[Forward] : : : Date: Thu, 28 May 1998 03:17:16 -0400 To: John Young <jya@pipeline.com> From: Vin McLellan <vin@shore.net> Subject: Public Key Royalties Hi John: You recently posted a note from a 5/7/98 GAO report[*] on federal (Bayh-Dole Act) funding for US research universities in which documented MIT's 1996 revenues from the commercialization of public key crypto. In an accompanying note, you raised a few questions about the historical background of PKC that I thought a deserved response. The politics of crypto in the US is burdened with enough shadowy plots that it behooves those of us who try to track the history of the industry to keep a grip on simple historical fact whenever we can. I personally think the key figures involved in the discovery of PKC -- certainly Whit Diffie, Martin Hellman, Ron Rivest and Len Adleman -- have for years been exemplary role-models of personal and intellectual discipline, professional openness, and forthright political engagment (in the best sense of the word). I wouldn't like to see the public's understanding of their contributions lost beneath another layer of Byzantine conspiracy theories. You wrote:

In a recent GAO report on governmental funding of university research there is this note:

In fiscal year 1996, the commercialization of the public key encryption method, which was developed under grants from the Navy and NSF, resulted in $271,875 in royalties to MIT.

Does this refer to RSA or PGP? Did the Navy underwrite RSA's PK work? If so does the USG have a secret stake in PGP, Network Associates and RSA?

More: did the Navy guide PK researchers based on the secret UK PK work before Diffie-Hellman?

Quick answers to your first questions: (1) RSA. RSA Data Security Inc.(RSADSI), a company started by the three inventors of the RSA cryptosystem was given a contract by MIT to commercialize the RSA cryptosystem. Under the terms of that contract, RSADSI pays royalties to MIT, which still owns the RSA patent. (2) Nope. The Office of Naval Research (ONI) did staff the "contracting office" responsible for administering DARPA funding for the MIT labs where Rivest, Shamir, and Adleman did their initial work -- but neither the Navy, nor DARPA, nor the NSA, nor the CIA, nor the Feebees supported the subsequent development of public key cryptography at RSADSI (the company started by the three inventors which was subsequently given an exclusive contract by MIT to commercialize the RSA algorithm.) (3) No secret stake in RSADSI -- so say the sworn documents filed with the SEC before the 1996 merger of RSADSI and SDTI. PGP was not developed at MIT. PGP has never paid royalties to MIT. I don't actually know if there is, or ever was, any relationship or federal "stake" in PGP Inc. or Network Associates Inc., but I doubt it. (I also think your suggestion, without evidence, is a fairly gratuitous slander against all these firms -- given the historic interest of US government agencies in weakening non-government crypto and/or forcing independent cryptographic vendors to corrupt their designs with backdoors to allow surreptitous government access to encrypted messages and files.) As you may recall, I do a lot of consulting for Security Dynamics (SDTI), which purchased RSADSI in 1996. I sent your questions over to Ron Rivest, and he asked me to pass along his response:

The work on RSA at MIT was supported by NSF grant MCS76-14294 and ONR (Office of Naval Research) grant N00014-67-A-0204-0063. (See the footnote on the original RSA paper.) I note that the ONR is the contracting office for a DARPA grant here; the "Navy" as such was not involved.

(The grants listed above did not even specify cryptography in their proposals, and it was more of a courtesy than anything else to acknowledge their support on the RSA paper, since they were supporting other research in algorithms and such.)

As a consequence of this support, the U.S. government does not have to pay royalties on the "RSA patent" (U.S. patent 4,405,829.) This is a standard arrangement for government-supported research; the government doesn't want to have to pay twice for the work.

There is no "secret stake" by the government in RSA. The royalty-free license of the patent is their only involvement.

There was no contact, influence, or involvement from any government source regarding our development of RSA. Assuming (correctly, I believe) that the Diffe-Hellman paper (New Directions in Cryptography) was developed independently of any similar developments in the U.K., then the academic development of the concept of public-key, and our consequent development of RSA, were totally independent of whatever developments happened earlier in the U.K.

Indeed, given the reaction from the government that we've seen ever since, trying to control and/or suppress public-key technology, it is extremely bizarre to conjecture that the government in any way encouraged it early on or gave technical advice based on work in the U.K.

I suggest anyone interested in the work on "dual key" cryptography by British government cryptographers in the early 1970s will want to read Jame Ellis' fascinating paper, published last December by the British government, at: http://www.cesg.gov.uk/ellisint.htm There was also a brief but helpful NYT article by Peter Wayner, available at: http://www.nytimes.com/library/cyber/week/122497encrypt.html There have doubtless been numerous breakthroughs and great inventions in the shadowy world of government cryptography. Unfortunately, the hostility of this (and most governments) have shown toward allowing such privacy-enabling technologies to fall into the hands of mere citizens will probably mean that we will have to wait for those inventions to be rediscovered and thus made available to the free world by others. I think we were all lucky that public key crypto -- the necessary foundation for on-line electronic commerce, which in turn is seen by many as potentially the economic engine for 21st Century -- was discovered, or rediscovered, by mere citizens who looked first to its personal and commercial implications. I don't think there was a chance in hell that GCHQ, or the NSA (which also claims to have separately discovered PKC ten years before Hellman and Diffie conceived of it) could have recognized its personal or commercial potential... or would have allowed it to come into the widespread use we see today if, perchance, they _had_ foreseen that potential. Please feel free to post this. Thanks again for all your work collecting the treasure trove of documents you have at jya.com. It's an invaluable resource. Surete, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A thinking man's Creed for Crypto/ vbm. * Vin McLellan + The Privacy Guild + <vin@shore.net> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 [End Forward] * See report: http://jya.com/rced-98-126.txt (184K)