TweetFollow Us on Twitter

StateCryptography

Volume Number: 16 (2000)
Issue Number: 2
Column Tag: Systems

The State of the World in Cryptography

By Jonathan D. Callas, Senior Consultant, Kroll-O'Gara Information Security Group

Introduction

Unlike most technologies, cryptography is intimately connected to politics, social policy, and law. These concerns complicate the job of someone working with the technology, and are often frustrating to have to think about. This article discusses recent developments in the technology of cryptography along with developments in the non-technical areas.

In this article, I will also assume that you are familiar with some of the issues surrounding the current state of affairs. If you are unfamiliar with the technology and politics, here are some books that will help you get up to speed:

  • "Privacy on the Line," by Whitfield Diffie and Susan Eva Landau. MIT Press; ISBN: 0-262-04167-7.
  • "Applied Cryptography: Protocols, Algorithms, and Source Code in C," by Bruce Schneier, John Wiley & Sons; ISBN: 0-471-12845-7.
  • "Handbook of Applied Cryptography," by Alfred J.Menezes, Paul C. van Oorschot, and Scott Vanstone. CRC Press; ISBN: 0-8493-8523-7.

The Social Landscape

Cryptography today is a hot-button issue politically, and for a number of good reasons. First of all, cryptography is a new technology. This may sound like a bold statement. After all, historians of cryptography have pointed out that every time a culture learns writing, it learns secret writing quickly after, and that is what cryptography is, the art of secret writing. However, in the last century, particularly in the last half-century and even more so in the last quarter-century, the art has been completely reshaped.

Any mechanism for secret writing that existed before 1900 is easily broken today by anyone with a mind to. The software you need to break it is easily available on the Internet. It may not be pretty, but it's there. By the end of WWII, the knowledge to do this was available to the major Allied governments, today it's on the web. But even the jewels governments had at the end of the war are now easily broken by software you can find on the Internet. We don't need Alan Turing to break Enigma now; we have the machines he helped create. The tools for both creating and decoding secret messages are now out in the world to anyone who can do a little math.

This is why it is a new technology, and it is also why governments are afraid of it. This is to be expected; how can you blame them? If you had been studying cryptography for hundreds of years (which the British and the Vatican did), everything you knew was worthless by 1950. Everything you learned between 1950 and 1975 is worthless now, and only a few of the things you learned since 1975 are of value today, and it's all because of those computers.

Worse, the new technologies are in the hands of everyday people, and this is scary because bad people will use cryptography to aid their badness (as they've always done). The fact that this can't be changed (the horse is out of the barn), that honest people need cryptography to protect themselves (the legitimate uses outweigh the threat) doesn't make it any less scary for government.

At least, though, they are starting to come to terms with this. While the US government policy is changing slowly, US officials are admitting that the policy is out of touch with reality. Ira Maginziner said as much in late 1998, shortly before leaving the Clinton administration. (See <http://www.latimes.com/HOME/NEWS/POLITICS/ELECT98/NATELECTW/tCB00a1487.html>)

In contrast, the French government startled everyone in early 1999 by completely changing its policies. They immediately loosened restrictions on 128-bit cryptography, and started the legislative process to completely deregulate cryptography. As I write this, rumor is that those new laws will be done by the time you are reading this article. In fact, the June issue of ".Net" magazine contained a CD with 50 MB of encryption programs including PGP, and was sold over the counter in France.

On the other hand, in late 1998, the US government lobbied the Wassenaar Arrangement countries to change the Wassenaar exemption for so-called "mass-market" software containing cryptography. The Wassenaar Arrangement is an agreement between thirty-three countries about exporting "dual-use" items. Dual-use items are items that have both civilian and military uses. Cryptography is a dual-use item, as are plutonium, and supercomputers. One should be aware, though, that a PowerPC G3 or a Pentium II is considered a supercomputer. To hear the US government announcement on the change, one would think that all thirty-three countries had agreed to US government review of all software. This isn't really what happened, though. To start with, here is a quote from the Wassenaar Arrangement itself:

"The decision to transfer or deny transfer of any item will be the sole responsibility of each Participating State. All measures undertaken with respect to the arrangement will be in accordance with national legislation and policies and will be implemented on the basis of national discretion."

Read that carefully. Note that it says that (1) each country gets to make its own decisions, (2) a country's own laws take precedent over the arrangement, and (3) if a country decides not to implement a part of the arrangement, that's okay. Furthermore, if a country has an export control policy that does nothing more than require a one-time form to be filled out, then they are fully in compliance with the arrangement.

If you have been following the news and brouhaha about the Wassenaar changes, you may want to pick your jaw up from the table now. Wassenaar is not a treaty, it's just an agreement among nations, and as part of the agreement, they're allowed to agree to disagree. The US government announcement (available at <http://www.jya.com/wa-state1298.htm>) was disingenuous at best, and pure propaganda lies at worst. The danger from the Wassenaar changes is not the agreement itself, but that the agreement provides an excuse for restrictive laws that would not have otherwise been passed. Fortunately, the change in France has put this all in its proper perspective.

To sum up the changes in the social landscape, I want to note that the goal of people who want free use of cryptography is really nothing more than our wanting our government to obey its own laws. We want to protect our documents and messages as they travel over the network. There is no explicit Constitutional right to put a letter in an envelope, but none of us would think we need one. Similarly, surveillance is allowed only in extraordinary circumstances (that's what a court order is - an extraordinary circumstance) by law enforcement. It is even restricted when people record themselves. In Virginia, for example, only one party of a conversation must consent to having the conversation taped, but in Maryland all parties must agree. This is what made the Tripp-Lewinsky tapes so interesting - Linda Tripp was in Maryland when she recorded Lewinsky, who was in Virginia. Note that in neither state would third-party taping be legal. On the Internet, cryptography is the only tool that law-abiding people can use to enforce their legal protection against being recorded by third parties. It is good to remember that it doesn't matter what strength cryptography you use to talk to someone who is recording you.

Government Initiatives

There have been a number of interesting initiatives by governments. As I mentioned above, the French government has completely changed its stand on the use of strong cryptography.

The SAFE Bill Rides Again

In the United States, Congress is slowly moving forward on a law to liberalize the use of strong cryptography. The SAFE bill has been introduced again, and is progressing through Congress. In what represents the claw marks in the ground being dragged back a few more feet, the Commerce Department has liberalized the export regulations a little. The new regulations permit export to most corporations, and additional relief for the financial and health care industries. None of these, though, permit someone to put on a web page information that would be legal to print on paper. It remains to be seen how far the SAFE bill will get this time. The current status of the bill can be found at <http://thomas.loc.gov/ by checking on HR 850>.

The Advanced Encryption Standard

However, the US government is sponsoring a whole new generation of cryptographic algorithms as part of its new Advanced Encryption Standard, or AES. The AES is a replacement for DES, which has been in use for two decades.

The AES is interesting both technically and politically. The AES will be a cipher that has 128-bit (16 byte) blocks, and can be used with 128, 192, and 256-bit keys. This is an interesting step forward, up to the AES requirements, most cipher design was for 64-bit blocks, and 128-bit keys. There have been a number of variable-length key designs, but little emphasis on demonstrating that a key longer than 128 bits actually got its user any more security.

Consequently, the AES has pushed cipher design into a new dimension. The larger block sizes are important, because there are attacks on using a cipher for a number of blocks that are more than the square root of the block size. Thus, a cipher with 64-bit blocks should never be used for more than four billion blocks (that being 232 blocks). Similarly, while a well-constructed 128-bit cipher is secure against anything but the most theoretical attacks, such as quantum computers, a 256-bit cipher tempts one to say things like, "no one would ever need anything larger," which this author might say over a beer, but never in print.

The AES process attracted fifteen candidates by August 1998, which were presented at the first AES conference in Ventura, California. In March of 1999, the second AES conference was held in Rome, Italy. At that conference, analyses and lobbying were done for the ciphers. NIST will winnow the group down to five ciphers in the summer of 1999. The third AES conference will be in New York City in April 2000, and the AES itself will be selected in mid-2000.

Politically, the AES is interesting because it comes from the same government that has the apparent policy of delaying the widespread use of cryptography for as long as possible. On the one hand, delay, and on the other a replacement for DES that genuinely pushes the state of the art. Less interesting, but still worth noting is that the second conference being held in Rome has helped the international aspect of the process. While the standard is a US government standard, and the selection is being made by NIST, only five of the proposals come from nominally US teams, and only one submission from solely US designers.

This is interesting because it means that NIST has to have a number of the documents about the AES under export control, including the ones that describe the function of the proposed algorithms. Many of the official sites for algorithms are kept in off-shore locations.

One of the interesting aspects of the AES is that there is a requirement that the AES algorithm run faster than triple-DES. This makes sense, most DES applications are moving toward using triple-DES, and why bother moving to AES if you won't see a performance improvement? However, a number of the submissions run faster than DES itself. For this reason alone, these algorithms are among the favorites of people examining the submissions.

At the Rome conference, a straw poll was taken for people's favorite algorithms. The results were for Rijndael (pronounced rain-doll), Twofish, Serpent, MARS, and RC6.

You can find more information about the AES on the web at <http://www.nist.gov/aes>.

Private-Sector Developments

There have been a number of other miscellaneous developments in the private sector to export cryptography from the US under the current regulations, and also to demonstrate what the current state of the art is. Three of them are described below.

DES Cracker

For many years, people speculated how easy it would be to build a machine to brute-force search the key space for DES. Of course, the estimate always decreased as the years wore on, and DES-cracking became something of a sport in the last couple of years. In fact, there have been a couple of interesting advancements to the art of fast ciphering as a result of the distributed.net DES cracker. But it wasn't until mid 1998 that DES-cracking became moot with the creation of the EFF's "Deep Crack" machine.

Deep Crack is a scalable system made from custom silicon. Sixteen DES engines are on each chip, and there are thirty-two chips on each board of Deep Crack. The machine can run in a configuration of an arbitrary number of boards. The machine, as configured for DES Challenge III, in January 1999, could search the entire 56-bit key space in 56 hours.

Like many other cryptographic feats, the main effect of Deep Crack was to make a political point. Over the years, people made estimates as to how much it would cost to make a DES cracker. Deep Crack was constructed for about what all the industry estimates claimed, and contrary to government estimates that were three orders of magnitude over the actual construction cost.

Clear Zone

The Clear Zone initiative, also called "private doorbell" is a proposal by eleven corporations for relief on export restrictions for crypto systems that are not end-to-end, for example, encrypting routers and other Virtual Private Network devices.

The Clear Zone proposal rests upon the observation that the legitimate needs of law enforcement to examine network traffic really need a tap to be placed on one of the two ends of a TCP/IP connection. Because of the way that IP networks are constructed, packets can take different routes, and in fact heuristically tend to avoid anything that might slow them down. Consequently, if you need to monitor a network connection, you want to put the monitoring equipment at one of the two ends.

In the case of using encrypting routers, for example, this means that a law enforcement tap is best placed on one end or the other of the connection. Thus, there is no need to limit the export of any equipment that provides such a "clear zone."

Under the proposed clear zone exemptions, a cryptographic system that provides a clear zone would be freely exportable. This, of course, does nothing for end-to-end encryption systems, but allows a category of useful systems free export.

A number of systems are presently under review by the Department of Commerce for export approval under this proposal.

Source Code Publishing

The present EAR regulations, the regulations that govern export of cryptography, have a specific exemption written into them. These regulations, like the ITAR regulations before them, state that "printed material, including source code, are exempt" from the EAR. Over the years, various books with cryptographic source code in them have been freely published, while the binary code itself has been export controlled. In fact, the Karn case revolves specifically around the fact that Schneier's "Applied Cryptography" book is freely exported, along with the source code in it, but that a disk with that source code is not exportable.

In 1997 and 1998, PGP, Inc. and Network Associates (which bought PGP, Inc. in December 1997), started producing internationally available cryptographic software under this exemption. The EFF also used this exemption to publish the source code for the Deep Crack chip. Network Associates has also published the sources to IETF OpenPGP reference code that did not actually contain cryptographic modules, but may have been nonetheless restricted.

The exemption is simple in practice, but more difficult in execution, to use. One obstacle is, of course, that the source code will be freely available to anyone who cares to buy the book containing it. Many systems creators do not want to publish their source code. Others, though, encourage it, and for them, this can be a useful way to get peer review of the implementation. (In fact, PGP, Inc., who pioneered source code publishing, did so as a way to get peer review as a way to dispel fears that there were flaws or back doors in PGP. It was not until they published several versions of PGP source code that applied for and received Department of Commerce approval to sell compatible versions of PGP based upon these source books.)

Another obstacle is that under the EAR, providing technical assistance to foreigners is considered itself an export. Consequently, anyone producing software from published books cannot do it with assistance from people in the US.

However, for those willing to go to the trouble, publishing source code can be a useful means to get peer review of software, as well as versions of it outside of the US legally. If you are interested in getting copies of the PGP books, or the tools used to produce them, they are available from Printer's Inc. bookstore at <http://www.pibooks.com>.

The Bernstein Case

The Bernstein case is a suit filed in US federal court to allow publishing of source code on the net. Full details may be found at <http://www.eff.org/bernstein/>. On May 6, 1999, the Ninth Circuit court of appeals upheld a previous decision that the ITAR and EAR export regulations are an unconstitutional prior restraint on free speech. A constitutional prior restraint has to have a number of properties. They are as follows:

  • any prior restraint must be for a specified brief period of time,
  • the decisions of the agency responsible for the restraining regulation must be subject to prompt judicial review,
  • there must be a clear decision-making process for the restraint with accountability built in to it, as opposed to one that gives the agency much discretion, and
  • the licensing and restraint process must have procedural safeguards built into it.

The appeals court ruled that the regulations, as they apply to cryptography, are unconstitutional. However, you should not immediately go out and start putting crypto source code on your web site. The government can appeal the decision, and most likely will. Furthermore, even if the government does not appeal, it is a decision of the Ninth Circuit, which covers only a number of western states, including California.

Summary

This describes many of the highlights of the last year or so in cryptography. The world of cryptography is still one in which the legal and political facets are as interesting as the technical ones.

The overall situation is one in which the legal aspects are slowly becoming simpler. The opposition to export of cryptographic systems is gradually loosening up, and in a few cases, like in France, suddenly and completely becoming simpler. Perhaps by this time next year, there will be even more good news to report.

 
AAPL
$116.54
Apple Inc.
+0.23
MSFT
$48.00
Microsoft Corpora
-0.71
GOOG
$540.00
Google Inc.
+5.17

MacTech Search:
Community Search:

Software Updates via MacUpdate

Cyberduck 4.6 - FTP and SFTP browser. (F...
Cyberduck is a robust FTP/FTP-TLS/SFTP browser for the Mac whose lack of visual clutter and cleverly intuitive features make it easy to use. Support for external editors and system technologies such... Read more
Maya 2015 - Professional 3D modeling and...
Maya is an award-winning software and powerful, integrated 3D modeling, animation, visual effects, and rendering solution. Because Maya is based on an open architecture, all your work can be scripted... Read more
Evernote 6.0.1 - Create searchable notes...
Evernote allows you to easily capture information in any environment using whatever device or platform you find most convenient, and makes this information accessible and searchable at anytime, from... Read more
calibre 2.11 - Complete e-library manage...
Calibre is a complete e-book library manager. Organize your collection, convert your books to multiple formats, and sync with all of your devices. Let Calibre be your multi-tasking digital... Read more
Herald 5.0.1 - Notification plugin for M...
Note: Versions 2.1.3 (for OS X 10.7), 3.0.6 (for OS X 10.8), and 4.0.8 (for OS X 10.9) are no longer supported by the developer. Herald is a notification plugin for Mail.app, Apple's Mac OS X email... Read more
Firetask 3.7 - Innovative task managemen...
Firetask uniquely combines the advantages of classical priority-and-due-date-based task management with GTD. Stay focused and on top of your commitments - Firetask's "Today" view shows all relevant... Read more
TechTool Pro 7.0.6 - Hard drive and syst...
TechTool Pro is now 7, and this is the most advanced version of the acclaimed Macintosh troubleshooting utility created in its 20-year history. Micromat has redeveloped TechTool Pro 7 to be fully 64... Read more
PhotoDesk 3.0.1 - Instagram client for p...
PhotoDesk lets you view, like, comment, and download Instagram pictures/videos! (NO Uploads! / Image Posting! Instagram forbids that! AND you *need* an *existing* Instagram account). But you can do... Read more
SuperDuper! 2.7.3 - Advanced disk clonin...
SuperDuper! is an advanced, yet easy to use disk copying program. It can, of course, make a straight copy, or "clone" -- useful when you want to move all your data from one machine to another, or do... Read more
MacJournal 6.1.5 - Create, maintain, and...
MacJournal is the world's most popular journaling software for the Mac. MacJournal 6 adds a calendar mode that show entries from any journal, geolocation, word count, and progress tracking, as well... Read more

Latest Forum Discussions

See All

Meowza! Toyze Brings Talking Tom to Life...
Meowza! | Read more »
Square Enix Announces New Tactical RPG f...
Square Enix Announces New Tactical RPG for Mobile, Heavenstrike Rivals. Posted by Jessica Fisher on November 21st, 2014 [ permalink ] With their epic stories and gorgeous graphics, | Read more »
Quest for Revenge (Games)
Quest for Revenge 1.0.0 Device: iOS Universal Category: Games Price: $4.99, Version: 1.0.0 (iTunes) Description: The great Kingdom of the west has fallen. The gods ignore the prayers of the desperate. A dark warlord has extinguished... | Read more »
Threadz is a New Writing Adventure for Y...
Threadz is a New Writing Adventure for You and Your Friends Posted by Jessica Fisher on November 21st, 2014 [ permalink ] In the tradition of round-robin storytelling, | Read more »
SteelSeries Stratus XL Hardware Review
Made by: SteelSeries Price: $59.99 Hardware/iOS Integration Rating: 4 out of 5 stars Usability Rating: 4.5 out of 5 stars Reuse Value Rating: 4.25 out of 5 stars Build Quality Rating: 4.5 out of 5 stars Overall Rating: 4.31 out of 5 stars | Read more »
ACDSee (Photography)
ACDSee 1.0.0 Device: iOS iPhone Category: Photography Price: $1.99, Version: 1.0.0 (iTunes) Description: Capture, perfect, and share your photos with ACDSee. The ACDSee iPhone app combines an innovative camera, a powerful photo... | Read more »
ProTube for YouTube (Entertainment)
ProTube for YouTube 2.0.2 Device: iOS Universal Category: Entertainment Price: $1.99, Version: 2.0.2 (iTunes) Description: ProTube is the ultimate, fully featured YouTube app. With it's highly polished design, ProTube offers ad-free... | Read more »
Weather or Not - Reports and Forecasts...
Weather or Not - Reports and Forecasts for your Calendar 1.0.0 Device: iOS iPhone Category: Weather Price: $2.99, Version: 1.0.0 (iTunes) Description: Weather or Not is a beautiful and intuitive way to check the weather and... | Read more »
Sago Mini Road Trip (Education)
Sago Mini Road Trip 1.0 Device: iOS Universal Category: Education Price: $2.99, Version: 1.0 (iTunes) Description: Go for a fun-filled drive with Jinja the cat. Pick a destination, select a vehicle and hit the road. What will Jinja... | Read more »
New Tower Defense Game, Kingdom Rush: Or...
New Tower Defense Game, Kingdom Rush: Origins, is Available Today Posted by Jessica Fisher on November 20th, 2014 [ permalink ] iPad Only App - Designed for the iPad | Read more »

Price Scanner via MacPrices.net

New 13-inch 1.4GHz MacBook Air on sale for $8...
 Adorama has the 2014 13″ 1.4GHz/128GB MacBook Air on sale for $899.99 including free shipping plus NY & NJ tax only. Their price is $100 off MSRP. B&H Photo has the 13″ 1.4GHz/128GB MacBook... Read more
Apple Expected to Reverse Nine-Month Tablet S...
Apple and Samsung combined accounted for 62 percent of the nearly 36 million branded tablets shipped in 3Q 2014, according to early vendor shipment share estimates from market intelligence firm ABI... Read more
Stratos: 30 Percent of US Smartphone Owners t...
Stratos, Inc., creator of the Bluetooth Connected Card Platform, has announced results from its 2014 Holiday Mobile Payments Survey. The consumer survey found that nearly one out of three (30 percent... Read more
2014 1.4GHz Mac mini on sale for $449, save $...
 B&H Photo has lowered their price on the new 1.4GHz Mac mini to $449.99 including free shipping plus NY tax only. Their price is $50 off MSRP, and it’s the lowest price available for this new... Read more
64GB iPod touch on sale for $249, save $50
Best Buy has the 64GB iPod touch on sale for $249 on their online store for a limited time. Their price is $50 off MSRP. Choose free shipping or free local store pickup (if available). Sale price for... Read more
15″ 2.2GHz Retina MacBook Pro on sale for $17...
 B&H Photo has the 2014 15″ 2.2GHz Retina MacBook Pro on sale for $1799.99 for a limited time. Shipping is free, and B&H charges NY sales tax only. B&H will also include free copies of... Read more
New Logitech AnyAngle Case/Stand Brings Flexi...
Logitec has announced the newest addition to its suite of tablet products — the Logitech AnyAngle. A protective case with an any-angle stand for iPad Air 2 and all iPad mini models, AnyAngle is the... Read more
2013 15-inch 2.0GHz Retina MacBook Pro availa...
B&H Photo has leftover previous-generation 15″ 2.0GHz Retina MacBook Pros available for $1499 including free shipping plus NY sales tax only. Their price is $500 off original MSRP. B&H will... Read more
16GB Retina iPad mini on sale today for $199,...
 Staples has 2nd generation 16GB Retina iPad minis on sale for $199 on their online store for a limited time. Their price is $100 off MSRP. Choose free shipping or free local store pickup (if... Read more
Developers Start Designing Apps for Apple Wat...
Apple has announced the availability of WatchKit, software that gives developers a set of tools to easily create experiences designed specifically for Apple Watch. Apple’s developer community can now... Read more

Jobs Board

*Apple* Solutions Consultant (ASC)- Retail S...
**Job Summary** The ASC is an Apple employee who serves as an Apple brand ambassador and influencer in a Reseller's store. The ASC's role is to grow Apple Read more
Project Manager, *Apple* Financial Services...
**Job Summary** Apple Financial Services (AFS) offers consumers, businesses and educational institutions ways to finance Apple purchases. We work with national and Read more
*Apple* Store Leader Program - College Gradu...
Job Description: Job Summary As an Apple Store Leader Program agent, you can continue your education as you major in the art of leadership at the Apple Store. You'll Read more
*Apple* Retail - Multiple Positions (US) - A...
Sales Specialist - Retail Customer Service and Sales Transform Apple Store visitors into loyal Apple customers. When customers enter the store, you're also the Read more
Senior Event Manager, *Apple* Retail Market...
…This senior level position is responsible for leading and imagining the Apple Retail Team's global event strategy. Delivering an overarching brand story; in-store, Read more
All contents are Copyright 1984-2011 by Xplain Corporation. All rights reserved. Theme designed by Icreon.