Encyclopedia of Computer Science and Technology

encryption 181Public key encryption allows users to communicate securely withouthaving to exchange their private keys. In part 1, person Apublishes a public key, which can be used by anyone else (such asperson B) to encrypt a message that only person A can read. In part2, person A encrypts a message with his or her private key. Sincethis message can only be encrypted using person A’s public key, personB can use the published public key to verify that the message isindeed from person A.mitted. Further, a user can distribute a message encryptedwith his or her private key that can be decrypted only withthe corresponding public key. This provides a sort of signaturefor authenticating that a message was in fact created byits putative author.In 1978, Ron Rivest, Adi Shamir, and Leonard Adelmanannounced the first practical implementation of public-keycryptography. This algorithm, called RSA, became the prevailingstandard in the 1980s. While keys may need to belengthened as computer power increases, RSA is likely toremain secure for the foreseeable future.Legal ChallengesUntil the 1990s, the computer power required for routineuse of encryption was generally beyond the reach of mostsmall business and consumer users, and there was littleinterest in a version of the RSA algorithm for microcomputers.Meanwhile, the U.S. federal government tried to maintaintight controls over encryption technology, includingprohibitions on the export of encryption software to manyforeign countries.However, the growing use of electronic mail and thehosting of commerce on the Internet greatly increased concernabout security and the need to implement an easy-touseform of encryption. In 1990, Philip Zimmermann wrotean RSA-based email encryption program that he calledPretty Good Privacy (PGP). However, RSA, Inc. refused togrant him the necessary license for its distribution. Further,FBI officials and sympathetic members of Congress seemedpoised to outlaw the use of any form of encryption that didnot include a provision for government agencies to decodemessages.Believing that people’s liberty and privacy were at stake,Zimmermann gave copies of PGP to some friends. The programsoon found its way onto computer bulletin boards,and then spread worldwide via Internet newsgroups andftp sites. Zimmermann then developed PGP 2.0, whichoffered stronger encryption and a modular design thatmade it easy to create versions in other languages. TheU.S. Customs Department investigated the distribution ofPGP but dropped the investigation in 1996 without bringingcharges. (At about the same time a federal judge ruledthat mathematician Daniel Bernstein had the right to publishthe source code for an encryption algorithm withoutgovernment censorship.)Government agencies eventually realized that theycould not halt the spread of PGP and similar programs. Inthe early 1990s, the National Security Agency (NSA), thenation’s most secret cryptographic agency, proposed thatstandard encryption be provided to all PC users in the formof hardware that became known as the Clipper Chip. However,the hardware was to include a “back door” that wouldallow government agencies and law enforcement (presumablyupon fulfilling legal requirements) to decrypt any message.Civil libertarians believed that there was far too muchpotential for abuse in giving the government such power,and a vigorous campaign by privacy groups resulted in themandatory Clipper Chip proposal being dropped by themid-1990s in favor of a system called “key escrow.” Thissystem would require that a copy of each encryption keybe deposited with one or more trusted third-party agencies.The agencies would be required to divulge the key if presentedwith a court order. However, this proposal has beenmet with much the same objections that had been madeagainst the Clipper Chip.In the early 21st century, the balance is likely to continueto favor the code-makers over the code-breakers.While it is rumored that the NSA can use arrays of supercomputersto crack any encrypted message given enoughtime, and a massive eavesdropping system called Echelonfor analyzing message traffic has been partially revealed, asa practical matter most of the world now has access to highqualitycryptography. Only radically new technology (seequantum computing) is likely to reverse this trend.Further ReadingCobb. Chey/ Cryptography for Dummies. Hoboken, N.J.: John Wiley& Sons, 2004.Henderson, Harry. Privacy in the Information Age (Library in aBook) 2nd ed. New York: Facts On File, 2006.“The International PGP Home Page.” Available online. URL: http://www.pgpi.org/. Accessed February 2, 2008.Levy, Stephen. Crypto. New York: Viking, 2001.Singh, Simon. The Code Book: the Science of Secrecy from Ancient Egyptto Quantum Cryptography. New York: Anchor Books, 2000.