Crypto in a Nutshell

            For my book review, I chose to read, and review, Crypto by Steven Levy because it gives a brief history of cryptography from three decades ago, to very recently. It also gives a simple, detailed, description of each of the main characters, whilst moving along the story at a fast pace. This book is mainly aimed at adults and young adults, for its complexity in vocabulary, and its interesting plot and pace.

Summary

            Whitfield Diffie was a young man at the time he became interested in cryptography. At first, his teacher introduced him to it by giving him a simple substitution cipher to break. He was hooked. He enjoyed cracking this simple code, but what he enjoyed even more was making up codes. When he was older, he found out that a government organization, called the National Security Agency (NSA), a near secret organization, was trying to withhold cryptography from the general public because of the risk to "national security". When Diffie heard this, he was outraged, he believed that everyone has a right to privacy, and the government would be able to listen in on American's private talks.

            This was the case for a generation of people. During the two decades of argument between private crypto companies and the NSA, some of the most dedicated minds of the last century were put to the task of making crypto available to companies, and to the public. Among them were: Marty Hellman, a colleague of Diffie, who helped invent public key cryptography; Ron Rivest, Adi Shamir, and Leonard Adleman, who put into practice the Diffie-Hellman idea and founded a business with an algorithm of one-way functions that allowed an easy way to decrypt something- if you had the right code.

            The idea behind the public crypto system, was that one code, a public code, could be widely distributed and would give no advantage to an eavesdropper who was listening, because to decrypt something that was encrypted using a public key, required the private key that was paired with the public key. The private key would be well guarded, and would never be told to anyone. Using this system, someone who has never contacted another person, could contact him or her in code: as opposed to a symmetrical key system, where both people need to have a certain secret key to encrypt and decrypt messages, which would be a problem, if they don't have a secure channel in the first place. Another simple, but effective use of this system, would be to encrypt the message with one's private key- meaning it can only be decrypted with that same person's public key- and then encrypting the encrypted text with the other person's public key. Using this method, the receiver would decrypt using his or her private key, and look up the sender's public key to decrypt the rest (presumably, the system would require some sort of phone book w/ public keys instead of phone numbers). This usage would firstly sign the text being encrypted, because if the message was from a person claiming to be someone, it would come out as a bunch of gibberish when it's decrypted using the impersonated person's public key. The final use of this would be that the message would come out completely different if a part of it were to be changed. This marvelous system of encryption is still the standard, and the strongest free public crypto system (search Google for Pretty Good Privacy (PGP) for more info).

Three Quotes

1.            "'Computers,' wrote Feistel in a 1973 article for Scientific American, 'now constitute, or will soon constitute, a dangerous threat to individual privacy�. It will soon be feasible to compile dossiers in depth on an entire citizenry.'" Page 41
I believe that this quote provides us with the information that started most of the crypto revolution. The later part of this event, was led and fueled by the people who questioned the government's authority to peek into and just read every email, comment, and even monetary transaction via the Internet. Without crypto, e-commerce would never have been available, because of the obvious simplicity in hacking into someone's account and taking money. Even ATM machines were first made because crypto provided a secure way for people to get cash, and send a signal to the bank.
2.            "He would split the key." Page 69
This was the thought that led Whitfield Diffie and Marty Hellman into creating the idea of a "public cryptosystem". Also, this thought started the crypto revolution that lasted just over two decades, and shook the "spooks" behind the "triple fence" of the NSA. During the revolt, almost all of the private companies and people used media, letters, conferences, etc., to scare the NSA into allowing almost anything to be published on cryptography in the USA. A long way to come from having anything and everything crypto locked out of reach for the public.
3.            "Could crypto be commercialized? Although the common use of personal computers, and, later the Internet, demanded a way to protect information and verify who was sending it, the means of getting there was at best a rutted road." Page 130
This was a question that RSA Data Security, founded by Rivest, Adleman, and Shamir, were trying to get around. Their business relied heavily on finding ways to sell software and their public key algorithm so that their business would survive. In the beginning, the business almost went out of the running, but it was saved by one mass order made for a new program called notes, that allowed users to send each other notes, and its prime concern was privacy. While the RSA business was running smoothly, a government action almost stopped the point of cryptography. The government decided to go against popular request, and require all crypto systems to have a backdoor so that the companies who owned that system could show the government the messages flowing back and forth between the users. Fortunately, a young man that made crypto history stopped this act. His name was Phil Zimmerman, and he provided a free version of a not-completed software that he called "Pretty Good Privacy" (PGP). He didn't mean it to remain incomplete, but as soon as he heard what the government was planning to do, before they did it of course, he and his friends spread this software like wildfire. Within a couple of days, most people with computers in the USA, or at least a large portion, had this software. After this, the government took back the announcement, because it would be impossible to act upon it. PGP made history.