The following was written by me in response to David Friedman's request for an overview of various encryption technologies, what they can do, and why they are important. This summary does not discuss any mathematics of this technology, it is meant for someone that wants to know what it is, and what it can do, without having to know all the mathematical details. This message can be stored in the exi-essay ftp archive. Forwarded message: PUBLIC KEY CRYPTOGRAPHY -- each person generates two keys, one is called the public key the other is the private key. These two are related in that what is encrypted with one can only be decrypted with the other. It is impossible (computationally infeasible) to derive one knowing the other. The most popular public key cryptography algorithm is RSA, which is based on the ease of multiplying large primes, and the difficulty of factoring the product. How it is used: you publish the public key, while keeping the private key to yourself. Anyone can send a secret message to you by encrypting it with your public key. You are the only one that can decrypt the message, since only you have the private key. You can reply by encrypting your message with their public key, and they can decrypt it with their private key. DIGITAL SIGNATURES -- techniques that are used to verify that a message claiming to be from you was actually written by you. To do that, you compute a "message digest", which is similar to a "checksum" in that it can be used to check that the message has not been altered. Then you encrypt the "digest" with your private key and attach to the message. Currently the most popular "digest" algorithm is MD5. To verify a signature: the person verifying computes the same checksum, then decrypts the checksum attached to the message. If the two match, the message must have been signed by you, since no-one else has your private key, and could not have generated the signature. DIFFEY-HELLMANN KEY EXCHANGE -- a protocol by which two communicating parties can arrive at a secret piece of information that can not be known to a passive eavesdropper (as in a wiretap), and can not be recovered from analysis of recorded communication. This secret piece of information is usually used as the key for a conventional cryptography algorithm such as DES or IDEA to encrypt following communication. This can be used, for example, for secure telephones. Two people with these phones connect through the usual telephone network, push the "go secure" button, the phones perform Diffey-Hellmann key exchange, and encrypt the following conversation with the resulting secret key. Not that these two people did not have to meet in person, or transmit a key through any other channel. The key was generated as needed. After the conversation is finished, both phones erase the key from their memory. For the next conversation, a new key is set up. Someone who has a recording of a wiretap has absolutely no way of knowing what they key was, and therefore can not decode the conversation. This technology makes wiretaps obsolete. SENDER UNTRACEABILITY -- use of a protocol by which one of a group of communicating entities can send a public message, while it is impossible to trace the message to the sender. This can be used to send messages anonymously or pseudonymously and untraceably. One of the protocols that makes this possible is David Chaum's dc-net protocol, in which every participant sends some data, and when all the data are combined, the anonymous message emerges. This has been called the "cryptographic ouja board", because a message appears, but it is impossible to find out who sent it. If one-time pads are used, this system is unconditionally secure, which means that even an enemy with an infinite amount of time and processing power van not deduce the sender from available information. Another sender untraceability system is the mix-net, or "remailer" approach. In this case, you send your message to a re-mailer, with encrypted instructions on where to send it. By sending your message through a chain of such remailers, untraceability is achieved. This depends on the remailers not keeping logs that can correlate incoming and outgoing messages, or unwillingness to reveal such logs to your enemy. RECEIVER UNTRACEABILITY -- a method by which you can retrieve a message sent to you, without anyone having any way of knowing that you received the message, or indeed if you received any message at all. How it works: anyone wanting to leave a message to you encrypts it with your public key, and posts it on a "bulletin board". You download all the messages from the bulletin board periodically, and see if you can decrypt any using your private key. Since everyone downloads all the messages, and THEN attempts to decrypt them on their own machine, no-one observing the communications link has any way of knowing who received what message, or even if someone received any messages at all. This system, along with the dc-net, can provide completely untraceable global communications. It does, however, require substantial communications bandwidth and storage capacity. DIGITAL CASH -- one entity creates some amount of digital "tokens", which may then be transferred to other people, who can transfer them between each other, and when they are returned to their creator, he can not trace the transactions that have occurred, only the total balance of a person at the end of the set of transactions. This combines the anonymity and untraceability of cash with the convenience and efficiency of electronic transactions. In combination with the above systems, it is superior to cash since any person can pay anyone else, anonymously and untraceably, without having to meet in person. David Friedman asks: "How can it be used, and why does it matter?" Each of these technologies by itself can not accomplish much. But if all these are put together, any person can send messages to any other person, or transact business without anyone but the two of them knowing what occurred, or, even that something at all occurred between these two persons. Furthermore, these two people don't need to know anything about each other, but their public key. They can be completely anonymous, or use a pseudonym. As for why it matters, I include here Timothy C. May's Crypto Anarchist Manifesto: The Crypto Anarchist Manifesto Timothy C. May tcmay@netcom.com A specter is haunting the modern world, the specter of crypto anarchy. Computer technology is on the verge of providing the ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. Two persons may exchange messages, conduct business, and negotiate electronic contracts without ever knowing the True Name, or legal identity, of the other. Interactions over networks will be untraceable, via extensive re- routing of encrypted packets and tamper-proof boxes which implement cryptographic protocols with nearly perfect assurance against any tampering. Reputations will be of central importance, far more important in dealings than even the credit ratings of today. These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions, the ability to keep information secret, and will even alter the nature of trust and reputation. The technology for this revolution--and it surely will be both a social and economic revolution--has existed in theory for the past decade. The methods are based upon public-key encryption, zero-knowledge interactive proof systems, and various software protocols for interaction, authentication, and verification. The focus has until now been on academic conferences in Europe and the U.S., conferences monitored closely by the National Security Agency. But only recently have computer networks and personal computers attained sufficient speed to make the ideas practically realizable. And the next ten years will bring enough additional speed to make the ideas economically feasible and essentially unstoppable. High-speed networks, ISDN, tamper-proof boxes, smart cards, satellites, Ku-band transmitters, multi-MIPS personal computers, and encryption chips now under development will be some of the enabling technologies. The State will of course try to slow or halt the spread of this technology, citing national security concerns, use of the technology by drug dealers and tax evaders, and fears of societal disintegration. Many of these concerns will be valid; crypto anarchy will allow national secrets to be trade freely and will allow illicit and stolen materials to be traded. An anonymous computerized market will even make possible abhorrent markets for assassinations and extortion. Various criminal and foreign elements will be active users of CryptoNet. But this will not halt the spread of crypto anarchy. Just as the technology of printing altered and reduced the power of medieval guilds and the social power structure, so too will cryptologic methods fundamentally alter the nature of corporations and of government interference in economic transactions. Combined with emerging information markets, crypto anarchy will create a liquid market for any and all material which can be put into words and pictures. And just as a seemingly minor invention like barbed wire made possible the fencing-off of vast ranches and farms, thus altering forever the concepts of land and property rights in the frontier West, so too will the seemingly minor discovery out of an arcane branch of mathematics come to be the wire clippers which dismantle the barbed wire around intellectual property. Arise, you have nothing to lose but your barbed wire fences! -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement. David Friedman asks for a brief summary of the present legal/political attempts and suggestions that have been made to control the technology. The FBI has proposed a "Digital Telephony" bill, which would require all providers of any kind of communications service to build in a wiretap capability for the government. Department of State is restricting the export of any crypto software, claiming that it is a weapon, and therefore falls under ITAR (International Traffic in Arms Regulations) rules. Public Key Partners (PKP) holds the control of patents that cover RSA, and possibly the very idea of public key cryptography. Someone (I can't provide a reference) has proposed that anyone that uses encryption should be required to register their key with the Justice Department, so that the text could be decrypted if a search warrant is issued. These are all the attempts to control this technology that come to my mind right now. The Electronic Frontier Foundation (EFF) can probably provide more information (e-mail to eff@eff.org). -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek@novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819