

        Writing is a medium of communication and understanding, but there are
times and places when one wants an entirely different function from writing:
concealment and deliberate bafflement.

        Cryptography, the science of secret writing, is almost as old as
writing itself. The hieroglyphics of ancient Egypt were deliberatly arcane:
both writing and a cypher. Literacy in ancient Egypt was hedged about with 
daunting difficulty, so as to assure the elite powers of priest and scribe.

        Ancient Assyria also used cryptography, including the unique and 
curious custom of 'funerary cryptography.' Assyrian tombs sometimes featured 
odd sets of cryptographic cuneiform symbols. The Assyrian passerby, puzzling 
out the import of the text, would mutter the syllables aloud, and find himself 
accidentally uttering a blessing for the dead. Funerary cryptography was a way 
to steal a prayer from passing strangers.

        Julius Caesar lent his name to the famous 'Caesar Cypher,' which he
used to  secure Roman military and political communications.

        Modern crypographic science is deeply entangled with the science of
computing. In 1949, Claude Shanon, the pioneer of information theory, gave
cryptography its theoretical foundation by establishing the 'entropy' of a
message and a formal measurement for the 'amount of information' encoded in 
any stream of digital bits. Shanon's theories brought new power and
sophistication  to thee code-breaker's historic efforts. After Shanon, digital
machinery could pore tirelessly and repeatedly over any stream of encrypted
gibberish, looking for repititions, structures, coinincidences, any slight
variation from the random that could serve as a weak point for attack.

        Computer pioneer Alan Turing, mathematician and proponent of the 
famous 'Turing Test' for artificial intelligence, was a british cryptographer
in the 1940s. In World War II, Turing and his collegues in espionage used 
electronic machinery the defeat the elaborate mechanical wheels of the German 
Enigma code-machine. Britan's secret triumph over Nazi communication security 
had a very great deal to do with the eventual military triumph of the Allies.
Britan's code-breaking triumph further assured that crypotgraphy would remain
a state secret, and one of the most jealously guarded of all sciences.

        After World War II, cryptography became, and had remained, one of the
crown jewels of the American national security establishment. In the United 
States, the science of cryptography became high-tech demense of the National
Security Agency(NSA), an extremily secretive bureaucracy that President Truman
founded by executive order in 1952, one of the chilliest years of the Cold 
War.
        Very little can be said the surety about the NSA. The very existence
of the organization was not publicly confirmed until 1962. The first
appearance of an NSA director before Congress was 1975. The NSA is said to be
based in fort Meade, Maryland. It is said to have a budget much larger than 
that of the CIA, but this is impossible to determine since the budget of the
NSA has never been a matter of public record. The NSA is said to be the 
largest single employer of mathematicians  in the world. The NSA is rumored
to hacve about 40,000 employees. The acronym NSA is aptly said to stand for 
'Never say Anything'.

        The NSA almost never says anything publicly. However the NSAs prime
role in the shadow world of electronic espionage is to protect the 
communications of the United Sates government, and crack those of the United
States government's real, imagined, or potential adversaries. Since this list
of possible adversaries includes practically evryone, the NSA is determined to
defeat every conceivable  cryptographic technique. In pursuit of this 
institutional goal, the NSA labors (in utter secrecy) to crack codes and 
cyphers, and invent its own less breakable ones.

        The NSA also tries hard to retard civilian progress in the science of
cryptography outside its own walls. The NSA can suppress cryptographic 
inventions through the little known but often-used 'Invention Secrecy Act' of
1952, which allows the commissioner of Patents and Trademarks to withhold
patents on certain new inventions, and to order that those inventions be kept
secret indefinatly, 'as the national interest requires.' The NSA aslo seeks to
control dissemination of information about cryptography, and to control and 
shape the flow and direction of civilian scientific research in that field.

        Cryptographic devices are formally defined as 'munitions' by Title 22
[Foriegn Relations and Intercourse] of the United States Code, and are subject
to the same export and import restrictions as arms, ammunition, and other
instruments of warfare. Violation of International Traffic of Arms Regulations
(ITAR) is a criminal affair investigated and administered by the Department of
State. It is said that the Department of State relies heavily on NSA experts
in determining when to investigate and/or criminally prosecute illicit 
cryptography cases.(This too is impossible to prove)

        The 'munitions' classification for cryptographic devices applies not 
only to physical devices such as telephone scramblers, but also to 'related 
technical data' such as software and mathematical encryption algorithms. This 
specificly includes scientific 'information' that can be 'exported' in all 
manner of ways, including simply verbally discussing cryptography techniques
out loud. One does not have to go overseas and set up shop to be reguarded by
the Department of State as an international arms trafficker. The security ban 
specificly covers disclosing such information to any foriegn national 
anywhere, including within the boarders of the United States.

        These ITAR restrictions have come into increasingly harsh conflict 
with the modern realities of global economics and everyday life in the 
sciences and academia. Over a third of the grad students in computer sciences
on American campuses are foriegn nationals. Strictly applied ITAR regulations
would prevent communication on cryptography, inside an American campus, 
between faculty and students. Most scientific journals have at least a few 
foriegn subscribers, so an exclusivly 'domestic' publication about 
cryptography is also practically impossible. Even writing the information
down on a cocktail napkin could be hazardous: the world is full of photo-
copiers, modems, and fax machines, all of them linked to satellites and under-
sea fiber optic cables.

        In the 1970s and 1980s, the NSA used its surreptitious influence at 
the National Science Foundation to shape scientific research on crypography
through restricting grants to mathematicians. Scientists reacted mulishly, so
in 1978 the 'Public Cryptography Study Group' was founded as an interface
between mathematical scientists in civilian life, and the Cryptographic 
Security Establishment. This group established a series of 'Voluntary Control'
measures, the upshot being that papers by civilian researchers would be vetted
by the NSA well before any publication.

        So the 'Volentary Restraint' worked well for over a decade. Few 
mathematicians were so enamored of the doctrine of academic freedom that they
were prepared to fight the National Security Agency over thier supposed right
to invent codes that would baffle the United States government. In any case,
the mathematical cryptography society was a small group without much real 
political clout, while the NSA was a vast, powerful, well-financed agency
unaccountable to the American public, and reputed to possess many deeply
shadowed avenues of influence in the corridors of power.

        However, as the years rolled on, the electronic exchange of 
information became commonplace, and users of computer data became intensely 
aware of thier neccessity of electronic security over transmissions and data.
One answer was physical security, protect the wiring, keep the physical 
computers behind lock and key. But as personal computers spread and computer
networking grew ever more sophisticated, wide-spread and complex, this 'bar
the door' method became unworkable.

        The volume and importance of information transferred over the Internet
was increasing by orders of magnitude. The Internet was a notoriously leaky
channel of information -its packet switching technology meant that packets of
vital information might be dumped into the machines of unknown parties at any
time. If the Internet itself couldn't be locked up and made leak-proof, and 
this was impossible by the nature of the system, then the only secure solution 
was to encyrpt the message itself, to make that message unusable and 
unreadable, even if it sometimes fell into the improper hands.

        Computers outside the Intewrnet were also at risk. Corporate computers
faced the threat of computer-intrusion hacking, from bored and reckless teen-
agers, or from professional snoops and unethical business rivals both inside
and outside the company. Electroic espionage, especially indutrial espionage,
was intensifing. The French secret services were especially bold in this  
reguard, as American computer and aircraft executives found to thier dismay as 
thier laptops went missing during Paris air trade shows. Trans-Atlantic 
commercial phone calls were routinly tapped by French government spooks 
seeking commercial advantage for French companies in the computer industry, 
aviation, and the arms trade. And the French were far from alone when it came 
to government-supported industrial espionage.

        Protection of Private civilian data from foriegn government spies
required that seriously powerful encryption techniques be placed into private
hands. Unfortunatly, an ability to baffle French spies also meant the ability 
to baffle American spies. This was not good news for the NSA.

        By 1993 encryption had become big business. There were one and a half
million copies of legal encryption software publicly available, including
widly known and commonly used personal computer products such as Norton 
Utilities, Lotus Notes, Stuffit, and several Microsoft products. People all 
over the world, in evry walk of life, were using computer encryption as a
matter of course. They were securing hard drives from spies or thieves, 
protecting certain sections of the family computer from sticky fingered 
children, or rendering  entire laptops into a solid mess of powerfully
encrypted Sanskrit, so that no stranger could walk off with those accidental,
but highly personal life-histories that are stored in almost every PowerBook.

        People were no longer afraid of encryption. Encryption was no longer
secret, obscure, and arcane; Encryption was a business tool. Computer users
wanted more encryption, faster, sleeker, more advanced, and better.

        The real wild-card in the mix, however, was the new cryptography. A 
new technique arose in the 1970s: public-key cryptography. This was an element
the codemasters of World War and the Cold War had never forseen.

        Public-key cryptography was invented by American civilian researchers
Whitfield Diffie and Martin Hellmen, who first published thier results in 
1976.

        Conventional classical cryptographic systems, from the Caesar cipher
to the Nazi Enigma machine defeated by Alan Turing, require a single key. The
sender of the message uses that key to turn his plain text into cyphertext
gibberish. He shares the key secretly with the recipients of the message, who
use that same key to turn the cyphertext back into plain, readable text.

        This is a sample schem; but if the key is lost to unfriendly forces
such as the ingenious Alan Turing, then all is lost. The key must therefore
always remain hidden, and it must always be fiercly protected from enemy
cryptanalyists. Unfortunatly, the more widly that key is distributed, the more
likely it is that some user in on the secret will crack or fink. As an 
additional burden, the key cannot be sent by the same channel as the 
communications are sent, since the key itself might be picked up by 
eavsdropppers.

        In the new public-key cryptography, however, there are two keys. The
first is for writing secret text, the second key is for reading that text. The
keys are related to one another through a complex mathematical dependency;
they determine one another, but it is matematicaly extremly difficult to 
deduce one key from the other.

        The user simply gives away the first key, the 'public-key,' to all and
sundry. The public key can even be printed on a business card, or given away
in mail or a public electronic message. Now anyone in the public, any random
personage who has the proper (not secret, easily available) cyrptographic
software, can use that public key to send the user a cyphertext message. 
However, that message can only be read by using the second key - the private
key, which the user always keeps safely in his own possession.

        Obviously, if the private key is lost, all is lost. But only one
person knows that private key. That private key is generated in the user's
home computer, and never revealed to anyone but the very person who created
it.

        To reply to a message, one has to use the public key of the other 
party. This means that a conversation between two people requires four keys.
Before computers, all this key-juggling would have been rather un-wieldy, but
with computers, the chips and software do all the necessary drudgework and
number-crunching.

        The public/private dual keys have an interesting alternate 
application. Instead of the public key, one can use ones private key to
encrypt a message. That message can then be read by anyone with the public
key, i.e. pretty much everybody, so it is no longer a 'secret' message at all.
However, that message, even though it is no longer secret, now has a very
valuable property: it is authentic. Only the individual holder of that
private key could have sent that message.

        This authentication power is a crucial aspect of the new cryptography,
and may prove to be more socially important than secrecy. Authenticity means
that electronic promises can be made, electronic proofs can be established,
electronic contracts can be signed, electronic documents made tamperproof.
Electronic impostors and fraudsters can be foiled and defeated -and it is
possible for someone you have never seen, and never will see, to prove his
bona fides through entirly electronic means.

        That means that economic relations can become electronic. 
Theoretically, it means that digital cash is possible -that elctronic mail,
E-mail, can be joined by a strange and powerful new cousin, electronic cash,
E-money.

        Money that is made out of text -encrypted text. At first consideration
such money doesn't seem possible, since it is so far outside our normal
experience. But look at this:

||=========================================================================||
||//$\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\///$\\||
||(100)===================| Federal Reserve Note |====================(100)||
||\\$//        ~            '---============---'                      \\$//||
||<< /       /$\                // ____ \\           L38032323B   12   \ >>||
||>>| 12    //L\\              // ///gg) \\                             |<<||
||<<|       \\ //             || <||   )\ ||                            |>>||
||>>|        \$/              ||  $$  -/  ||        One Hundred         |<<||
||<<|     L38032323B          *\\  |\_/  //* series                     |>>||
||>>| 12                       *\\/___\_//*   1993                      |<<||
||<<\     Treasurer       ______/Franklin\______        Secretary 12   / >>||
||//$\                 -|UNITED STATES OF AMERICA|-                   //$\\||
||(100)==================  One Hundred Dollars  ======================(100)||
||\\$//\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\\\$//||
||=========================================================================||
                  [typist's note: This was THE ACTUAL picture]

        This parody US banknote made of mere letters and numbers is being in
E-mail as a joke in network circles. But electronic money, once established,
would be no more a joke than any other kind of money. Imagine that you could
store a text in your computer and send it to a recipient; and that once gone,
it would be gone from your computerforever and registered infallably inhis.
With the proper use of the new ecryption and authentication, this is actually
possible. Odder yet, it is possible to make the note itself an authentic,
usable, fungible, transferrable note of genuine economic value, without the
identity of its temporary owner ever being known to anyone. This would be 
electronic cash -like normal cash, anonymous- but unlike normal cash, 
lighting fast, and global in reach.

        There is already a great deal of electronic funds transfer(EFT) 
occuring in the modern world, everything from gigantic currency-exchange
clearing houses to the individual's VISA and MASTERCARD bills. However, charge
card funds are not so much 'money' per se as a purchase via proof of personal
identity. Merchants are willing to take VISA and MASTERCARD payments because
they know that they can physically find the owner in short order and, if 
necessary, force him to pay up in a more conventional fashion. The VISA and
MASTERCARD user is considered a good risk because his identity and credit
history are known.

        VISA and MASTERCARD also have the power to accumulate potentially
damaging information about the commercial habits of individuals; for instance,
the video stores one patronizes, the bookstores one frequents, the restaurants
one dines in, or one's travel habits and one's choice of company.

        Digital cash could be very different. With proper protection from the
new cryptography, even the world's most powerful governments would be unable
to find the owner and user of digital cash. That cash would be secured by a 
'bank' -(it needn't be a conventional, legally established bank)- through the 
use of an encrypted digital signature from the bank, a signature that neither 
the payer nor the payee could break.

        The bank could register the transaction. The bank would know that the
payer had spent the E-money, and the bank could prove that the money had been
spent once, and only once. But the bank would not know that the payee had
gained the money spent by the payer. The bank could track the electronic funds 
themselves, but not thier location or thier ownership. The bank would 
guarantee the worth of digital cash, but the bank would have no way to tie the 
transctions together.

        The potential therefore exists for a new form of network economics 
made of nothing but ones and zeroes, placed beyond anyone's controls by the
very laws of mathemamatics. Whether this will actually happen is anyone's 
guess. It seems likely that if it did happen, it would prove extremely
difficult to stop. 

        Public-key cryptography uses prime numbers. It is a swift and simple
matter to multiply prime numbers together and obtain a result, but it is an
exceedingly difficult matter to take a large number and determine the prime
numbers used to produce it. The RSA algorithm, the commonest and best-tested
method in public-key cryptography, uses 256-bit and 258-bit prime numbers.
These two large prime numbers('p' and 'q') are used to produce very large
numbers ('d' and 'e') so that (de-1) is divisable by (p-1) times (q-1). These
numbers are easy to multiply together, yielding the public key, but extremely
difficult to pull apart mathematically to yeild the private key.

        To date, there has been no way to matematically prove that it is
inherently difficult to crack this prime number cipher. It might very easy to
do if one knew the proper advanced mathematical technique for it, and the 
clumsy brute-power techniques for prime-number factorization have been 
improving in the past years. However, mathematicians have been working 
steadily on prime number factorization problems for many centuries, with few
dramatic advances. An advance that could shatter the RSA algorithm would mean
an explosive breakthrough across a broad front of mathematical science. This
seems intuitivly unlikely, so prime-number public keys seem safe and secure
for the time being -as safe and secure as any other form of cryptography
short of 'The one-time pad.' (The one-time pad is a truly unbreakable cipher.
Unfortunatly it requires a key that is every bit as long as the message, and
that key can be used only once. The one-time pad is a solid as Gibraltar, but
it is not very practical in use.)

        Prime number cryptography has another advantage. The difficulty of
factoring numbers becomes drasticlly worse as the prime numbers become larger.
A 56-bit key is, perhaps, not entirly outside the realm of possibility for a
nationally supported decryption agency with large banks of dedicated 
supercomputers and plenty of time on thier hands. But a 2048-bit key would 
require every computer on earth to number-crunch for hundreds of centuries.

        Decrypting a public-keyed message is not so much a case of physical
impossibility, as a matter of economics. Each key requires a huge 
computational effort to break it, and there are already thousands of such keys
used by thousands of people. As a further blow against the decryptor, the 
users can generate new keys easily, and change them at will. This poses dire
problems to the professional electeronic spy.

        The best known public-key encryption technique, the RSA algorithm, was
named after its inventors, Ronald L Rivest, Adi Shamir, and Leon Adleman. The
RSA technique was invented in the United States in the late 1980s(although,
as if to spite the international trade in arms regulations, Shamir himself is
an Israeli). The RSA algorithm is patented in the United States by the 
inventors, and the rights to implement it on American computers are 
theoretically patented by an American company known as Public Key Partners.
(Due to a patent technicality, the RSA algorithm was not successfully patented
overseas.)

        In 1991 an amateur encryption anthusiast named Phil Zimmerman wrote a 
software program called 'Pretty Good Privacy' that used the RSA algorithm
without permission. Zimmerman gave the program away on the Internet network
via modem from his home in Colorado, because of his private conviction that
the public had a legitimate need for powerful encryption programs at no cost
(and, indcidentally, no profit to the inventors of RSA). Since Zimmerman's
action, 'Pretty Good Privacy' or 'PGP' has come into common use for encrypting 
electronic mail and data, and has won an avid international following. The 
original PGP program has been extensively improved by other software writers 
overseas, out of reach of American patents or the influence of the NSA, and
the PGP program is now widely available in almost every country on the planet,
or at least, in all those countries where floppy disks are household objects.

        Zimmerman, however, failed to register as an arms dealer when he 
wrote the PGP progrm in his home and made it publicly available. At this
writing, Zimmerman is under federal investigation by the Office of Defense
Trade Controls at the State Department, and is facing a possible criminal
indictment as an arms smuggler. This despite the fact that Zimmerman was not,
in fact, selling anything, but rather giving software away for free. Nor did
he voluntarily 'export' anything -rather people reached in from overseas via
Internet links and retrived Zimmerman's program from the United States under
thier own power and through thier own initiative.

        Even more oddly, Zimmerman's program does not use the RSA algorithm
exclusivly, but also depends on the perfectly legal DES or Data Encryption
Standard. The Data Encryption Standard, which uses a 56-bit classical key, is
an official federal government cryptographic technique, created by IBM with 
the expert help of the NSA. It has long been surmised, though not proven, that
the NSA can crack DES at will with thier legendary banks of Cray 
supercomputers. Recently a Canadian mathematician, Michael Wiener of Bell-
Northern Research, published plans for a DES decryption machine that can 
purportedly crack 56-bit DES in a matter of hours, through brute-force
methods. It seems that the United States government's official 56-bit key 
-insisted upon,reportedly, by the NSA- is now too small for serious security 
uses.

        The NSA, and the American law enforcement community generally, are
unhappy with the idea of privatly owned and powerfully secure encryption. They
acknowledge the need for secure communications, but they insist on a need for
police oversight, police wiretapping, and on the overwhelming importance of
national security interests and governmental supremacy in the making and
breaking of cyphers.

        This motive recently led the Clinton Administration to propose the
'Clipper Chip' or 'Skipjack,' a government-approved encryption device to be
placed in telephones. Sets of keys for the Clipper Chip would be placed in
escrow with two different government agencies, and when the FBI felt the need
to listen in on an encrypted telephone conversation, the FBI would get a 
warrant from a judge and the keys would be handed over.

        Enthusiasts for private encryption have pointed out a number of 
difficulties with the Clipper Chip proposal. First of all, it is extremely
unlikly that criminals, foriegn spies, or terrorists would be foolish enough
to use an encryption technique designed by the NSA and approved by the FBI.
Second, the main marketing use for encryption is not the domestic American
encryption, but international encryption. Serious business users of serious
encryption are far more alarmed at state-supported industrial espionage
overseas, than they are about the safety of phone calls made in the United
States. They want encryption for communications made overseas to people
overseas -but few foriegn business people would buy an encryption technology
knowing the United States government held the exclusive keys.

        It is therefore likely that the Clipper Chip could never be 
successfully exported by American manufacturers of telephone and computer
equipment, and therefore it could not be used internationally, which is the
primary market for encryption. Machines with a Clipper Chip installed would
become commercial white elephants, with no one willing to use them but
American cops, American spies, and Americans with nothing to hide.

        A third objection is that the Skipjack algorithm has been classified
'Secret' by the NSA and is not available for open public testing. Skeptics are
very unwilling to settle for a bland assurance from the NSA that the chip and
its software are unbreakable except with the official keys.

        The resultant controversy was described by Business Week as 'Spy vs.
Computer Nerd.' A subterranean power-struggle has broken out over the mastery
of cryptographic science, over the basic ownership of the electronic bit-
stream. Much is riding on the outcome.

        Will powerful, full-fledged, state-of-the-art encryption belong to
individuals, including such unsavory individuals as drug traffickers, child
pornographers, black-market criminal banks, tax evaders, software pirates, and
the possible future successors of the Nazis?

        Or will the NSA and its allies in the cryptographic status-quo somehow
succeed in stopping the march of scientific progress in cryptography, and in
cramming the commercial crypto-genie back into the bottle? If so, what price
will be paid by society, and what damage wreaked on our traditions of free
scientific and technological inquiry?

        One thing seems certain: cryptography, this most obscure and smothered
of mathematical sciences, is out in the open as never before in it's long
history. Impassioned radicalized cryptographic entusiasts, often known as
'cypherpunks,' are suing the NSA and making it thier business to spread
knowledge of cryptographic techniques as widly as possible, 'through whatever
means necessary.' Small in number, they nevertheless have daring ingenuity,
and money, and know very well how to create a public stink. In the meantime,
their more conventional suit-and-tie allies in the Software Publishers
Association grumble that the clipper chip is a poorly conceived fiasco, that
cryptographic software is peddled openly all over the planet, and that 'The
United States government is succeeding only in crippling an American indutry's
exporting ability.'

        The NSA confronted the worst that America's adversaries had to offer
during the Cold War, and the NSA prevailed. Today, however, the secret masters
of cryptography find themselves confronting what are perhaps the two most 
powerful forces in American society: The computer revolution, and the profit 
motive. Deeply hidden from the American public through forty years of Cold War 
terror, the NSA itselfis for the first time exposed to open question and
harrowing reentment.

        Will the NSA quietly give up the struggle, and expire as secretly and
silently as it lived its forty-year Cold War exsistance? Or will this most
phantomlike of federal agencies decide to fight for its survival and its
scientific pre-eminence?

        And if this odd and always-secret agency does choose to fight the new
cryptography, then - how?