[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

["Vinton G. Cerf": Letter to Congress/RSA + DES]




Vint Cerf is a very well-known and respected person in the Internet
community.  I don't know if his testimony will mean anything, but it's
interesting to read.

		Marc

------- Forwarded Message

To: internauts:;@IETF.CNRI.Reston.VA.US
Subject: Letter to Congress/RSA + DES
Date: Tue, 13 Apr 93 20:26:01 -0400
Sender: [email protected]
From: "Vinton G. Cerf" <[email protected]>




Dr. Vinton G. Cerf
3614 Camelot Drive
Annandale, VA 22003-1302

11 April 1993
The Honorable Timothy Valentine
Committee on Science, Space and Technology
Subcommittee on Technology, Environment and Aviation
House of Representatives
Rayburn House Office Building

Dear Chairman Valentine:

I recently had the honor of testifying before the 
Subcommittee on Technology, Environment and Aviation 
during which time Representative Rohrabacher (R, 
California) made the request that I prepare 
correspondence to the committee concerning the 
present US policy on the export of hardware and 
software implementing the Data Encryption Standard 
(DES) and the RSA Public Key encryption algorithm 
(RSA).

As you know, the DES was developed by the National 
Institute for Standards and Technology (NIST) in the 
mid-1970s, based on technology developed by 
Internatonal Business Machines (IBM). The details of 
the algorithm were made widely available to the 
public and considerable opportunity for public 
comment on the technology was offered. In the same 
general time period, two researchers at Stanford 
University (Martin Hellman and Whitfield Diffie) 
published a paper describing the possible existence 
of mathematical functions which, unlike the 
symmetric DES algorithm, could act in a special, 
pairwise fashion to support encryption and 
decryption. These so-called "public key algorithms" 
had the unusual property that one function would 
encrypt and the other decrypt -- differing from the 
symmetric DES in which a single function performs 
both operations. The public key system uses a pair 
of keys, one held private and the other made public. 
DES uses one key which is kept secret by all parties 
using it.

Three researchers at MIT (Rivest, Shamir and 
Adelman) discovered an algorithm which met Hellman 
and Diffie's criteria. This algorithm is now called 
"RSA" in reference to its inventors. The RSA 
technology was patented by Stanford and MIT and a 
company, Public Key Partners (PKP), created to 
manage licensing of the RSA technology. A company 
called RSA Data Security, Inc., was also formed, 
which licensed the technology from PKP and markets 
products to the public based on the technology.

The current policy of the United States places DES 
and RSA technology under export control. Because 
cryptography falls into the category of munitions, 
it is controlled not only by the Commerce Department 
but also by the State Department under the terms of 
the International Traffic in Arms regulations. 
Despite the public development of both of these 
technologies and their documented availability 
outside the United States over the last 15 years, US 
policy has been uniformly restrictive concerning 
export licensing. 

As the United States and the rest of the world enter 
more fully into the Information Age in which digital 
communications plays a critical role in the global 
infrastructure, the "digital signature" capability 
of public key cryptography is a critical necessity 
for validating business transactions and for 
identifying ownership of intellectual property 
expressed in digital electronic forms.

Registration and transfer of intellectual property 
rights in works which can be represented in digital 
form will be cenral factors in the national and 
global information infrastructure. A number of 
parties are exploring technical means for carrying 
out rights registration and transfer, making use of 
public key cryptography as a basic tool. 

In addition, there is a great deal of current work 
on electronic mail systems which support privacy by 
means of encryption and support authenticity by 
means of digital signatures. One of these systems, 
developed in the Internet environment I mentioned in 
my testimony, is called Privacy-enhanced Mail (PEM) 
and makes use of DES, RSA and some other special 
"hash" functions which are integral to the 
production of digital signatures.

For these various systems to be compatible on an 
international basis, it would be very helpful for 
the cryptographic components to be exportable on a 
world-wide basis. A number of vendors make produces 
relying on these technologies within the United 
States but often find it very difficult to engage in 
international commerce owing to the export licensing 
required for these technologies. Ironically, the 
technology appears to be widely available outside 
the US and also outside the COCOM countries, so US 
firms face both competition outside the US and 
export inhibitions in their attempts to develop 
worldwide markets.

There are  many valid national security reasons for 
limiting the export of cryptographic capabilities, 
since these technologies may aid an opponent in time 
of war or other conflict. Perhaps just as important, 
US intelligence gathering capability can be eroded 
by the availability of high grade cryptography on a 
worldwide basis. Recently, it has also been alleged 
that the world-wide availability of cryptography 
would also seriously impede US drug enforcement and 
anti-crime efforts. While these reasons seem 
sufficient, many have pointed out that the 
widespread accessibility to the detailed 
specifications of DES and RSA and availability and 
existence of software and hardware outside the US 
have long since done whatever damage is going to be 
done in respect of warfighting, crime or drug 
potential. This line of reasoning leads to the 
conclusion that our policies only inhibit legitimate 
commerce, but have little impact on the other 
concerns expressed.

As in all such controversy, there is often some 
truth on both sides. The National Institutes of 
Standards and Technology (NIST), has offered 
alternative digital signature capability. Technical 
assessments of the alternative have turned up 
weaknesses, in the opinions of some experts. There 
is not yet an alternative to DES, unless it is to be 
found in NSA's Commercial Crypto Evaluation Program 
(CCEP) in which NSA proposes to provide algorithms 
which are implemented in hardware by industry and 
made available for civilian use. As I understand 
this program, NSA does not intend to release any 
details of the algorithms, leaving open questions 
about the nature and strength of the technology. 
Some experts will persist in the belief that such 
offerings have weaknesses which are deliberately 
built in and hidden (so-called "Trojan Horses") 
which will allow the agency to "break" any messages 
protected by this means.

The critics complained loudly that the reasoning 
behind the design of certain parts of the DES 
algorithm (specifically the "S-boxes") was never 
made public and therefore that the algorithm was 
suspect. In fact, the DES has proven to be very 
strong - indeed, it may be that very fact which 
makes it so unpalatable in some quarters to permit 
its unrestricted export. It may be that the CCEP 
technology offered is satisfactory, but this is hard 
to tell without knowing more about its provenance. 

Presuming the wide availability of both DES and RSA 
technology, it seems to me appropriate and timely to 
re-examine US export control policy regarding these 
two algorithms. In all probability, any such review 
will require some classified testimony which will 
have to be heard in confidence by cleared members of 
your committee. I sincerely hope that the outcome 
will be favorable to use by US industry in 
international commerce, but even if the outcome 
results in continuation of present policy, it is 
timely to make such a review, in my opinion.

Sincerely,


Vinton G. Cerf






------- End of Forwarded Message