptography. The set of algorithms, equations and arcane mathematics that make up public key cryptography are a crucial technology for preserving computer privacy in and making commerce possible on the Internet. Some hail its discovery as one of the most important accomplishments of 20th-century mathematics because it allows two people to set up a secure phone call without meeting beforehand. Without it, there would be no privacy in cyberspace. The move by the once dusty and secretive organization is clearly an attempt to recast its image as a pioneering leader of cyberspace. For the last 20 years, the public gave credit for the discovery to Martin Hellman, a professor at Stanford University, and two graduate students who worked with him at the time, Ralph Merkle and Whitfield Diffie. They started publishing their work in 1976. Three professors at the Massachusetts Institute of Technology at the time, Ron Rivest, Adi Shamir and Len Adleman soon followed with another similar approach known by their initials, RSA, which went on to become one of the dominant solutions used on the Internet. Before public key cryptography, anyone who wanted to use a secret code needed to arrange for both sides to have a copy of the key used to scramble the data, a problem that requires either trusted couriers or advance meetings. PKC, as it is sometimes known, erased this problem by making it possible for two people, or more properly their computers, to agree upon a key by performing some complicated mathematics. There is no publicly known way for an eavesdropper to pick up the key by listening in.

he new document details how three employees of the British government discovered the same approach several years earlier, but kept it a secret for reasons of national security. A spokesman for the British government's GCHQ, said that the document's release is part of a "pan-governmental drive for openness" pushed by the Labor party. The document describing the steps of invention taken by the spies was written by James Ellis, a mathematician and cryptographer who died less than a month ago. In it, Ellis describes how he suggested the existence of what he called "non-secret encryption" in 1970s.

It must be really difficult for them to watch other people get the credit.
Martin Hellman, Stanford University

Ellis says that Clifford Cocks followed with a more practical solution in 1973 that was essentially the same thing as the algorithm published by Rivest, Shamir and Adleman. The paper also says that Malcolm Williamson discovered an algorithm in 1974 that was very similar to the work of Diffie and Hellman. They did not replicate the work done by Merkle and Hellman. In a telephone interview from his office in La Jolla, Calif., Malcolm Williamson said that he felt bad when others discovered the solution, but concluded, "I was working at the British government and that's just one of the restrictions you work under when you work for the government." Hellman said in a telephone interview that he agrees. "It must be really difficult for them to watch other people get the credit," he said. "But that's the agreement they made when they agreed to work in secret." He was also quick to point out that the secret branches of the government have the help of large budgets and classified knowledge. "Diffie, I and Merkle were working in a vacuum." he said. "If we had access to all of the classified literature of the previous 30 years, it would really be an advantage." For his part, Diffie said in a telephone interview from Cirencester, England, that he thinks that GCHQ never realized the deep importance of what the mathematicians discovered. He said that he met James Ellis several years ago and "within an hour of meeting me, Ellis said, 'You did much more with this than we did.'"

Diffie also suggested that the history of ideas is hard to write because many people often find solutions to different problems only to later determine they've discovered the same thing. he story keeps going farther back. Recently, Matt Blaze, a cryptographer employed at Bell Labs, got a copy of a memorandum from the desk of John F. Kennedy about the problem of securing nuclear weapons with launch codes. Steve Bellovin, a colleague of Blaze's at Bell Labs, said: "When I read this memo, I don't see anything that would require public key cryptography. But I think they're in the neighborhood. For so many things, the answer is the easy part. Asking the question is the hard part. I think this got them asking the questions." Historians of science will certainly spend time sorting out the various claims. David Kahn, the author of the best selling history The Codebreakers, said that he recently asked the National Security Agency to declassify some documents so he could write the proper history of public key cryptography. He said an NSA staff member told him, "I've spoken to the guys who did this, but they don't want to be interviewed now." This suggests that the NSA also may have discovered public-key systems or had a hand in exploring them. Kahn hopes that the NSA will follow in Britain's lead so an accurate history can be written. Jim Bidzos, the chief executive of RSA Data Security, the division of the publicly traded Security Dynamics that holds the patent on the RSA, said that the announcement in Britain will have no effect on the company's business. Patent law is based on the notion that the inventors trade knowledge about the invention in return for an exclusive license to practice it. In fact, it is an interesting question to wonder whether Britain could have changed the history of cyberspace by disclosing the invention and encouraging the development of widespread cryptographic security for the public. This may have been a wise move during the height of the cold war in the 70's when there were thousands of Soviet tanks poised on the edge of western Europe. Williamson also hastens to note that mathematical equations weren't considered patentable in Britain at the time and without a patent anyone could have used the invention. The RSA patent in the United States was one of the first and it is generally accepted to have expanded the definition. Others are pushing a similar question. In a debate on cryptography policy at the University of Maryland, Baltimore County, John Gilmore, one of the founders of the Electronic Frontier Foundation, said the NSA should be more open. While national

defense is very valuable, he suggested that the need for security in cyberspace for all citizens is going to be essential in the future. In the long run, the history of the discovery of public key cryptography is certain to be written and rewritten often in the next several years as more documents emerge from secret government laboratories. The spokesman from GCHQ promises that more documents are on the way. Hellman is philosophical. "In a way, these things are like gold nuggets that God left in the forest." he said. "If I'm walking along in the forest and I stubbed my toe on it, who's to say I deserve credit for discovering it?" He is quick to point out, however, that he shared the discovery with everyone.