Citation:
Levy, Steven. 2001. Crypto:
how the code rebels beat the government, saving privacy in the digital
age. Viking Press
Review:
Levy tells a story of how cryptography, the once well-guarded forbidden
field of National Security Agency, came into the hands of ordinary
people. This process not only involves mathematicians, computer scientists,
cryptographers, who represent academia, but also government agencies,
such as NSA, and IT industry, where patent dispute and competition
occurs with the commercialization of the technology. The basic rationales
behind public key are explained, as well as the stories of each major
player associated with the discovery and dissemination of public key.
It is a good introductory book for readers who are new to the world
of cryptography.
The story started with the legend of Whit Diffie, who would later
work with Marty Hellman to create the famous Diffie-Hellman algorithm.
The reader will see the growth of a "skeptical" and "arrogant"
young man, who probed his way into the world of cryptography, and
was finally struck by the idea of "public key". This breakthrough
was revolutionary because the general belief in cryptography before
him was that "the workings of a secure cryptosystem had to be
treated with utmost secrecy"1.
On the contrary, the idea of public key involved two keys, and one
of the keys would be openly available. In this way, it solved the
distribution dilemma of previous encryption techniques, such as "one-time
pad". Later, Hellman would partner with him to work out a cryptosystem
that could be realized by using some mathematical theory, called "discrete
exponentiation".
However there was still a considerable distance between mathematical
theory and reality. Three young computer science assistant professors
at MIT decided to bridge this gap. They were Ron Rivest, Adi Shamir,
and Leonard Adleman, the initials of whom created RSA algorithm. RSA
algorithm was based on an arithmetic challenge of resolving a large
composite number into their prime factors, which were multiplied to
create that large number. The beauty of this function is that it is
easy to calculate, but many times harder to reverse, a One-Way Function
suggested by Diffie and Hellman.
Their work were not carried out without pressure from a particular
government agency-National Security Agency (NSA). The dual role of
NSA2 , one of cracking
ciphers and providing as much intelligence to US government as possible,
and one of providing the US with the best possible codes so that their
data won't be cracked, made them nervous about advances of cryptography
in private sector. They manipulated National Bureau of Standards (NBS)
and National Institute of Standards and Technology (NIST) to pass
privacy standards that were technically acceptable for them, which
meant, powerful enough for other foes to break, but just weak enough
to be broken by NSA's supercomputers. They also tried to pressure
NSF not to fund research in cryptography, not to mention that they
guarded their own cryptographic research work from leaking from their
realm. When they found they didn't have the legislative power to curb
the private development of cryptography, they turned to International
Traffic in Arms Regulation (ITAR) code to forbid any export of "privacy
devices [and] cryptographic devices"3
, in an effort to stop cryptography at the border. However even this
attempt was doomed with the proliferation of Internet. In May 1991,
fifteen years after Diffie and Hellman published their paper: New
Directions in Cryptography, Phil Zimmermann put his encryption software-PGP
(Pretty Good Privacy)-on the Internet as freeware. Instantly, people
around the world had a weapon that could protect their private communication
from being intercepted by other people or government.
The story of selling crypto is both a familiar story of a start up
high-tech company, and an unfamiliar story, which involved more sensitivity
and governmental interference than other business. The initial failure
of RSA Data Security seemed to prove that scientific genius was one
thing, yet entrepreneurship was another. Therefore the reader will
see Jim Bidzos come to the main stage to rescue the company by exercising
his skills in salesmanship. Later, the reader will see patent disputes
arise between the two universities, MIT and Harvard. Competition and
license issues would occur among several product developers. But those
were just too familiar in the commercial world.
Critique:
By using storytelling style, Levy tells the story of crypto in a vivid
and dramatic way. This is both the book's virtue and shortcoming.
The focus of this book is on people and the political environment
they are in, instead of an in-depth explanation of crypto as a technology.
Therefore it serves as a good introductory book for readers who know
nothing about crypto and want to know something, such as what is "public
key", who are the creators, their thoughts, their personalities,
the difficulties they are facing, and the intricate play of government
agencies, legislations, and academia. Even for those who want to have
a try in the field of cryptography, they can use this book as guidance.
This book touches a variety of topics of cryptography and mathematical
theories, and can help the reader find information on what he/she
is interested. But still, although this book has achieved the effect
of riveting and interesting, people's personalities were simplified
and dramatized, thus compromising the authenticity of those characters.
Notes:
1.Crypto.p.35
2. Crypto. p. 228
3. Crypto. p.109