30 Years of Public Key Cryptography

An anonymous reader writes "Public key crypto turned 30 last night, and the biggest names in crypto turned out to celebrate at an event hosted at the Computer History Museum. Voltage Security teamed with RSA to bring together some of the most famous cryptographers of yesterday (Whitfield Diffie and Martin Hellman) and today (Dan Boneh), along with luminaries Ray Ozzie, Brian Snow, and Jim Bidzos. From the ZDNet article: 'NYT reporter John Markoff, who has covered Silicon Valley for 30 years, was master of ceremonies, and started off by saying that no technology has had a more profound impact than cryptography, and that public-key cryptography has been underappreciated for its role in the Internet. Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.' You can view the podcast and pictures of the event at the Voltage Security site.."

30th birthday of what exactly?

[Anonymous Coward]

So, is this the 30th anniversary of the public discovery of public key cryptography or the 30th anniversary of the official (publicised) date on which Clifford Cox and co secretly discovered it for a very non-public organisation?

first papers on PKC

[ei4anb]

It was a fun time.

I was a math undergrad interested in large prime numbers and numerical computing when the first hints on what RS&A were doing came out in Scientific American. At that time I had only 3 years programming experience and it was a big thrill to get a public key crypto email system working (first in Pascal on a DEC-20) but I only distributed it to a small group as the university was not yet on the Internet.

I told the story to PZ at a conference about 8 years ago and we had a good laugh wondering how things might have developed differently had that program been distributed on Usenet by someone outside the USA!

May be older than 30 years old

[Yahma]

Historians of science will certainly spend time sorting out the various claims. David Kahn, the author of the best selling history The Codebreakers, said that he recently asked the National Security Agency to declassify some documents so he could write the proper history of public key cryptography. He said an NSA staff member told him, "I've spoken to the guys who did this, but they don't want to be interviewed now." This suggests that the NSA also may have discovered public-key systems or had a hand in exploring them. Kahn hopes that the NSA will follow in Britain's lead so an accurate history can be written.

It is likely that the NSA discovered public key Cryptography in the late 60's or early 70's. Public Key Cryptography may be as old as 40 years old at this point, but without clarification from the NSA, we will never be certain.

---
Yahma
Proxy Storm [proxystorm.com] - Free Anonymous Proxy Service for security conscious individuals.

Great to see Ray Ozzie in that list.

[CFD339]

A lot of people seem to forget that one of the first really widespread products that end users in corporations used that fully integrated public/private key encryption was Lotus Notes. I started using it in 1991, but I believe as early as 1989 it was functionally part of the product.

Sure, others used it before then, but in terms of a widely used corporate end user audience, it was (and still is to some extent) unique.

Yes, you may now rag on Notes if you like -- of course, keep in mind it remains the only real solution for a major corporation that by public key authentication and encryption by default, has a fully functional smtp mta built in, handles the front end needs of end users well enough for salespeople (not like a typical pop or imap client) and of course, fully supports linux as a server platform (and within a few months as a client platform as well). :-)

eCommerce possible without public key crypto

[Roger_Wilco]

I don't like to take away from their excellent work, but it is possible, though inconvenient, to do private-key crypto for such things.

Your bank, for example, would need to [paper] mail you a private key to type into your machine (or give you a thumbdrive with it, whatever you like). Inconvenient, yes; you'd need a new key for each company you interact with. Probably it would encourage a few monopolies (amazon and eBay) to dominate, since you'd only need to interact with them by paper once. But not impossible.

How many use it?

[steevc]

I've had a public key for a few years and have cross-signed keys of a few people I know, but most do not encrypt or even sign their emails despite knowing the insecurities of email. I'm surprised that it is not used more commercially, but I have never had a signed or encrypted email at work and that often involves commercially sensitive information.

Could it be that encryption is still to complex for most people?

I will continue to encrypt emails to those I know can handle it and will sign others.

Re:first papers on PKC

[coderpunk]

Was PZ at this event? PGP did more than anything to bring public key crypto into the mainstream.

John Markoff

[Progoth]

Is this the same John Markoff that got Kevin Mitnick thrown in jail for lying about him in the New York Times?

Overstatement

[iamacat]

Without public key cryptography, ecommerce would be an idea as opposed to an enabler of billions of daily transactions.

Hardly. Phone conversations are not encrypted and can be/are intercepted, yet phone commerce is commonplace. Even in-person credit card purchases are hardly secure and there are a number of websites that do e-commerce without encryption. Without public key cryptography, more attention would be paid to security of the path between your ISP and the vendor. Websites could also have you set up username and password over a more secure channel and then use plain symmetrical encryption for the actual purchase.

Re:GCHQ in 1973!

[leob]

I've attended the meeting, I've seen that evidence. The GCHQ articles on PKC had quite dismissive titles.