30 Years of Public Key Cryptography

An anonymous reader writes "Public key crypto turned 30 last night, and the biggest names in crypto turned out to celebrate at an event hosted at the Computer History Museum. Voltage Security teamed with RSA to bring together some of the most famous cryptographers of yesterday (Whitfield Diffie and Martin Hellman) and today (Dan Boneh), along with luminaries Ray Ozzie, Brian Snow, and Jim Bidzos. From the ZDNet article: 'NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying that no technology has had a more profound impact than cryptography, and that public-key cryptography has been underappreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.' You can view the podcast and pictures of the event at the Voltage Security site.."

GCHQ in 1973!

[spoonist]

GCHQ developed public key cryptography in 1973. [gchq.gov.uk]

Wrong Date

[gilgongo]

Public key encryption was invented in 1973 at GCHQ in Britain.

I suppose the commercial victors get to (re)-write the history books then.

Re:implementations?

[starfishsystems]

If you're talking about S/MIME, it's standard in most mailers. How about Thunderbird, Evolution, or even Microsoft Outlook?

Re:In another 30 years...

[jonwil]

You dont need to make it that complex.
Essentially, if the recipiant supports encryption, the recipiants public key is pulled from a key server. Then, the email client encrypts it using something similar to PGP or GPG. Something thats standard enough that anyone can implement it.
At the other end, it is decrypted by the mail client using the recipiants private key.
All that the servers in the middle see is an encrypted email (same as they would see if you encrypted an email right now with PGP or GPG or whatever). The servers dont need to know about the encryption or be changed in any way.

No issues with being able to access the email from anywhere, as long as you have your private key, any email client with the right encryption support would be able to decrypt the email (including web based email clients if you were willing to trust uploading your private key to a https:/// [https] server run by whoever provides your email)

And with this, mail servers (and mail server admins) never see the unencrypted email.

Assuming the key management is good enough (i.e. that you can trust that who the system says owns the key actually owns it), it can also be used to verify that the sender is who they say thay are.

The downside is the need to en- and de-crypt on the client side which might be an issue for some embedded applications (although these days most mobile phones, PDAs and the like that have internet/email generally have web browsers that understand SSL and if they have the CPU to handle SSL, they can probobly handle encrypted email)

Re:30th birthday of what exactly?

[Al Dimond]

Wikipedia says that Diffie and Hellman published their work in 1976, and that the earlier secret work was going on in the early 70s. So it looks like they're talking about the public discovery, assuming both that Wikipedia is correct and that I can add small numbers in my head accurately.

The evils of public-key cryptography

[Myria]

For all the legitimate uses of public-key cryptography, I seem to think that most uses of it are bad. I see the Xbox, Xbox 360, Vista, Leopard and Tivo using public-key cryptography for nothing but removing the authority of computer owners to decide what software they run on their computer. I see VeriSign getting rich off the VeriSign Tax.

I personally think that it would be far better to make use of shared-secret systems for when you need communication security, like logging onto banks. The solution to phishing is clearly to use a shared secret system, because things like IE7's anti-phishing filtering can be worked around. SRP6 is great, but unfortunately that is based on public-key technology (though doesn't actually involve a public key, like Diffie-Hellman).

I hope that someday it is proven that public-key cryptography cannot be securely attached to an NP-complete problem, and that either a fast discrete logarithm algorithm (*) is found or quantum computers take off.

(*) A fast solution to the discrete logarithm problem implies a fast solution to integer factorization.

Melissa

Re:30th birthday of what exactly?

[Anonymous Coward]

Yes, public key cryptography was first discovered by Clifford Cox (of the British GCHQ) in 1973 (in contrast, RSA was invented in 1977 according to wikipedia). But, because Cox' research was kept secret until long after RSA had become mainstream it did nothing to advance cryptographic research. Same applies to the first computer - We now know that Colossus was the first computer [1] and not Eniac, but since Eniac was not kept secret it literally became the grandfather of all computers in spite of Colossus; because, lets face it, Colossus has nothing to do with the linage of computers we have today. Sure, the britts were first but because of their lack of vision and secrecy, they may always be remembered as the "mee too"-guy.

[1] Actuallly, some claim a German beat them to the punch.

I assure you I'm not American. I just feel the Americans deserve a hell of a lot more credit for this stuff because without RSA we might never have gotten public key cryptography. IIRC Clifford Cox's work was only made public because RSA became widely known.

Barriers to use of email encryption

[Sloppy]

Complexity may be an issue, but I think it's a relatively minor one.

The biggest issue is that people simply really just don't care. When I try to advocate this stuff to laymen, by far the most common comment I hear is "So what if someone reads my email?" Most people don't think email privacy is worth protecting. Yes, even despite the news stories in the last few years (i.e. the government really is reading your email; it's not just a paranoid crackpot theory anymore).

Another issue is something that has actually gotten worse in the last 10 years. Webmail is very popular. It's nearly impossible to do email encryption correcting using webmail instead of "real" (e.g. POP or IMAP) mail. You either have to trust a foreign system with your keys, or you have to have so much non-web-intelligence running inside the web browser (e.g. a Java applet or something) that it isn't really webmail anymore. And even if you make it sophisticated enough to run on the web browser, you lose one of the major advantages of webmail: checking your email from anywhere, including untrusted machines. (The only way to do it then, is for the user to do the crypto inside their head instead of using a computer.) It's a mess and it just can't be done right. As long as people want webmail, as long as they see it as a good thing instead of a bad thing, they can't have good encryption. (Well, unless they are the admin of the web server. e.g. One person at Google could conceivably use gmail as a secure webmail system. ;-)