[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
["Vinton G. Cerf": Letter to Congress/RSA + DES]
Vint Cerf is a very well-known and respected person in the Internet
community. I don't know if his testimony will mean anything, but it's
interesting to read.
Marc
------- Forwarded Message
To: internauts:;@IETF.CNRI.Reston.VA.US
Subject: Letter to Congress/RSA + DES
Date: Tue, 13 Apr 93 20:26:01 -0400
Sender: [email protected]
From: "Vinton G. Cerf" <[email protected]>
Dr. Vinton G. Cerf
3614 Camelot Drive
Annandale, VA 22003-1302
11 April 1993
The Honorable Timothy Valentine
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
House of Representatives
Rayburn House Office Building
Dear Chairman Valentine:
I recently had the honor of testifying before the
Subcommittee on Technology, Environment and Aviation
during which time Representative Rohrabacher (R,
California) made the request that I prepare
correspondence to the committee concerning the
present US policy on the export of hardware and
software implementing the Data Encryption Standard
(DES) and the RSA Public Key encryption algorithm
(RSA).
As you know, the DES was developed by the National
Institute for Standards and Technology (NIST) in the
mid-1970s, based on technology developed by
Internatonal Business Machines (IBM). The details of
the algorithm were made widely available to the
public and considerable opportunity for public
comment on the technology was offered. In the same
general time period, two researchers at Stanford
University (Martin Hellman and Whitfield Diffie)
published a paper describing the possible existence
of mathematical functions which, unlike the
symmetric DES algorithm, could act in a special,
pairwise fashion to support encryption and
decryption. These so-called "public key algorithms"
had the unusual property that one function would
encrypt and the other decrypt -- differing from the
symmetric DES in which a single function performs
both operations. The public key system uses a pair
of keys, one held private and the other made public.
DES uses one key which is kept secret by all parties
using it.
Three researchers at MIT (Rivest, Shamir and
Adelman) discovered an algorithm which met Hellman
and Diffie's criteria. This algorithm is now called
"RSA" in reference to its inventors. The RSA
technology was patented by Stanford and MIT and a
company, Public Key Partners (PKP), created to
manage licensing of the RSA technology. A company
called RSA Data Security, Inc., was also formed,
which licensed the technology from PKP and markets
products to the public based on the technology.
The current policy of the United States places DES
and RSA technology under export control. Because
cryptography falls into the category of munitions,
it is controlled not only by the Commerce Department
but also by the State Department under the terms of
the International Traffic in Arms regulations.
Despite the public development of both of these
technologies and their documented availability
outside the United States over the last 15 years, US
policy has been uniformly restrictive concerning
export licensing.
As the United States and the rest of the world enter
more fully into the Information Age in which digital
communications plays a critical role in the global
infrastructure, the "digital signature" capability
of public key cryptography is a critical necessity
for validating business transactions and for
identifying ownership of intellectual property
expressed in digital electronic forms.
Registration and transfer of intellectual property
rights in works which can be represented in digital
form will be cenral factors in the national and
global information infrastructure. A number of
parties are exploring technical means for carrying
out rights registration and transfer, making use of
public key cryptography as a basic tool.
In addition, there is a great deal of current work
on electronic mail systems which support privacy by
means of encryption and support authenticity by
means of digital signatures. One of these systems,
developed in the Internet environment I mentioned in
my testimony, is called Privacy-enhanced Mail (PEM)
and makes use of DES, RSA and some other special
"hash" functions which are integral to the
production of digital signatures.
For these various systems to be compatible on an
international basis, it would be very helpful for
the cryptographic components to be exportable on a
world-wide basis. A number of vendors make produces
relying on these technologies within the United
States but often find it very difficult to engage in
international commerce owing to the export licensing
required for these technologies. Ironically, the
technology appears to be widely available outside
the US and also outside the COCOM countries, so US
firms face both competition outside the US and
export inhibitions in their attempts to develop
worldwide markets.
There are many valid national security reasons for
limiting the export of cryptographic capabilities,
since these technologies may aid an opponent in time
of war or other conflict. Perhaps just as important,
US intelligence gathering capability can be eroded
by the availability of high grade cryptography on a
worldwide basis. Recently, it has also been alleged
that the world-wide availability of cryptography
would also seriously impede US drug enforcement and
anti-crime efforts. While these reasons seem
sufficient, many have pointed out that the
widespread accessibility to the detailed
specifications of DES and RSA and availability and
existence of software and hardware outside the US
have long since done whatever damage is going to be
done in respect of warfighting, crime or drug
potential. This line of reasoning leads to the
conclusion that our policies only inhibit legitimate
commerce, but have little impact on the other
concerns expressed.
As in all such controversy, there is often some
truth on both sides. The National Institutes of
Standards and Technology (NIST), has offered
alternative digital signature capability. Technical
assessments of the alternative have turned up
weaknesses, in the opinions of some experts. There
is not yet an alternative to DES, unless it is to be
found in NSA's Commercial Crypto Evaluation Program
(CCEP) in which NSA proposes to provide algorithms
which are implemented in hardware by industry and
made available for civilian use. As I understand
this program, NSA does not intend to release any
details of the algorithms, leaving open questions
about the nature and strength of the technology.
Some experts will persist in the belief that such
offerings have weaknesses which are deliberately
built in and hidden (so-called "Trojan Horses")
which will allow the agency to "break" any messages
protected by this means.
The critics complained loudly that the reasoning
behind the design of certain parts of the DES
algorithm (specifically the "S-boxes") was never
made public and therefore that the algorithm was
suspect. In fact, the DES has proven to be very
strong - indeed, it may be that very fact which
makes it so unpalatable in some quarters to permit
its unrestricted export. It may be that the CCEP
technology offered is satisfactory, but this is hard
to tell without knowing more about its provenance.
Presuming the wide availability of both DES and RSA
technology, it seems to me appropriate and timely to
re-examine US export control policy regarding these
two algorithms. In all probability, any such review
will require some classified testimony which will
have to be heard in confidence by cleared members of
your committee. I sincerely hope that the outcome
will be favorable to use by US industry in
international commerce, but even if the outcome
results in continuation of present policy, it is
timely to make such a review, in my opinion.
Sincerely,
Vinton G. Cerf
------- End of Forwarded Message