In 1976, Whitfield Diffie and Professor Martin Hellman published New Directions in Cryptography, a seminal work that laid the grounds for modern security systems, online privacy and e-commerce as we know it. Considering that the pioneering pair envisaged a world that was so far advanced from anything possible at the time, the scale of their vision’s accuracy over four decades later is nothing short of incredible.
For their irrefutable contributions to security, intelligence, the world of business and modern internet culture, on March 1 the Association for Computing Machinery (ACM) awarded Diffie and Hellman the 2015 ACM Turing Award. Often referred to as the ‘Nobel Prize of computing’, the prestigious accolade is the highest honour for those in the field.
“Most members of our community do remarkable things during their careers. Some do truly groundbreaking and impactful things, and those special individuals are recognised through the ACM Turing Award”, explained Alexander Wolf, President of the ACM and Professor of Computing at Imperial College London. The pair’s new approach to cryptography was so significant that a whole new academic discipline was founded off the back of it, together with thousands of careers in the subsequent decades.
By the time of the Second World War, cryptographic machines were widely used, which led to significant (mostly secret) developments in mathematical and practical cryptography
The $1m prize, which is partially funded by Google, will be shared between the two, who both intend to continue their respective work. Hellman has spoken about continuing his study of nuclear security, as well as co-authoring a new book about peace and sustainability with his wife, while Diffie plans to fill a current gap in the discipline and compile a detailed history of cryptography.
Lessons of the past
By the time of the Second World War, cryptographic machines were widely used, which led to significant (mostly secret) developments in mathematical and practical cryptography. Thanks to the lapse of time required for declassification, far more is now known about this period than ever before. This includes the work of Polish scientists Marian Rejewski, Jerzy Róžycki and Henryk Zygalski during the 1930s in decoding ‘Enigma’, the electromechanical rotor cipher system used by the Nazis to encrypt secret communications. Their work was then carried on by Alan Turing, the namesake of the ACM’s prominent prize, which led to various other breakthroughs in variants of the Enigma system.
A major advance then took place as a result of Claude Shannon’s 1949 paper Communication Theory of Secrecy Systems and his subsequent book Mathematical Theory of Communication. However, although these works effectively established a theoretical foundation for cryptography and cryptoanalysis, the discipline soon disappeared back into the realm of secret intelligence, and nothing new appeared (at least publicly) until the 1970s.
“The notion of encrypting information with a ‘key’ had been around for centuries by the time [Diffie and Hellman] began their work”, said Wolf. Prior to Diffie and Hellman’s discovery, the symmetric key cryptosystem that was critical to national security agencies involved the same algorithm being used by both sender and recipient. This system required that all relevant parties had access to it, as well as a specific key, which made exchange highly problematic. With the addition of further parties, the challenges were magnified.
“Think of it as a special language or set of codewords that communicating parties agreed upon to support secure communication”, said Ryan Rubin, an MD at Protiviti. “The challenge was how to get these parties to agree on the secret key prior to their secure communication.” As has been so often portrayed in films, couriers with a briefcase handcuffed to their wrists, carrier pigeons or clandestine meetings in dark doorways often made the process unmanageable and unreliable.
Lock and key
The Diffie-Hellman (DH) Key Exchange offered a new approach that was controllable by means of an asymmetric system and thus more secure than previous methods that relied on pre-shared symmetric keys. Using a pair of keys that were different from one another yet mathematically related, it became possible to have a public key for encryption and a private key for decryption. Importantly, the public key could not be used to decipher the private key, even through computer-generated calculations and despite the two being interrelated.
“DH thus enabled two parties to communicate securely with each other without them prearranging a secret key, thereby enabling the parties to share a common secret over an insecure communication channel, which is critical for all secure communication, for example on the public internet”, Rubin said. Moreover, only one pair of keys is needed for communication per participant, despite the number of recipients that may be involved, making widespread distribution of highly secure cryptosystems possible for any individual or organisation.
Digital signatures are another key feature of today’s secure communication channels that were introduced by Diffie and Hellman. By reversing the process sequence order, the pair showed digital signatures could be used to detect if a message remained unchanged by the legitimate sender. Unlike written signatures, which stay intact even if the contents of a letter or cheque are altered, maintaining the integrity of the message and detecting whether it has been tampered with becomes easier to achieve when using digital counterparts. This offers more reliability in transmitting uncompromised information, as well as increased accountability for the person that has transmitted it.
“In the case of digital signatures, the owner digitally signs a message using their private key and then allows anyone who reads their signature to decode it with their public key”, said Rubin. “This is in contrast to the case of encryption use, where the sender encrypts a message with the receiver’s public key and then enables the receiver to decode it with their private key.”
This development was crucial in modern computer security, trusted computing, and personal data protection; for example, digital signatures used to validate digital certificates enable a web browser to verify that a financial institution is legitimate when banking online. Similarly, software can be digitally signed or sealed by authorised and approved software developers, enabling software companies and their consumers to verify the authenticity of a code and, for example, ensure that only Apple-approved software is downloaded and run on an iPhone.
Unsurprisingly, the 1979 revolution in cryptography, given the implications for both business and personal privacy, was met with a huge backlash from the US National Security Agency. Prior to Diffie and Hellman’s public discovery, the discipline was very much confined to the realm of secret agencies, and was used as another form of weaponry between nations. Placing such a precious tool in the hands of everyday people repositioned a great deal of power against security agencies and their respective governments. In fact, the use of cryptography was so controversial that various states tightly restricted its export. Most notably, the export of cryptography keys longer than 40 bits was prohibited in the US right up until 1996.
Despite the leaps and bounds achieved in technology, the controversy surrounding cryptography has not ebbed since Diffie and Hellman published their instrumental paper – it has actually become even more complex. Tech companies, legal professors and NGOs are making a stand for privacy and against the invasion of it by governmental organisations – regardless of their reasons for doing so. Essentially, the use of cryptography is an issue that greatly affects every individual and user of technology, which makes Diffie and Hellman’s paper all the more astonishing. “When they published New Directions in Cryptography in 1976, they imagined a future world where people would regularly communicate through electronic networks; this was by no means obvious at the time, although ubiquitous now”, said Wolf.
“Public key cryptography, as with other disruptive technologies, has been of great use to mankind in pushing us forward and advancing our ability to communicate, transact and carry out business in the digital world”, Rubin added. “Public key cryptography is also the foundation behind the first cryptocurrency, the Bitcoin, and also its supporting distributed ledger, the blockchain, which is set to become an extremely disruptive technology in the future. Our smartphones, credit cards and even home wireless networks all use some form of public key cryptography to encrypt data, digitally sign transactions and/or uniquely identify us to all those we communicate with.”
With so many uses and possibilities, cryptography is an almost sacred tool in the continued advancement of technology and, in essence, the human race. It is vital in our everyday lives and in protecting everything that is critical to our individual and universal success. Undoubtedly, there are parties who use this sophisticated level of encryption to carry out heinous crimes and bring danger to the innocent. And yet, unfortunately, such actions would not cease if privacy was deniable – arguably, they could worsen. Ultimately, attaining the greater good demands the protection of this inalienable right, no matter the associated risks.