CDR: Re: why should it be trusted?

Tim May tcmay at got.net
Tue Oct 17 12:34:14 PDT 2000 

At 7:24 AM -0400 10/17/00, John Young wrote:
>
>
>The question occurs: did PK crypto get leaked on purpose?
>How was it done?

I'm not sure what your implication is, though I have some suspicion 
you are insinuating that the NSA and Company knew PK was somehow weak 
and so it leaked it.

Well, several points:

1. The public part of the process (not counting the Brits and 
possible collaborators who may have invented something very similar 
some years earlier) included several folks many of us know quite 
well: Whit Diffie, Martin Hellman, and Ralph Merkle are all Bay Area 
folks from Stanford and Berkeley, then. And Rivest, Shamir, and 
Adleman are also well known. They have not hinted that they were fed 
information from NSA, or that key results mysteriously appeared on 
their desktops one night.

Conclusion from this: a deliberate leak seems unlikely.

2. The ideas were "in the air" at the time. Merkle had done some 
interesting work on speculating about "puzzles" which might be used 
for encryption. I believe this work went back to around 1974-5, when 
he was a grad student at Berkeley. His notion was that some problems 
are easy to work out in one direction, but hard in the other 
direction. (Think of what we now routinely call one-way functions.)

(By the way, there are comments from the 19th century along similar 
lines, even mentioning cryptography. I think some of the review 
articles on public key have mentioned these historical comments.)

Merkle does not seem to be the kind of person who either would be 
working for the NSA or whom the NSA would pick to be a conduit for 
leaked secrets.

3. Ditto in spades for Whit Diffie. And Martin Hellman was, at that 
time, an active anti-war activist ("Beyond War"). Seems unlikely that 
NSA would pick them.

4. Once the Diffie-Hellman-Merkle early papers on the ideas of public 
key systems were out, Rivest-Shamir-Adleman worked on alternatives to 
the knapsack algorithm. The result was what we know of as RSA.

At no point do I see persuasive evidence that PK and/or RSA were 
"leaked on purpose."

Whit Diffie sometimes shows up at Bay Area Cypherpunk events, so 
someone could ask him. Though I expect he's tired of hearing 
conspiracy theories.

--Tim May
-- 
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
ComSec 3DES:   831-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
"Cyphernomicon"             | black markets, collapse of governments.

More information about the cypherpunks-legacy mailing list