Cryptography`s Past, Present, and Future Role in Society
Transcription
Cryptography`s Past, Present, and Future Role in Society
Cryptography’s Past, Present, and Future Role in Society Franck Lin 12/16/2010 i Contents Executive Summary....................................................................................................................................... 1 Introduction .................................................................................................................................................. 2 Part One: Technological Background ............................................................................................................ 3 Symmetric Key Encryption ........................................................................................................................ 3 Examples of Symmetric Key .................................................................................................................. 4 Asymmetric (Public) Key Encryption ......................................................................................................... 7 One-way functions ................................................................................................................................ 8 RSA ........................................................................................................................................................ 8 Digital Signatures and Hashing ............................................................................................................. 9 Limitations of Public Key Cryptography .............................................................................................. 10 Quantum Key Distribution ...................................................................................................................... 11 Theory ................................................................................................................................................. 11 Cipher Details ...................................................................................................................................... 11 Feasibility ............................................................................................................................................ 12 Conclusion of Technical Overview .......................................................................................................... 12 Part Two: The Digital Age and Cryptography .............................................................................................. 13 Overview of Privacy Laws ....................................................................................................................... 13 Judicial Precedent ............................................................................................................................... 13 The 4th Amendment and Cryptography .................................................................................................. 14 Government and Cryptography .............................................................................................................. 15 Key Disclosure ..................................................................................................................................... 15 Key Escrow .......................................................................................................................................... 15 Cryptography as a Military Asset ........................................................................................................ 16 Export Restrictions ...................................................................................................................... 16 Digital Millennium Copyright Act ........................................................................................................ 17 Society’s Quantum Leap ......................................................................................................................... 18 Conclusion ................................................................................................................................................... 20 Works Cited ................................................................................................................................................. 21 Appendix ....................................................................................................................................................... A RSA (Asymmetric/Public Key Cipher) ........................................................................................................ A B92 (Quantum Key Distribution using Polarized Light)............................................................................. B 1 Executive Summary The Individual and Authority (defined as civil government, military, and corporations) have always had a complex relationship with cryptography. Craving digital privacy, individuals highly value the effectiveness and transparency of the algorithms protecting personal and financial secrets. On the other hand, governments want to intercept criminal communication, the military wants to maintain a proven military asset, and corporations, especially those that sell media, want to safeguard their multibilliondollar markets. These later desires often run counter to the privacy-rights of the individuals. After establishing basic technical literacy, I will argue that the future advent on quantum cryptology, based on the fantastic yet proven field of quantum mechanics, represents a revolution in our information society. I will show that the past 50 years of digital cryptography has been characterized by a constant “tug-of-war” between the individual and authority. Quantum cryptology will end this decade-long struggle and also define who will finally win what cryptographic rights. However, the result of quantum cryptography is largely dependent on what precedents we establish in this generation. Lastly, I will attempt to make educated predictions on how our individual privacy rights will be affected by this technology. 2 Introduction In the course of human history, there is a collection of technological innovations that have revolutionized society. The printing press is an often-cited example of the great impact one humble person’s invention can have on ruling dynasties, world religions, and personal life. Quantum encryption could rival Guttenberg’s printing press in its impact. On October 24, 1861, the Governor of Utah sent the first transatlantic telegraph: “Utah has not seceded but is firm for the Constitution and the laws of our once happy country” Two days later, the Pony Express ceased existence and digital communication in the United States took off. Since then, the right to communicate privately has been synonymous with the right to cryptography. The first half of this report is a technical overview of cryptography, including current progress on quantum cryptography. This technical knowledge is a necessary prerequisite for understanding the second half of this report, which covers cryptography’s complex and sometimes controversial role in society. Figure 1: A map of submarine fiber optic cables. The map shows both the importance and vulnerability of digital communication. 3 Part One: Technological Background There are two basic types of encryption commonly used today, symmetric key and asymmetric key encryption. Although the two methods are very different in theory and application, similar terminology is used to describe the processes: [2] Plaintext: Ciphertext: Bit: The data or message to be sent, in a clear form anyone can read. The data in encrypted form. Binary digit, the basic unit of information stored by a computer. Any letter or number can be encoded as a string of 8 bits. Algorithm: The method used to encrypt and decrypt data, also called a “Cipher.” Key: A crucial parameter in the algorithm. Hash: A fingerprint for a digital file. Alice and Bob: Alice is trying to send Bob a message over an insecure channel. Eve wants to eavesdrop. Attack: A method that can decrypt the message for an interceptor. Shannon’s Maxim: The enemy knows the system! A secure algorithm must assume the enemy knows everything about the system except the key. The goal of this section is to provide a brief overview of how ciphers work and the history of cryptography. The scope includes everything from World War I and excludes the field of classical cryptography. Symmetric Key Encryption Symmetric key encryption is the older and better-known technique. At its most primitive, the algorithm could be “shift each letter alphabetically” and the key could be “+2.” Therefore, the Alice will simply shift each letter by 2 spaces to convert plaintext to ciphertext, and Bob will simply shift back 2 spaces to decrypt the message. For example: Plaintext: MARK IS A SPY Alice shifts each letter +2: OCTM KU C URA Bob shifts each letter -2: MARK IS A SPY There are three characteristics of this simple exercise that also hold true for even the most complex symmetric key algorithms: 4 Alice and Bob use the same key to both encrypt and decrypt The method is useless if they key is not kept privately between Alice and Bob, which is why this method is sometimes referred to as private key encryption. Alice must first securely notify Bob of her key The last characteristic is the method’s greatest limitation. The key, which must be sent in plaintext, can be intercepted. Overcoming or exploiting this weakness is a reoccurring theme in this report and also a focus of cryptographic research. Examples of Symmetric Key I present four examples to illustrate symmetric key cryptography: Enigma: One-time Pad: Stream Cipher: Block Cipher: Historical yet fascinating example. Unbreakable but hard to implement. Vulnerable yet still foolishly used. The current industry standard in security. Enigma Such a simple algorithm such as “shift letters” can easily be attacked by either pure guessing or frequency analysis. An early example of a complex symmetric key algorithm is the Enigma machine, used by the German military in WWII. [2][4] The electro-mechanical machine consisted of a keyboard and rotary blocks that scrambled the data. Every time a letter was pressed, electrical current would flow through the rotary blocks and power a small light bulb which corresponded to a letter in ciphertext. Additionally, one or more rotary blocks would shift after pressing a letter. Therefore, pressing “A” twice would always yield different results. In this method, the key consisted of a timetable of the selection, order, and initial position of the rotary blocks, which was printed on water-soluble paper so that a captured intelligence officer could literally eat his key. Figure 2: Enigma Machine with 3 rotors. White letters are plaintext, yellow are ciphertext. 5 Allied powers were able to break the code mostly due to operator mistakes, which gave Polish and British cryptanalysts insight in how the Enigma machine worked. With creative mathematical theory, cryptanalysts decreased the number of possible keys by orders of magnitude. For example, knowing that the rotary block would always shift when a letter was pressed ruled out some possible keys. Additionally, phrases such as “Heil Hitler” were very common and eliminated several possible keys. British Intelligence built a mechanical “bomb” to quickly cycle through the Figure 3: British "bomba" which quickly cycles through possible rotor arrangements. remaining possibilities. One-time Pad For an unbreakable code, assuming Alice can safely provide Bob with the private key, the “one-time pad” method can be used. [4] For example: Alice randomly generates a string of numbers to be used as the key: 1042 Alice encrypts “Mark” by shifting each letter by a number in the key, using each number only once for each letter: NAVM Bob decrypts the ciphertext using the same string “1042”: Mark Both Alice and Bob throw away the key “1042,” never to be used again. This method requires a large amount of key material and very secure delivery of the key. Additionally, truly random numbers are very hard to generate. 6 Stream Ciphers A stream cipher attempts to imitate a one-time pad. Since it is impractical to have a key that is at least the same size as the plaintext, stream ciphers take a smaller 128 bit key and use a complex feedback method to generate the pseudo-key one would use for a one-time pad. [4] It is referred to as a pseudo-key because it is not truly random, as it should be. Therefore, stream ciphers are insecure. WEP, used to encrypt wireless Figure 4: A5/1 Cipher. The three short keys are recombined to make a pseudorandom stream of key material. internet networks, SSL, used to encrypt packets of data sent over the internet, and A5/1, used to encrypt voice over cell phones, have all been respectively replaced by WPA2, TSL, and KATSUMI, which are block ciphers. Unfortunately, WEP is still commonly used since most people do not know that WEP can be successfully attacked in less than a minute by a child who knows how to run a google search. In fact in 2005, 4 years after a published paper proved WEP could be attacked in less than a minute, hackers stole credit card information from T.J. Maxx stores. The hacker himself was sentenced to 20 years in prison but T.J. Maxx was also sued by a bankers association. Block Ciphers Block ciphers represent a major advancement in cryptography and have few vulnerabilities. Most block ciphers rely on substitution-permutation rounds. In each round, data is broken up into 8-bit sections, substituted according to a key, recombined, and then rearranged according to a key. Imagine separating a book into individual pages, taking a page of text, and substituting and rearranging the words. A particular algorithm may have 12 to 15 rounds. Data Encryption Standard (DES) was once considered secure and used for most financial transactions but a contest hosted by the authors of RSA (an asymmetric key cipher to be described later) awarded 10,000 dollars to anyone who could successfully attack DES. [4] The Electronic Freedom Frontier (a prominent group in the second half of this report) used 250,000 dollars of custom chips to claim the prize. 7 With the proven weakness of DES, the National Institute for Standards and Technology hosted a contest to find a replacement block cipher. A program called Rijndael won the contest and was renamed Advanced Encryption Standard (AES). [4] This cipher also uses Figure 5: The "ShiftRows" step in one round of the AES cipher. This step is governed by the key. multiple substitutions and rearrangements to scramble the data. However, with different formats for encryption and decryption and more complex operations, there is currently no known feasible attack for AES. Asymmetric (Public) Key Encryption As mentioned before, the greatest weakness in symmetric key encryption is that its integrity depends on selectively sharing its private keys. Of course, it is not possible to send a private key over its own encryption. A radically different encryption scheme is required, called asymmetric key encryption. In asymmetric key encryption, the key and algorithm for encryption and decryption are different from each other. The key for encryption is made public but the Figure 6: Asymmetric scheme, where there are two distinct algorithms and two distinct keys. key for decryption is only known by Bob, the receiver. As a very general example: 1. Bob lets the world know what his public key is. 2. Alice uses Bob’s public key to encrypt a message and sends ciphertext to Bob. 3. Bob uses his private key to decrypt the message. 4. Eve cannot use Bob’s public key to decrypt the message because the method is one-way. The security of the cipher from an attack by Eve is dependent on the existence of one-way functions. 8 One-way functions Simple examples of one-way functions include logarithms and mods. For example Log(x)=y Given y, x is easy to find. It is simply 10y. However, given x, finding y will usually require a calculator or a table. When y is a 218 bit key, handheld calculators will not suffice but computers can successfully attack this cipher. As a stronger example: x Mod(3)=y Given x, y is very easy to find. One simply divides x by 3 and outputs the numerator. Therefore, f(4)=1. However, f-1 is much harder to find, because f-1(1) could be 1,4,7,10, etc… More complex one-way functions, used in present-day ciphers, are prime-factorization and the ellipticcurve. Since prime-factorization is used in the most well-known asymmetric key cipher, that math problem will be described in greater detail. RSA In 1873, British economist William Jevons rhetorically asked: “Can the reader say what two numbers multiplied together will produce the number 8616460799? I think it unlikely that anyone but myself will ever know.” [4] Almost 100 years before the advent of Internet, Jevons realized that factoring the product of two prime numbers (factoring a semi-prime) was a one-way function. In RSA, invented by military cryptographers but named after its MIT reinventers, the public key includes the semi-prime number. An example of the RSA cipher in action is included in Appendix A. As a clever marketing scheme, RSA Laboratories released several semi-primes and offered cash rewards to anyone who could factor them. The longest semi-prime factored was RSA-200, with 200 digits, which 9 required 7 years of brute force calculations. When computers advance and attacks become faster, RSA Laboratories simply recommends longer keys. [2] Digital Signatures and Hashing There are two other important uses for one-way signatures: signatures and hashing. If Bob is worried that Eve is pretending to be Alice and sending false information, Bob can ask Alice to sign and hash her documents. Using a different public-private key pair, Alice can use the private key for encryption and the public key for decryption. If an established authority, usually a wellknown company, states what public key is attributed to Alice, only the real Alice could encode her name and hash into Figure 7: How asymmetric key cryptography can be used to sign documents with hash values. the document. A hash is a long string of characters that is a product of a cascading, one-way function. All of the text in the document will be used to generate the hash, so even making minute changes to the text will completely change the hash. Hash functions are available for free, such as MD5. [4] In this example, there are two attackers, Eve and Dan: 1. Alice wants to tell Bob to pay Eve 10 dollars. 2. Alice writes out such instructions and signs the document “Alice 38FJ3MZD9,” with the signature encrypted by her own private key. The alpha-numeric string is the hash. She then encrypts the entire document, signature included, with Bob’s RSA public key. 10 3. Eve intercepts the document but is unable to crack Bob’s private key. So, she deletes the original and forges another set of instructions telling Bob to pay her 1000 dollars. 4. However, Eve cannot sign the document “Alice” because Eve does not have Alice’s private key. 5. Dan is a better cryptanalyst and breaks Bob’s private key. He sees Alice’s signature line as unreadable ciphertext. 6. Dan changes “10” to “1000.” However, this slight change will change the MD5 hash to something like “193KFE3ZP” In both examples, Bob will be able to easily realize that someone is trying to feed him false information. Either Alice’s signature will be missing or the hashes will not match up. This fairly simple procedure is performed every time anyone visits a website or sends an email. The ability to establish a trustworthy online identity is critical to every function of the internet. Limitations of Public Key Cryptography RSA is limited by its larger computational requirements. Additionally, keys must be longer to provide the same level of security. Therefore, the most popular security protocols used to secure online data rely on a hybrid-cipher. Asymmetric encryption is used to send symmetric keys and establish identity, while symmetric encryption is used to transmit the bulk of the information. An early and still valid example of this is Phillip Zimmermann’s Pretty Good Privacy (PGP) cipher. [2][4]Additionally, Zimmermann used his cipher to champion individual cryptographic rights, as explained in the second half of the paper. 11 Quantum Key Distribution Since 1970, before the advent of asymmetric cryptology, physicist and cryptologists alike have demonstrated the potential to use the laws of quantum physics in cryptography. Stephen Wiesner demonstrated in 1970 that information could be encoded by the polarity of light. Based on Wiesner’s work, in 1980, Giles Brassard and Charles Bennett proposed the BB84 cipher. In 1991, Arthur Ekert developed an alternative cipher using entanglement theory. In 1992, Bennett published a modified cipher named B92 that simplified the previous BB84 cipher by using only 2 of 4 possible polarization states. [2][3] Figure 8: Heisenberg Uncertainty. By observing an object, one changes its position and momentum. Therefore, eavesdroppers will leave a trace. Theory In 1900, Max Planck found that a cooling piece of hot iron released little packets of energy, instead of a continuous stream. Therefore, he showed that energy is discrete, and each packet is called a quanta. Since then, our knowledge of the nature of the universe radically changed: Young found that light was a wave. Einstein found that light was a particle. De Broglie found that everything was both a wave and a particle. Heisenberg found that it is impossible to determine exactly both the momentum and position of an electron. One basic explanation of Heisenberg uncertainty is that observing the electron will require a photon to bounce off of it, randomly changing its momentum and position. Einstein, Podolsky, and Rosen found that particles within a single system are entangled to each other. Observing one electron of a pair will fix the state of the other electron instantaneously (faster than light). Cipher Details A detailed description of the B92 cipher can be found in Appendix A. There are several characteristics common to most worked out quantum ciphers: 12 Due to the complexity, the main goal is to communicate a random, private, and symmetric key, not transmit data. The one-time pad cipher is used once the key is generated. The key is created first, then the security of the key is verified through quantum mechanics, and then ciphertext is sent. Therefore, there is no possibility of Eve observing actual ciphertext. Instrumental mistakes are the most serious source of error. For example, if two photons are sent instead of one, this may allow Eve a chance to observe without being detected. Feasibility Quantum key distribution is currently experimentally possible and should be commercially feasible within a decade. The University of Cambridge and Toshiba have achieved transmission rates of 1 Mbit/s over 20 km of fiber and 10kbit/s over 100 km of fiber. The longest distance over which quantum key distribution has succeeded is 148.7 km, achieved in 2007 by Los Alamos National Laboratory. Over free space (no fiber), European collaborators achieved a distance of 144 km, under very clear atmospheric conditions. There are currently 3 specialized networks that can distribute keys over quantum encryption, one in the Northeast, one in Vienna, and one in Tokyo. [3] Conclusion of Technical Overview All algorithms mentioned in this paper, except for the quantum cipher and the one-time pad, are breakable. If nothing else, an algorithm can be broken by a brute force attack, cycling through every possible key. Therefore, the goal of present-day cryptography is to create algorithms that require a time, data, or processing requirement beyond the capability of attackers. For example, A5/1, the cipher used to encrypt cell phone conversations, was successfully attacked in 2000 but required 300 GB of data processing. In reality, A5/1 was not made obsolete until 2006, when the same group demonstrated it could attack the cipher in real-time. [2] There following points are takeaways from this section: Peer-review is essential in ensuring that ciphers have no vulnerabilities, as shown in DES’s replacement. There is a constant chase between encryption and attacks, necessitated by advances in math theory and computing power. The public often lacks even basic technical literacy in cryptography, as shown in the continued use of WEP. Using math and physics, one can prove that the one-time pad with quantum key distribution can be secure. However, implementation may introduce vulnerabilities. 13 Part Two: The Digital Age and Cryptography Digital privacy in the 21st century is more important than ever. The wealth of personal and financial information that is communicated over cell phones, email, and file transfers could, in the wrong hands, ruin anyone and any corporation. Increasingly, the right to privacy is dependent on the right to cryptography. Recent legislative and judicial actions show that, for both good and selfish intentions, the United States is not willing to allow digital privacy. Overview of Privacy Laws The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. th - 4 Amendment of the Constitution of the United States The Constitution only vaguely defines what privacy rights are protected. Furthermore, the authors of the 4th Amendment could not have foreseen the technological advances that have changed the definitions of “*…+ papers, and effects” and “unreasonable.” Recent court decisions shed light on the present relationship between Constitution and privacy. Judicial Precedent First, what constitutes a “reasonable expectation of privacy”? The Judicial Branch interprets the 4th amendment to stress “rights-based expectation” over “probability-based expectation.” For example, Justice Rehnquist explains: [5] A burglar plying his trade in a summer cabin during the off season may have a thoroughly justified subjective expectation of privacy, but it is not one which the law recognizes as “legitimate.” *…+ his expectation is not “one that society is prepared to recognize as ‘reasonable.’” However, a weakness in this application of the 4th Amendment is that judges have to predict what society considers a reasonable expectation of privacy. Rulings from different levels of the judicial system will often disagree and even at the Supreme Court level, contradictions exist. For example, in Florida v. Riley, the Supreme Court ruled that police do not need a warrant to observe an individual’s property from public airspace using a helicopter. In Kyllo v. United States, the Supreme Court, without 14 overturning the Riley decision, ruled that police did need a warrant to observe an individual’s property from public property using thermal imaging. [5] Another example of the haphazard line the Judiciary draws between “reasonable” and “unreasonable” is the Open Field Doctrine. Under this U.S. legal doctrine, fields surrounding a house do not fall under the protection of the 4th Amendment. However, curtilage, the area of land immediately surrounding a home, is protected by the 4th Amendment. [5] The 4th Amendment and Cryptography Orin Kerr, a professor of law at George Washington University and a leading scholar in computer crime law, cites three court cases that are indirectly relevant to cryptography. [5] In United States v Scott, a circuit court ruled that shredded tax documents could be reconstructed and admitted as evidence. In United States v. Longoria, a circuit court ruled that excerpts from a Spanish conversation could be translated and admitted as evidence even if the criminals switched to Spanish for the express purpose of hiding their criminal activities. In Commonwealth v. Copenhefer, the Pennsylvania Supreme Court ruled that deleted files from a hard drive could be recovered and admitted as evidence. In these three case examples, Kerr is showing that cryptography cannot create a reasonable expectation of privacy. Since the act of encrypting is analogous to shredding a document, speaking a foreign language, and deleting the file directory of a file, it logically follows that society does not view encryption as a reasonable source of privacy. However, I disagree. Hopefully, with acquired technical literacy of the theory and implementation of cryptography, society will view the safe and key as a more accurate analogy. An individual is allowed to purchase a safe even though it may be used to store legitimate yet sensitive material or illegal material. Either way, once the individual locks the safe, he has established a reasonable expectation of privacy and a specific warrant would be needed to force the safe open. Using similar reasoning, individuals should be allowed to purchase ciphers and once data is encrypted, 4th Amendment rights apply. Figure 9: Acceptance of the "lock and key" analogy would result in strong protections for encrypted data. 15 Government and Cryptography The authority, defined previously as the government and corporations, enjoy the security of strong ciphers yet often do not want individuals also to use strong ciphers. Through legislative and judicial measures, the government has tried to limit the individual’s access to cryptography, even infringing on free speech, trial, and privacy rights. Key Disclosure Key disclosure laws require, under certain conditions, that individuals surrender cryptographic keys to law enforcement. In the United States, no law technically exists but key disclosure is established under case law through the 2007 United States v. Boucher. [1] In US v. Boucher, a border agent saw child pornography on Boucher’s laptop and arrested Boucher. When the laptop was turned on again, investigators found that one of the laptop drives was encrypted with PGP, the freely available hybrid cipher discussed earlier. The grand jury subpoenaed Boucher to provide the key. Boucher objected, citing his 5th Amendment rights, protection from self-incrimination. After appeal, a federal district court ruling forced Boucher to provide his key. In this specific case, the judge strangely cited the fact that the border agent already saw the contents of Boucher’s laptop as justification that the encrypted drive “adds little or nothing to the sum total.” [1] Most likely, the controversial subject of key disclosure will surface again and may reach the Supreme Court. Key Escrow As a preemptive measure to preclude key disclosure, many law enforcement agencies advocate for key escrow. In key escrow, the government is given a “back-door” to a cipher, to be used when appropriate, such as in a court order. [7] In 1993, before AES- Rijndael replaced the obsolete DES, the US Government promoted the Clipper chip which contained a symmetric key cipher called Skipjack. Skipjack was classified as “SECRET” so that cryptography experts could not evaluate the strength of the cipher. The Electronic Frontier Foundation (EFF), the same foundation that proved the obsoleteness of DES, referred to the scheme as “key surrender, citing concerns that Skipjack had Figure 10: Anti-Escrow cartoon. 16 unexamined flaws and the escrow key would be abused. The government’s ambition for complete access to individuals encrypted files was not limited to just Clipper. Bill Clinton, approving the Clipper chip in 1993, wrote: I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key-escrow system. [7] The EFF, individuals concerned with privacy, and even several law-makers vociferously opposed key escrow. Despite offering incentives to manufacturers, Clipper was never embraced. Simply put, if thenSenator John Ashcroft, pioneer of the USA PATRIOT Act, thinks the government overstepped its boundaries with key escrow, then key escrow is obviously a step towards a police-state. Cryptography as a Military Asset Cryptography has its roots in the military and will always be an important military asset. Along with the Enigma cipher, Allied cryptanalysts also successfully attacked the Lorenz cipher, used among German High Command, and JN-25, used by the Japanese Imperial Navy. In the present-day, beyond the obvious need to keep military orders secret, government-sponsored cyber-war means cryptography is a national security concern. Stuxnet, an elaborate computer worm discovered in 2010, overrode speed controls in Iranian centrifuges and set back their nuclear program. The evidence points towards the Israeli government, who have confirmed that “cyberwarfare is now among the pillars of its defense doctrine*…+.” The 2010, the Pentagon set up the Cyber Command to defend its computer networks from foreign attack. It is a recent response to a war that the US seems to be losing, as there are several confirmed successful attacks on high-value military networks. [1] 17 Export Restrictions Until 1992, cryptography was on the US Munitions List. [6][2] Exporting cryptography was a felony Figure 11: RSA source code. Before 1992, it was a serious felony to take this shirt outside the country. equivalent to giving an enemy country a physical AIM-9 Sidewinder heat-seeking missile. Proponents of unfettered study of cryptography responded by making cipher tee-shirts and tattoos. In 1993, Zimmermann, the author of PGP, was under investigation for exporting munitions without a license, which carried substantial jail-time. In an attempt to invoke more directly his 1st amendment rights, Zimmerman had published his entire source code in a 907 page book. Anyone could buy the book, export the book himself, and scan the pages using text-recognition software. Fortunately for Zimmermann, the federal investigation ended. Furthermore, in 1996, Junger v. Daley established that Junger, a professor of computer law, could accept non-US citizen students and any software source code enjoyed 1st Amendment protection. [1] Even now, with export controls weakened by court rulings and widely available PGP encryption, the US government is still trying to control dissemination. Non-military cryptography exports (hardware, software, and even consulting services) need an export license from the Department of Commerce. [1] Digital Millennium Copyright Act The DMCA issue, in my opinion, represents a greater threat to digital rights than key disclosure law, key escrow, and export controls. DMCA, signed by President Bill Clinton, criminalizes production and dissemination of technology, devices, or services intended to circumvent digital rights management (DRM), which is software that limits copying and playback. [1] Furthermore, the act of circumventing DRM is illegal even if the material is not under copyright. For example, using a program to copy a purchased DVD is illegal, even though making back-ups of purchased media is legal under Fair Use laws. Among the DMCA, Librarian of Congress “Fair Use” exceptions, and vague 1st Amendment protections, the boundary between illegal and legal is unclear. Since large media corporations can easily issue Takedown Notices, most individuals will not risk litigation. [1] 18 DCMA and Cryptography DMCA has stifled worldwide cryptography research, since any cryptography could be used to circumvent DRM. I only include a few examples since a full list would be exhaustive. The most visible example of this conflict is Dmitry Sklyarov’s one-month imprisonment in 2001. Sklyarov was a Russian PhD student and employee of ElcomSoft, who wrote software that could process DRMprotected eBooks. This act is legal in both the US and Russia but, under DMCA, it is illegal to disseminate the knowledge. After giving a talk at DEF CON, Sklyarov was arrested by FBI agents. After agreeing to testify against his employers, he was freed. [1] In fact, DEF CON, an annual gathering of computer security experts and amateur hackers, has often been marred by incidents. In 2005, Cisco used legal threats to stop security expert Mike Lynn from presenting on serious security flaws in Cisco networking equipment. Even though Cisco had already repaired the flaws (without informing its clients of the original vulnerability) and Lynn removed most of the technical details, Cisco threatened legal actions. Mike Lynn’s employer threatened to fire Lynn if he gave his presentation. In response, Lynn resigned from his position an hour before the presentation, gave the presentation, and asked the audience for employment opportunities. A few months later, he was hired by another computer security company. [1] Society’s Quantum Leap Society, both individuals and authorities, are still struggling to adapt to cryptographic innovations from fifteen years ago. What impact does the advent of quantum computing and quantum key distribution have on the laws governing cryptology? Quantum key distribution will almost certainly be restricted, since it would be a security and military concern. Decades after quantum key distribution is realized, perhaps quantum cryptography will be used for the encryption of all data, even trivial data such as movies and music. The existence of either a quantum-enabled one-time pad or an all-quantum cipher is a game-changer in many of today’s legal conflicts. The government will either violate 1st Amendment (free speech) and 4th Amendment (privacy) rights or accept that criminals, terrorists, and enemy nations will be able to communicate securely. Advocates for the first option will be able to paint a convincing picture of a future 19 filled with crime and terrorist attacks. If military researchers are first to find a way to feasibly implement quantum-secure networks, the academic field of cryptography could be endangered. A “reasonable expectation of privacy” will be much easier to demonstrate to a judge. However, with the main vulnerability of quantum cryptography being key disclosure subpoenas and key escrow schemes, those two issues will become major conflict topics. DRM will be not be able to be circumvented. As a result, current Fair Use rights will disappear. How can Sony let a school teacher copy a film for educational purposes when doing so requires a quantum-encrypted key. 20 Conclusion In an age of explosive growth of digital data storage and communication, cryptography plays in integral role in our society. It is a challenge to respect the serious concerns of national security and copyright protection while also safeguarding individual liberties. The main purpose of this report is to disseminate basic cryptographic knowledge and discuss the implications of such knowledge on our society. Furthermore, this report also confirms the feasibility and strength of quantum cryptography, highlighting an almost certain legal battle and information technology revolution. This report has accomplished its purpose. In conclusion, I list several recommendations for authorities and individuals to ensure that the right to privacy is not infringed upon. 1. Export controls should be switched from “prohibited until specified” to “allowed until specified.” The decision should be made more rationally, assessing if formal export controls would actually stop ciphers from reaching the wrong hands. 2. Businesses should respond faster to increases in computing power. It was not until 2010 when Visa and Mastercard prohibited merchants from using WEP, the vulnerable stream cipher. 3. Federal and State judges should be fairly briefed by both sides of the debate. Orin Kerr has considerable sway so the Electronic Freedom Frontier should be given an equal opportunity to brief the judges. 4. Authority should acknowledge the importance of peer review in cryptography. A published paper detailing a flaw in a cipher strengthens the cipher, because hackers, now often government-sponsored, may already know that vulnerability. 21 Works Cited 1. Committee to Study National Cryptography Policy. (1996). Cryptography's Role in Securing the Information Society. (K. Dam , & H. Lin, Eds.) Washington D.C.: National Academy Press. 2. Davis, J., Htet, A., Hoshi, Y., Liu, C., Jia, Y., Mack, P., et al. (2008, February). Broken Ciphers and Lost Secrets. Retrieved December 1, 2010, from http://www.lightupflorida.com: http://www.lightupflorida.com/groupproject/home/Broken%20Ciphers%20and%20Lost%20Secr ets.pdf 3. Ekert, A. (2005, November). Quantum Information Processing and Communication. Quantum Cryptography, 101-110. 4. Hellman, M. E., & Diffie, W. (1979). Privacy and Authentication: An Introduction to Cryptography. Proceedings of the IEEE, (pp. 397-427). 5. Kerr, O. S. (2001). The Fourth Amendment in Cyberspace: Can Encryption Create a "Reasonable Expectation of Privacy?". Connecticut Law Review, 503-533. 6. Lawton, G. (2001). Is Technology Meeting the Privacy Challenge. Computer, 16-18. 7. Singhal, A. (1996). The Piracy of Prvacy? A Fourth Amendment Analysis of Key Escrow Cryptography. Stanford Law and Policy Review, 189-210. Most figures were found in Wikimedia Commons and are categorized as fair use. Exceptions are: Figure 1 http://image.guardian.co.uk/sys-images/Technology/Pix/pictures/2008/02/01/SeaCableHi.jpg Figure 9 http://www.natlawreview.com/article/cryptographic-lock-baffles-fbi Figure 10 http://www.digicrime.com/escrow/ A Appendix Detailed descriptions of ciphers. RSA (Asymmetric/Public Key Cipher) [4] Note: The mathematical concepts of totients and modulos are not covered in detail in this report. ST is short for “such that.” 1. Choose two distinct prime numbers. p = 61 and q = 53 2. Compute n=p·q. n=3233 3. Compute the totients of product. For primes, the totient is maximal and equals the prime minus one. ϕ(pq) = ϕ(61·53) = (61-1)·(5301) = 3120 4. Choose any number e>1 ST e is coprime to 3120. e = 17 5. Compute d ST d·e ≡ 1 (mod ϕ(p·q)) d = 2753 (since 17 · 2753 = 46801 and 46801 mod 3120 = 1) Public Key: (n,e) or (3233, 17) Encryption function is Private Key: (n,d) or (2753) Decryption function is Example: Plaintext: m = 65 Ciphertext: c = 6517 mod 3233 = 2790 Decrypted ciphertext: m = 27902753 mod 3233 = 65 B B92 (Quantum Key Distribution using Polarized Light) [3] Given an optical cable, 2 polarizers, a light detector, a photon source, and an alternate (unsecure) method of communication: Rectilinear basis: 0 is up-down. 1 is left-right. Diagonal basis: 0 is bottom-left to upper-right. 1 is upper-left to bottom-right. Using a polarizer and light source, Alice randomly chooses which bit to send (0 or 1) and which basis to use to send the bit. She sends the photon, records the basis, bit, and time. Either Bob can measure rectilinearly or diagonally, which he chooses at random. If he measures a photon with the wrong basis, the photon is shifted into the measuring basis, but the result is random. Alice publicly broadcasts the basis in which each photon was sent and Bob broadcasts the basis in which each photon was measured. Trials measured with the wrong base (about half) are discarded and the rest of the bits are used a symmetric key. The beauty of the method is that Eve, the eavesdropper, cannot choose Alice’s basis correctly every single time. Hence, she cannot eavesdrop without changing the basis of Alice’s photon and erasing data. Erased data is measured by Bob as wrong bits, which can be discovered when Alice and Bob publicly exchange samples of their key. Once the key is established, data transmission using AES or other block-ciphers can proceed.