From: Peter Murphy <pkm@maths.uq.oz.au>
I was most taken by the idea of a "Crypto Toolkit". I think it would be understand- able to write the code in plain, vanilla C (as opposed to C++). One good reason is the widespread availability of C compilers, especially with UNIX. Additionally, C++ compilers do take up more space (although this would be more of an issue with PCs.
I think Tim had in mind something that was accessible more from a higher- level language than C or C++; ideally, something interpreted so you could sit down and type in a few commands to get something useful. Perl and TCL are two languages which Tim mentioned and which have been discussed here in the past. Smalltalk might do, although it is not as "freely" avail- able. If you want a C toolkit, a good example already exists: the PGPTOOLS package by Pr0duct Cypher. It is available by ftp from csn.org in /pub/mpj to US citizens, and probably from some European crypto sites as well. This has a bignum package as well as interfaces to IDEA and RSA encryption. It also supports processing of PGP message formats and key rings. The latest version has code for Diffie-Hellman key exchange. Hal
In this message I talk about C code, agents, TeleScript, Smalltalk, PGP tools, and the general and pressing need to somehow make all the diverse fragments of code available and (even more importantly) comprehensible and usable. (As I'm no expert in C++ and the like, take my comments as "moderately informed speculations.") Hal Finney writes:
From: Peter Murphy <pkm@maths.uq.oz.au>
I was most taken by the idea of a "Crypto Toolkit". I think it would be understand- able to write the code in plain, vanilla C (as opposed to C++). One good reason is the widespread availability of C compilers, especially with UNIX. Additionally, C++ compilers do take up more space (although this would be more of an issue with PCs.
I think Tim had in mind something that was accessible more from a higher- level language than C or C++; ideally, something interpreted so you could sit down and type in a few commands to get something useful. Perl and TCL are two languages which Tim mentioned and which have been discussed here in the past. Smalltalk might do, although it is not as "freely" avail- able.
Yes, this is mostly what I meant. Lots of stuff here, and I really should use my outline processor to do a better job of outlining options, routes, and miscellaneous points. But I'll just make a few notes here. (The theme of the next Cypherpunks meeting, date not yet finalized, is "Protocols," so issues like this are presumably relevant. Depending on the date, I may be in L.A., and would welcome meeting with other Southland Cpunks to discuss ideas.) I. What We Have * PGP...the most basic of all crypto functions (RSA encrypt/decrypt/sign/etc.), and it took over a decade to get a usable, public domain (?!) version. (Yes, I know about RIPEM, RSAREF, etc.) (I mention this because _use_ of this protocol, even with a nice manual and whatnot from Phil, Hal, Derek, and others, still mysifies many people, and still is not easily callable from most mail programs, as you all know. This is *terribly important point*, to wit: if the most basic of all crypto functions is so long in gestation and so difficult to use interoperably, what hope do we have in integrating the vast range of crypto protocols to be found in Schneier, the Crypto Conference Proceedings, etc? This is the problem I'd like to see solved, hence my interested in "Computer-Aided Crypto Algorithms," or CACA.) * we also have fragments of C code accumulated and laboriously developed by Bruce Schneier. How many of us have bought the C code book and used the code? (Don't look at me....I had wonderful intentions to convert some of Schneier's code from his C code (and C is something I limp along in, using Think C 6.0, aka Symantec C++) to Mathematica code (which I'm much more adept at playing around with, though not at delivering code usable by others). But I've not yet found the time or motivation to do this, as I suspect is the case with many of us. * there's the ProductCypher (sp?) code which Hal mentioned. I haven't looked at it, for the same reasons I just gave. I _should_ look at it, but I haven't. Oh well. * code in Perl obviously exists in various places, and both Hal Finney and Henry Strickland have written about TCL. Whether these scripting languages, with excellent facilities for accessing Unix utilities directly (as opposed to from deeply within a C program, like PGP), should or can form the basis of a Crypto Toolkit that others will actually use is unclear, to me at least. * other programming efforts presumably exist out there in Cypherpunk land, and some folks not on the List (unless by pseudonym, which is quite possible....after all, ProductCypher is obviously a talented programmer and may be one of the main folks posting algorithms and code fragments to sci.crypt) are clearly writing code for various purposes. ...thus ends my informal summary of what's out there (it may be incomplete, or inaccurate in places...corrections are welcome, as always) II. What's Neeeded * Consider some things we like to talk about: - alternatives to RSA (elliptic functions, etc.) - secret-sharing protocols - remailer-specific code (adding latency, mixing, padding, etc.) - dining cryptographers nets (DC-Nets, a la Chaum, Bos, etc.) - digital cash (a vast area of diverse protocols for clearing transactions, for blinding, for detecting double-spending, etc.) - random number generators (Schneier, for example, supplies code fragments for the Blum-Blum-Shub generator...need I again say that probably few of us know how to "call" this code easily?) - code for message pools, for chaining remailers, etc.....a lot of this exists as scraps of Perl in various places. - and so on My point? How can we achieve the Crypto Singularity (tm) when these algorithms and _conceptual functions_ (my term, meaning that each of these embodies almost an agent-like level of behavioral complexity....hence my interest in implementing these protocols as classes and methods in something like Smalltalk or even the new TeleScript) are scattered around, are hard to grok (a technical term invented by the neural programmer Heinlein), and are more or less going unused today? III. Some Approaches to a Crypto Toolkit * Large collection of C programs. The Schneier approach, except on steroids. Regularize the calling conventions, add further documentation, generate test sample, etc. A massive undertaking, fraught with problems. * C and Perl, and maybe TCL. As above, but use other Unix utilities as needed. * A class library for crypto, in C++. Encapusulate as much of the capability into classes and make them available. For example (and here I'm using Smalltalkish lingo), an "RSA object" would understand (have methods for) messages sent to it that included RSA-encrypted sections. It would find the identifying blocks (a la "begin pgp message") and attempt to decrypt them with its private key. Similarly, a "digital banknote" would have internal structure and methods for dealing with various messages, such as "Display your value" and "Authenticate yourself." I'm not sure how feasible this would be in C++, as I know very little about C++ (I have Symantec C++ and _someday_ plan to learn enough to get by on--not being a professional programmer, and nobody paying me to learn, I have plenty of reasons to keep postponing this learning).
From my Lisp background (Symbolics 3600, Zetalisp, Common Lisp) and from my experiments with Digitalk's Smalltalk/V on my Mac, I think an object-oriented environment could be ideal.
* TeleScript. Here I will go out on a limb and predict that the forthcoming TeleScript, which is nicely described in the latest "Byte" by our very own Peter Wayner, could be the basis for some exciting progress. With multi-platform capability, object orientation, and an explicit foucs on agents running around delivering mail, encrypting, etc., it could be a winner. Few details have been released by General Magic, AT&T, Apple, NEC, etc., and a Developer's Conference is coming in several months. Our own Scott Collins worked for GM for a while, and I believe Fen LaBalme does (though he's not active on this list and may not even read this message). They can no doubt comment generally on the prospects for TeleScript and whether it could form a solid basis for Cypherpunks code. (Speculatively, my notion is to embed in Telescript agents many of the things we've been talking about, and then count on the market to make mailers and Mosaic drivers to talk to these agents. Lots to talk about here.) * Speaking of Mosaic, what about using WWW/Mosaic as the basis for transparent use? I'm already impressed that on a non-Mosaic platform (I don't have either a SLIP or PPP connection at this time) I can use my cut-and-paste to easily do a "lynx http::blah blah blah" and get to a home page with arrow-selectable hypertext points. I can see WWW/Mosaic/Lynx/etc. as a common platform (set of utilities) for handling even encrypted traffic. IV. Conclusions (brief) * Existing tools are hard to understand (isn't surprising--we can't use of an Asmuth-Bloom secret-sharing protocol to be easy to use if people first of all have no idea what "secret sharing" means in a formal sense, etc.) * Integrating existing tools (PGPToolKit, Perl scripts, Schneier's code, RSAREF) into new apps is basically *not* happening, at least not by the Great Masses here on our list (let alone the Unwashed Masses off the list!). * Interoperability with dozens of mailers, on several platforms, remains a critical problem. * Hence, *good luck* in getting all the whizzy new protocols we like to speculate about implemented any time soon. This is the challenge I see. To somehow deal with this set of problems. Thanks for reading...and I again apologize for just sitting down and writing this in emacs instead of using my Mac-based outline processor. Sometimes just writing is better than planning, reorganizing, and never finishing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
On Sun, 24 Apr 1994, Hal wrote:
If you want a C toolkit, a good example already exists: the PGPTOOLS package by Pr0duct Cypher. It is available by ftp from csn.org in /pub/mpj to US citizens, and probably from some European crypto sites as well. This has a bignum package as well as interfaces to IDEA and RSA encryption. It also supports processing of PGP message formats and key rings. The latest version has code for Diffie-Hellman key exchange.
I went to this site to pick up PGPTOOLS but apparently it's moved or something, since the pub/mpj directory doesnt exist and when I scanned some other directories I didnt find it. Does anyone know another pointer to this package? You're eqipped with a hundred billion nueron brain, that's wired and fired, and it's a reality generating device, but you've got too do it. Free youself ----Tim Leary----
participants (3)
-
Hal -
tcmay@netcom.com -
Tortoise