The following was written by me in response to David Friedman's request
for an overview of various encryption technologies, what they can do,
and why they are important.
This summary does not discuss any mathematics of this technology, it is
meant for someone that wants to know what it is, and what it can do,
without having to know all the mathematical details.
This message can be stored in the exi-essay ftp archive.
Forwarded message:
PUBLIC KEY CRYPTOGRAPHY -- each person generates two keys, one is
called the public key the other is the private key. These two are
related in that what is encrypted with one can only be decrypted with
the other. It is impossible (computationally infeasible) to derive one
knowing the other. The most popular public key cryptography algorithm
is RSA, which is based on the ease of multiplying large primes, and the
difficulty of factoring the product.
How it is used: you publish the public key, while keeping the private
key to yourself. Anyone can send a secret message to you by encrypting
it with your public key. You are the only one that can decrypt the
message, since only you have the private key.
You can reply by encrypting your message with their public key, and
they can decrypt it with their private key.
DIGITAL SIGNATURES -- techniques that are used to verify that a message
claiming to be from you was actually written by you. To do that, you
compute a "message digest", which is similar to a "checksum" in that it
can be used to check that the message has not been altered. Then you
encrypt the "digest" with your private key and attach to the message.
Currently the most popular "digest" algorithm is MD5.
To verify a signature: the person verifying computes the same
checksum, then decrypts the checksum attached to the message. If the
two match, the message must have been signed by you, since no-one else
has your private key, and could not have generated the signature.
DIFFEY-HELLMANN KEY EXCHANGE -- a protocol by which two communicating
parties can arrive at a secret piece of information that can not be
known to a passive eavesdropper (as in a wiretap), and can not be
recovered from analysis of recorded communication. This secret piece
of information is usually used as the key for a conventional
cryptography algorithm such as DES or IDEA to encrypt following
communication.
This can be used, for example, for secure telephones. Two people with
these phones connect through the usual telephone network, push the "go
secure" button, the phones perform Diffey-Hellmann key exchange, and
encrypt the following conversation with the resulting secret key.
Not that these two people did not have to meet in person, or transmit a
key through any other channel. The key was generated as needed.
After the conversation is finished, both phones erase the key from
their memory. For the next conversation, a new key is set up.
Someone who has a recording of a wiretap has absolutely no way of
knowing what they key was, and therefore can not decode the
conversation.
This technology makes wiretaps obsolete.
SENDER UNTRACEABILITY -- use of a protocol by which one of a group of
communicating entities can send a public message, while it is impossible
to trace the message to the sender. This can be used to send messages
anonymously or pseudonymously and untraceably. One of the protocols
that makes this possible is David Chaum's dc-net protocol, in which
every participant sends some data, and when all the data are combined,
the anonymous message emerges. This has been called the "cryptographic
ouja board", because a message appears, but it is impossible to find
out who sent it. If one-time pads are used, this system is
unconditionally secure, which means that even an enemy with an infinite
amount of time and processing power van not deduce the sender from
available information.
Another sender untraceability system is the mix-net, or "remailer"
approach. In this case, you send your message to a re-mailer, with
encrypted instructions on where to send it. By sending your message
through a chain of such remailers, untraceability is achieved. This
depends on the remailers not keeping logs that can correlate incoming
and outgoing messages, or unwillingness to reveal such logs to your
enemy.
RECEIVER UNTRACEABILITY -- a method by which you can retrieve a message
sent to you, without anyone having any way of knowing that you received
the message, or indeed if you received any message at all.
How it works: anyone wanting to leave a message to you encrypts it
with your public key, and posts it on a "bulletin board". You download
all the messages from the bulletin board periodically, and see if you
can decrypt any using your private key.
Since everyone downloads all the messages, and THEN attempts to decrypt
them on their own machine, no-one observing the communications link has
any way of knowing who received what message, or even if someone
received any messages at all. This system, along with the dc-net, can
provide completely untraceable global communications. It does,
however, require substantial communications bandwidth and storage
capacity.
DIGITAL CASH -- one entity creates some amount of digital "tokens",
which may then be transferred to other people, who can transfer them
between each other, and when they are returned to their creator, he can
not trace the transactions that have occurred, only the total balance of
a person at the end of the set of transactions.
This combines the anonymity and untraceability of cash with the
convenience and efficiency of electronic transactions. In combination
with the above systems, it is superior to cash since any person can pay
anyone else, anonymously and untraceably, without having to meet in
person.
David Friedman asks: "How can it be used, and why does it matter?"
Each of these technologies by itself can not accomplish much. But if
all these are put together, any person can send messages to any other
person, or transact business without anyone but the two of them knowing
what occurred, or, even that something at all occurred between these two
persons.
Furthermore, these two people don't need to know anything about each
other, but their public key. They can be completely anonymous, or use
a pseudonym.
As for why it matters, I include here Timothy C. May's Crypto Anarchist
Manifesto:
The Crypto Anarchist Manifesto
Timothy C. May
tcmay(a)netcom.com
A specter is haunting the modern world, the specter of crypto anarchy.
Computer technology is on the verge of providing the ability for
individuals and groups to communicate and interact with each other in a
totally anonymous manner. Two persons may exchange messages, conduct
business, and negotiate electronic contracts without ever knowing the
True Name, or legal identity, of the other. Interactions over networks
will be untraceable, via extensive re- routing of encrypted packets and
tamper-proof boxes which implement cryptographic protocols with nearly
perfect assurance against any tampering. Reputations will be of central
importance, far more important in dealings than even the credit ratings
of today. These developments will alter completely the nature of
government regulation, the ability to tax and control economic
interactions, the ability to keep information secret, and will even
alter the nature of trust and reputation.
The technology for this revolution--and it surely will be both a social
and economic revolution--has existed in theory for the past decade.
The methods are based upon public-key encryption, zero-knowledge
interactive proof systems, and various software protocols for
interaction, authentication, and verification. The focus has until now
been on academic conferences in Europe and the U.S., conferences
monitored closely by the National Security Agency. But only recently
have computer networks and personal computers attained sufficient
speed to make the ideas practically realizable. And the next ten years
will bring enough additional speed to make the ideas economically
feasible and essentially unstoppable. High-speed networks, ISDN,
tamper-proof boxes, smart cards, satellites, Ku-band transmitters,
multi-MIPS personal computers, and encryption chips now under
development will be some of the enabling technologies.
The State will of course try to slow or halt the spread of this
technology, citing national security concerns, use of the technology by
drug dealers and tax evaders, and fears of societal disintegration.
Many of these concerns will be valid; crypto anarchy will allow
national secrets to be trade freely and will allow illicit and stolen
materials to be traded. An anonymous computerized market will even make
possible abhorrent markets for assassinations and extortion. Various
criminal and foreign elements will be active users of CryptoNet. But
this will not halt the spread of crypto anarchy.
Just as the technology of printing altered and reduced the power of
medieval guilds and the social power structure, so too will cryptologic
methods fundamentally alter the nature of corporations and of
government interference in economic transactions. Combined with
emerging information markets, crypto anarchy will create a liquid
market for any and all material which can be put into words and
pictures. And just as a seemingly minor invention like barbed wire made
possible the fencing-off of vast ranches and farms, thus altering
forever the concepts of land and property rights in the frontier West,
so too will the seemingly minor discovery out of an arcane branch of
mathematics come to be the wire clippers which dismantle the barbed
wire around intellectual property.
Arise, you have nothing to lose but your barbed wire fences!
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.
David Friedman asks for a brief summary of the present legal/political
attempts and suggestions that have been made to control the
technology.
The FBI has proposed a "Digital Telephony" bill, which would require
all providers of any kind of communications service to build in a
wiretap capability for the government. Department of State is
restricting the export of any crypto software, claiming that it is a
weapon, and therefore falls under ITAR (International Traffic in Arms
Regulations) rules. Public Key Partners (PKP) holds the control of
patents that cover RSA, and possibly the very idea of public key
cryptography. Someone (I can't provide a reference) has proposed that
anyone that uses encryption should be required to register their key
with the Justice Department, so that the text could be decrypted if a
search warrant is issued. These are all the attempts to control this
technology that come to my mind right now.
The Electronic Frontier Foundation (EFF) can probably provide more
information (e-mail to eff(a)eff.org)
--
Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek
this address preferred -->> yanek(a)novavax.nova.edu <<-- this address preferred
Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood
(305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819