Future of Cryptology essay

[Nick Smith]

'Lo all

I would just like to say a big thanks to the following poeple who have
helped me in my quest for a better essay. Hopefully it is a little better
now but I may not have had time ( :-) ) to include all recomendations. All
these names shall appear in the knowledgments (big wow!). I have also
included the new version of this essay!

David A. Wagner dawa...@phoenix.Princeton.EDU
Donald E. Eastlake d...@world.std.com
Phillip Fites fi...@quicis.queensu.ca
Nigel <I need you surname > nig...@innotts.co.uk
Sandy Harris sha...@fox.nstn.ca
Mika Niemi Mika....@ericsson.fi


Thankyou and goodnight!

Nick

THE FUTURE OF CRYPTOLOGY

Nicholas Smith

In this final section of the report we will consider the future of
cryptology. In order to do this we need to look at two basic aspects. The
first will be the actual future of the encryption mechanisms and
algorithms. The second will be its future usage and the areas of society
it may well penetrate. Although this is not strictly cryptology within
computing, it is important because we feel the future of cryptology in
general is within a wide range of applications, not just computers. The
reason for this is the expanse of the digital world.

The current algorithms and encryption methods are secure. Very secure. But
for how long? In 1978 the National Security Administration commented to
the US Senate Select Committee on Intelligence that:

" DES was more than adequate for at least a 5
- 10 year time
span for the unclassified data for which it was intended. "

[REF: Bruce Schneiers Applied Cryptography: protocols, algorithms, and
source code in c Published: New York, Wiley c1994 ISBN 0-471059756-2]

In 1993 Michael Wiener published a paper stating that it would be possible
to design and build a machine to do an exhaustive DES (or any system with
only 56 bits of key) key search in under four hours for a total cost of
one million US dollars [REF: M.J. Wiener, "Efficient DES Key Search",
TR-244, May 1994, School of Computer Science, Carleton University, Ottawa,
Canada. Presented at the Rump Session of Crypto '93]. The simple reason
why this was possible is because of the improvements in hardware
technology. From this we can see that the algorithms used in cryptology
are evolving: as the hardware increases in speed, so the algorithms must
be complicated enough to slow them down to an unmanageable state. The
methodologies to be used in the future currently rest with the principles
of triple DES, but, as the quote demonstrates, anyone using such a scheme
must acknowledge that it will not be safe forever. It is also unfortunate
that we cannot predict how long an algorithm will remain secure. As one
expert in cryptology said:

No-one knows of anything that will be safe for 80 years -- and
anyone who thinks they can predict the future that far ahead
ought to be sent to the loony bin.

[REF: David Wagner - dawa...@princeton.edu]

Taking a side step from the mathematical point of view, encryption devices
have an uncertain next few years. The fate of the Clipper Chip is in the
balance, with it being reported that it has been scrapped and then
revamped many times. Perhaps the deciding factor will be the American
politicians, as it is the Clinton Government that is overwhelmingly
supporting it. PGP also has an undecided future, with its author still
awaiting prosecution in the US and further products being released to
complement it. One of these is PGP sendmail, which is a replacement for
the UNIX sendmail command, used for sending electronic mail. In this
version, the mail is automatically turned into cyphertext and back again
(with the aid of passwords).

One of the most interesting developments in computing to be witnessed in
future years will be the introduction of electronic banking. Technically
we already have the fundaments of electronic banking, with the common use
of automatic telling and cash deposit machines. What the future holds,
according to the major banks, is a full integration of banking services on
the public networks, mainly through the Internet. In order to do this the
system must be secure. This is a perfect, or perhaps a necessary
application of cryptology.

But some companies are going further. Not only are they introducing
facilities to check balances and pay bills from the comfort of your own
home, but are also proposing a digital form of currency, to be known as
digicash [REF: http://www.digicash.com/] and even Netcheques[REF:
http://nii-server.isi.edu/info/NetCheque/]. This will act in much the same
as paper money, but instead of paper, you will have electronic monetary
units. It will thus by easier to forge as it is only a string of bits.
Therefore, when you wish to purchase an item, you pay for it using these
units. Obviously it will be necessary to have some sort of governing
entity to control the flow of such funds.

In order for this to be reasonably functional and successful, business
will need to be connected to the network. Currently, a few companies are
selling their products from within the World Wide Web (an user-friendly
Internet interface) but the interest in is growing fast. The reason for
this is the sheer expansion in users of the Internet (approximately one
new one every two minutes - see Appendix A)

I believe that in two to three years you will see as many as 100,00
companies using the Internet as a principle sales and service channel

[REF: Financial Times 06 June 1994 Media Futures: Doing cyber business by
Louise Kehoe].

The existing problem, and hence the preventing factor of the full go
ahead, is security. Malicious hackers can relatively easily change their
user identity and thus emulate anyone (and their Internet Protocol Address
- known as IP spoofing [REF:
http://www.msen.com/~emv/tubed/spoofing.html]). If this happened when a
digital currency was in operation it would enable these people to redraw,
deposit and change any bank accounts they liked. The results would be
disastrous. What is needed therefore, is a form of foolproof
identification scheme. Something similar to PGP would be ideal, and the
algorithms used within it are well-published, well-known and have been
subjected to several years scrutiny, but the concerns of the
multinational banks are centred upon key management and standardisation.
Without a set of clear protocols and guidelines being created (buy
establishments such as the International Standards Organisation), the
journey to full digital banking looks a long and slow trek.

Current investigation into secure banking is being led by the Netscape
Corporation [REF: http://home.mcom.com/] which has released and
encouraged the use of its secure Netscape program (a tool used to access
the World Wide Web) [as reported in the Financial Times 21 November 19993
/ Media Futures bye Louise Kehoe]. At present though, this program only
provides a secure channel for the passing of banking or credit card
details by using an encryption system called Secure Sockets Layer (SSL)
[REF http://www.netscape.com/newsref/std/SSL]. The SSL system will allow
such transfers over any aspect of the Internet (such as
telnet/Gopher/email etc.). A new company has been formed called Terisa
with backing from IBM, America Online, Compuserve, Prodigy and Netscape to
produce the necessary toolkit for the new standard. [Ref
http://www.terisa.com/].

This is more advanced than the NCSAs (developers of the rival Mosaic
program) project called CommerceNet which is a secure World Wide Web
protocol (called Secure Hyper-Text Transfer Protocol) [Ref
http://www.eit.com/projects/s-http/].

Cryptology will also be facing a growth in its user base in the coming
years. As society in general is going toward a more digital era, this
means computing will become a cash cow industry. The applications for
cryptology will therefore expand rapidly.

Another area to be affected by cryptology is television. Stations will
switch from analogue to signals in an attempt to not only improve quality
but also prevent illicit viewing or recording digital [As reported in
Financial Times December 1993 by Andrew Hill]. As digital signals are
essentially the same as binary data, encryption would seem an appropriate
remedy. The Societe Europeene des Satellites (SES) commented:

if digital television was going to be a success.... it is
vital for there to be a common encryption system

[REF: Financial Times December 1993]

Another area to be touched by cryptology will be the telephone system.
Already we have encrypted digital facsimiles [Financial Times 04th
September 1992] but as digital networks expand, it is likely that all
exchanges will become digital. Again the driving force behind it would be
better quality and better reliability.

But digitalisation may to lead to even larger reorganisation. A program
called IPhone has been released that allows Internet users to speak over
the network with analogue to digital conversion on the fly. It has massive
implications for the telephone companies as it is possible to get
international calls at a local rate. Another program called Nautalus has
the same basic principle but provides in-built encryption. Currently, this
is covered by US ITAR regulations and cannot be exported from the states
due to the strength of the encryption. Of course, it everyone used these
programs, the Internet would fall-over due to the massive amount of
traffic but it does demonstrate what is to come.

Perhaps the key to the future of encryption lies in the hands of the
politicians. Governments are so concerned with the possibilities of the
power of cryptology (with the ability of hiding information from them)
that most developed countries are jumping on the American band-wagon, by
enforcing strict export controls. France and Russia have even gone so far
as to introduce encryption bans.

To conclude this section satisfactorily, we need to look at the reasons
why cryptology is really necessary in the future. In the past, in order
for a criminal act to take place, it was required that the criminal be at
the place where the event was to take place (such as robbing a bank).
Nowadays, with the growth of computer networks and telecommunications
systems, a criminal can perform a much larger and more wide scale crime in
a location, thousands of miles away, from the safety of a computer screen.
The only prevention against this is tight security. In order for this to
be achieved, cryptology is needed. As the world becomes more and more
digital, so cryptology will become more and more important, not only to
the high-powered banks but also to the man in the cyber street.

--
n.a....@bradford.ac.uk http://www.brad.ac.uk/~nasmith/index.html
ni...@nether.net Maintainer of the hip-hop WWW lyrics site

finger nas...@muser.brad.ac.uk for PGP block

[Adam Back]

I know you've finished with the paper, but I think there are two
corrections (the second is a quibble only) which should be pointed out
for the record (electronic record) as it were.

(Note that I have no affiliation to David Chaums DigiCash bank, lest
it seem that I am overly enthousiastic about it, it's just that I view
it as technologically superior to the other current contenders.)

So, a comment on the DigiCash section:

> This will act in much the same as paper money, but instead of paper,
> you will have electronic monetary units. It will thus by easier to
> forge as it is only a string of bits.

I think this sentence on forgery is untrue, DigiCash is the work of
David Chaum one of the leading academics in this area, and his ecash
is extremely secure. There are two main forms, on-line and off-line,
his current trial of 10,000 users as is going on
http://digicash.support.nl/ is on-line, that is to say the seller
deposits the cash after each transaction, and the seller must be
on-line to do this.

RSA digital signatures are used in both forms and the security is
essentially that of either 512 or 1024 bit RSA keys. *Very* secure,
and can be made arbitrarily more secure by increasing key sizes.

Another distinguishing feature of David Chaum's system is that it is
anonymous cash, and has much closer parallels to paper cash. The
mathematics involves a complex system of 'blinded' signatures, which
essentially allows the bank to verify the authenticity of the cash
without knowing the identity of the purchaser. In the trial system
the sellers, or vendors are not anonymous, only the purchasers of
items, tho' this is more of a political consideration to ensure the
legality of the items sold, and to ensure that the merchants declare
their earnings for tax purposes.

This has privacy, and cost advantages, which mean that the system
could be used for low value transactions. Also it is immediate, as
ordinary cash, there's no bounced cheques or repudiated credit card
transactions, you spend the cash and it's gone. The immediateness is
it's major strength in the real time nature of electronic
transactions, pay per page Web, purchasing products, and information
sale sort of applications.

I view both the immediate nature, and the privacy protecting option as
reasons why digicash is a supperior product than any of the other
options available at the moment.

For the really interesting stuff, Chaum has papers (and patents), on
off-line ecash, with double-spender protection, all using very clever
maths.

This would open the way for people to interact in a distributed
fashion with second generation Chaumian cash, with out having to have
the distinction between sellers and buyers. This would open the way
for someone to pay another person for consultancy work, pay a friend
money owed, in short a true analog of paper cash, all with good
anti-fraud protection. Better anti-fraud protection than cash which
can be and is counterfeited, also better than credit cards which are
fraught with fraud problems, the banks write off many millions of
dollars in uncaught fraud each year. And last of all it's a software
only solution, and so is very cheap to implement.

The second is a quibble, availability of nautilus:

> Another program called Nautalus has the same basic principle but
> provides in-built encryption. Currently, this is covered by US ITAR
> regulations and cannot be exported from the states due to the strength
> of the encryption.

Have you checked the ftp archive at Oxford Univ, lately:

ftp://ftp.ox.ac.uk/pub/crypto/misc/nautilus-0.9.0.tar.gz

Of course what you say about it being ITAR controlled is true, but
these things have a nasty habit of leaking. Enforcing export / import
of software on the amorphous structure that is the Internet has been
likened to trying to plug a sieve with a hole in it.

Adam
--
HAVE *YOU* EXPORTED A CRYPTO SYSTEM TODAY? --> http://dcs.ex.ac.uk/~aba/rsa/
--rsa--------------------------------8<-------------------------------------
#!/usr/local/bin/perl -s-- -export-a-crypto-system-sig -RSA-in-3-lines-PERL
($k,$n)=@ARGV;$m=unpack(H.$w,$m."\0"x$w),$_=`echo "16do$w 2+4Oi0$d*-^1[d2%
Sa2/d0<X+d*La1=z\U$n%0]SX$k"[$m*]\EszlXx++p|dc`,s/^.|\W//g,print pack('H*'
,$_)while read(STDIN,$m,($w=2*$d-1+length($n||die"$0 [-d] k n\n")&~1)/2)
-------------------------------------8<-------------------------------------
TRY: echo squeamish ossifrage | rsa -e 3 7537d365 | rsa -d 4e243e33 7537d365