The invention of public-key cryptography and the political debate that surrounds the use of strong cryptography bring us up to the present day, and it is clear that the cryptographers are winning the information war. According to Phil Zimmermann, we live in a golden age of cryptography: 'It is now possible to make ciphers in modern cryptography that are really, really out of reach of all known forms of cryptanalysis. And I think it's going to stay that way.' Zimmermann's view is supported by William Crowell, Deputy Director of the NSA: 'If all the personal computers in the world, approximately 260 million computers, were to be put to work on a single PGP encrypted message, it would take on average an estimated 12 million times the age of the universe to break a single message.'

Previous experience however, tells us that every so-called unbreakable cipher has, sooner or later, succumbed to cryptanalysis. The Vigenère cipher was called 'le chiffre indéchiffrable', but Babbit broke it; Enigma was considered invulnerable, until the Poles revealed its weaknesses. So, are cryptanalysts on the verge of another breakthrough, or is Zimmermann right? Predicting future developments in any technology is always a precarious task, but with ciphers it is particularly risky. Not only do we have to guess which discoveries lie in the future, but we also have to guess which discoveries lie in the present.

 

Despite the enormous strengt of RSA and other modern ciphers, cryptanalysts are still able to play a valuble role in intelligence gathering. Their success is demonstrated by the fact that cryptanalysts are in greater demand than ever before, the NSA is still the world's largest employer of mathematicians.

Only a small fraction of the information flowing around the world is securely encrypted, and the remainder is poorly encrypted or not at all. This is because the number of Internet users is rapidly increasing, and yet few of these people take adequate precautions in terms of privacy.

Even if users employ the RSA cipher properly, there is still plenty that codebreakers can do to glean imformation from intercepted messages. Codebreakers continue to use old-fashioned techniques like traffic analysis. A more recent development is the so-called 'tempest attack', which aims to detect the distinct electromagnetic signals emitted by a computer each time a letter is typed. If Eve parks a van outside Alice's house, she can use sensitive tempest equipment to identify each individual keystroke that Alice makes on her computer. To defend against tempest attacks, companies are already supplying shielding material that can be used to line the walls of a room to prevent the the escape of electromagnetic signals.

Other attacks include the use of viruses and Trojan horses. Eve might design a virus that infects PGP software and sits quietly inside Alice's computer. When Alice uses her private-key to decrypt a message, the virus would wake up and make a note of it. The next time that Alice connects to the Internet, the virus would surreptitiously send the private-key to Eve, thereby allowing her to decipher all subsequent messages sent to Alice.

The Trojan horse, another software trick, involves Eve designing a program that appears to act like a genuine encryption product, but which actually betrays the user. Alice might believe that she is downloading an authentic copy of PGP, whereas in reality she is downloading a Trojan horse version. As Phil Zimmermann puts it: 'Anyone could modify the source code and produce a lobotomized zombie imitation of PGP that looks real but does the bidding of its diabolical master.'

A variation on the Trojan horse is a brand-new piece of encryption software that seems secure, but which actually contains a 'backdoor', something that allows its designers to decrypt everybody's messages. In 1998, a report by Wayne Madsen revealed that the Swiss cryptographic company Crypto AG had built backdoors into some of its products, and had provided the U.S. Government with details of how to exploit these backdoors. As a result, America was able to read the communications of several countries. In 1991 the assassins who killed Shahpour Bakhtiar, the exiled former Iranian prime minister, were caught thanks to the interception and backdoor decipherment of Iranian messages encrypted using Crypto AG equipment.

Although traffic analysis, tempest attacks, viruses and Trojan horses are all useful techniques for gathering information, cryptanalysts realise that their real goal is to find a way of cracking the RSA cipher, the cornerstone of modern encryption. The RSA cipher is the most important military, diplomatic, commercial and criminal communications, exactly the messages that intelligence gathering organisations want to decipher.

From 'The Code Book' by Simon Singh, ISBN 1-85702-879-1

Pictures, top: Jacket of 'The Code Book', below: Phil Zimmermann, creator of PGP

 

1) Make sure you understand: codes, ciphers, codebreakers, cryptanalysts, PGP.

2) Tell me more of Phil Zimmermann and Simon Singh.

3) Name the three Poles who revealed the weaknesses of the Enigma.

4) What well-known British mathematician was involved in breaking the Enigma?

5) RSA encryption was invented in 1977. Can you explain it with an example?

6) Compile a profile of Crypto AG.

7) Hans Buehler, a top salesman for Crypto AG, was arrested in Teheran on March 18, 1992. Can you tell me more of this incident?

8) What was the Iraqi-Iranian conflict about?