Interview: The golden age of cryptography Laura Spinney
Coded messages - once the domain of spies - now pervade our everyday lives, safeguarding our electronic transactions. So people like Jacques Stern, dubbed "the high priest of French cryptography", are in demand like never before. Laura Spinney caught up with him in Paris to discuss code-breaking, how encryption emerged from the world of government espionage, and how to send a completely secure coded message What cryptography problems have you worked on? I use mathematics to ensure the security of communications, and my team's work has been applied to electronic voting systems, online auctions, 3G telephones and chip-and-PIN payment systems. What that comes down to is proving that existing cryptographic systems are secure, or breaking them and finding better alternatives. I have advised companies and the French government, for example in the 1990s, when the internet was exploding and most governments were relaxing their restrictions on the use of cryptographic systems. What attracted you to this field? I trained as a mathematician, but was drawn to cryptography by the need for it in the real world. Mathematicians seek knowledge for its own sake; cryptographers are always mindful of the need to protect assets from an invisible enemy. Some of my maths teachers would have been delighted that their theorems were never applied. I prefer to say that I contributed to the security of the user authentification system offered by cellphone companies. I was also attracted by a paradox: how two parties could exchange coded information without first meeting to share a secret key - a step that could be intercepted by a third party. In cryptography, a key is information about how to encode or decode a message. Has that paradox been solved? Until 1976, cryptographers would have told you this was impossible to solve. Then US cryptographers Whitfield Diffie and Martin Hellman proposed a solution called public-key cryptography. In this, each user has two keys: one that he makes public and one he keeps secret. The public key is used for encryption, the private key for decryption. The strength of this system lies in the fact that while the public key can be derived from the private key via a mathematical function, the reverse is not true. So you can transmit the public key over an insecure channel without worrying that an eavesdropper will decrypt the message. This system now protects most e-commerce. Why do you call this the golden age of cryptography? Around this time, cryptography stepped out of the shadows. It stopped being the exclusive domain of government and the military - though the officer sitting in the basement of the embassy, decoding messages, still exists. This was partly due to the US adopting a standard method for encrypting data in 1977, which meant that makers of commercial cryptography systems had a norm to work to. Without cryptography it would be hard to imagine the internet working in the way it does today. It would be impossible to carry out financial transactions online, for example. You have argued that cryptography has driven computer science. How? In the 1980s, computer science was a young and rapidly advancing field, and cryptography had to keep up with it. The two have been intimately linked ever since. As hardware has become cheaper, cryptographic devices have been used in more and more commercial applications, such as cash dispensers and ticket machines. In turn, those applications need better cryptographic systems - for example, digital signature schemes that allow recipients to verify that a message hasn't been tampered with. It has been a lively few decades, with many profound discoveries. Such as? One of the most popular public-key systems is called RSA, after its inventors, Rivest, Shamir and Adleman. Earlier I told you that the private key cannot be deduced from the public key. However, with today's powerful computers, it can be done. In RSA, the public key comes from multiplying two prime numbers, which together constitute the private key. Ten years ago it was possible to deduce the private key from a public key of up to 130 digits. Today that figure is closer to 200. For this and other reasons, people have been looking for alternatives to RSA. IBM proposed one in 1998, which our team broke - that is, we showed it wasn't secure. Isn't that erosion of RSA's strength worrying for the banks that use it to protect their operations? Only if you believe in absolute security, which most cryptographers don't. Erosion of key security is to be expected as computers become more powerful, just as Olympic athletes erode sporting records. A more practical approach is to ask if your keys are proof against the most powerful computers available. Cryptographers monitor these things closely, and they increase the size of the keys as they need to. A few years ago, an alternative to RSA was proposed, called SFLASH, which draws its keys from a different branch of mathematics to RSA - multivariate algebra, as opposed to number theory. SFLASH was almost adopted as a European standard for protecting low-cost smart cards. Our group broke it wide open last year and it had to be abandoned. That was extremely rewarding, because we prevented future disasters. The RSA system draws on the work of the 18th-century mathematician Leonhard Euler. Why don't cryptographers exploit up-to-the-minute findings? Euler was one of the greatest mathematicians since the Greeks. To do as you suggest, a cryptographer would have to be as brilliant as Euler, and inventive like Rivest, Shamir and Adleman. People like that are rare. Is there any way to ensure absolute security when transmitting information? Yes, with a key that is as long as your message, that you use only once and then discard. This is the "one-time pad", which was used to protect the hotline from Washington DC to Moscow during the cold war. Each side created its own keys and delivered them via their embassy in the other country. The other approach is quantum cryptography. Will the next age of cryptography be the quantum age? Cryptographers provide a guarantee that a system can withstand a certain amount of computing power. Quantum cryptography exploits the laws of physics to generate a key, so the guarantee it offers is independent of computing power. In that sense it is superior to existing methods, but it also comes at a superior price. This is a problem because mainstream cryptography costs virtually nothing, as it depends on computers that exist mainly for other purposes. What is the next challenge for cryptography? I think the next battle will be over privacy. People will discover that their personal information is being stored in large warehouses in remote jurisdictions where it may be legal for other people to look at it. I don't think we are there yet, but it's a worrying prospect. In future, people will look to cryptographers to protect their privacy. Profile Mathematician Jacques Stern turned to computing and cryptography in the 1980s. Since 1996 he has headed the Laboratory of Computer Science at the Ecole Normale Superieure in Paris, an incubator for cryptographers. In 2006 he was awarded the gold medal of the French national research agency, CNRS, in recognition of his life's work. His book on cryptography, La Science du Secret, was published in 1998 by Odile Jacob. To unsubscribe send a message to [email protected] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
