For most Americans, today is just another Wednesday, but for privacy advocates it is a day to celebrate. Today marks 17 years since U.S. Patent #4,405,829, “Cryptographic Communications System And Method,” was granted, and with this coming of age, enters into the public domain. Although RSA Security, the company formed by the patent’s inventors jumped the gun and released the algorithm into the public domain earlier this month, the nationwide parties to celebrate the patent’s expiration will go on as planned.
“RSA Security’s commercialization of the RSA patent helped create an entire industry of highly secure, interoperable products that are the foundation of the worldwide online economy,” said Art Coviello, chief executive officer of RSA Security. “Releasing the RSA algorithm into the public domain … is a symbolic next step in the evolution of this market, as we believe it will cement the position of RSA encryption as the standard in all categories of wired and wireless applications and devices.”
Indeed, “c = me mod n” is used by millions of people every day as they make purchases with credit cards, withdraw money from ATMs, talk on cellular phones, bank online, and send secure email.
But to understand why this invention excites privacy advocates, requires a brief history of cryptography. For years, cryptosystems — the systems that transform messages into random gibberish (cyphertext) and back into intelligible text (plaintext) — relied on what was known as a “symmetric key.” These systems required that both the sender and receiver of a message use the same key to encrypt and decrypt messages. This system works extremely well, and there are still symmetric key systems in use, but two problems with symmetric key systems became apparent as companies and governments relied more and more on encryption to secure their communications from eavesdroppers.
The first problem was that the keys had to be replaced often, usually once a day, or in some cases, after one message. This required a great number of keys, and with numerous branches over the world, transporting new key sets securely to every location became a logistical nightmare.
The second problem was that the system was closed to outsiders. If Alice wanted to send Bob a message securely, she would need to contact Bob and arrange for Bob to send her a key. Again, the security of the system relied on the secure transfer of the key, not the strength of the system itself.
Then, in 1976 Whitfield Diffie discovered a solution. He realized the logistical problems of key distribution would be rendered moot if there was a way that Alice and Bob could use different keys to encrypt and decrypt messages. Collaborating with Stanford University electrical engineering professor Martin Hellman, he devised a way of splitting the key into two parts, a private key, which would be held closely to the recipient of a message, and a public key, which could be widely distributed. Now Alice could use Bob’s public key to send him an encrypted message, which he would decrypt using his private key. This method, known as “asymmetric — or public — key cryptography” would also eventually be adapted so that users could verify the identity of a message’s sender. Alice could “sign” a message with her private key and encrypt it using Bob’s public key. Bob then would decrypt the message with his private key and apply Alice’s public key to verify that it was, indeed, Alice who sent him the message.
But it was not until 1977 that three scientists at the Massachusetts Institute of Technology (MIT) — RSA’s Ronald Rivest, Adi Shamir, and Leonard Adelman — discovered a practical application for Diffie’s theory. They cleverly exploited the mathematical truth that multiplying two large prime1 numbers ( P and Q ) together results in a larger number, ( N ) from which it is incredibly difficult to resolve the original two prime numbers. From this they developed the algorithm described in U.S. Pat. #4,405,829.
graphic © RSA Security, Inc.
But what does this mean for consumers? Now that software developers can use the RSA algorithm free of charge, secure communication should become cheaper and more commonplace. As more consumers use the Internet for shopping, banking, and communicating, security, and the peace of mind it brings, will become more and more important.
However, the government becomes queasy when people start communicating in a manner that cannot be overheard. Numerous government initiatives have sought to restrict the use of encryption from export controls, to the deliberate weakening of cryptosystems, to key “escrow” systems, such as the clipper chip initiative, that would require encryption users to provide government with copies of their personal keys.
So while the economic barriers to the widespread use of encryption have been knocked down, there still exists a threat from government regulation in the technology sector. Only vigilance from an informed public can ensure that the right of citizens to communicate privately will endure in the 21st century.
1 A prime numbers is one that only has two factors, namely 1 and itself, i.e. 3, 5, 7, 11, 13, 17, etc.