Whitfield Diffie debugs an introduction to the cryptographic arts.
In the past 50 years, cryptography has gone from being one of the most secret activities of governments to one of the most publicised aspects of the computer revolution. Sophisticated cryptographic systems are embedded in web browsers, smart cards, cell phones, cable boxes, and gas meters. Typical computer users employ cryptography both knowingly and unknowingly to protect their email, their files, and their online transactions. Anyone with an interest in public affairs has heard pundits, such as this reviewer, explaining why cryptography is essential to privacy and democracy in a wired world or has listened to police officers and spies claiming that it must be kept out of the hands of drug dealers, terrorists, paedophiles, and other spies. Cryptography now features regularly not only in the business and science sections of newspapers but not infrequently on their front pages.
In such an environment there is a clear need for a popular introduction to the subject that conveys an understanding of what cryptography is, what it can do and how it does it. Simon Singh has attempted such an introduction in The Code Book - with mixed results.
Appropriately, Singh has taken a historical approach. Using the cipher-based trial of Mary Queen of Scots as his hook, he browses over early cryptography from the golden age of Greece to the Renaissance, then traces the path that leads from the discovery of polyalphabetic ciphers in the 15th century to the computer cryptography of today. This historical trek is punctuated by discussions of cipher systems and how to break them, including a quite readable crypt-analysis of the 16th-century Vigenere system, a polyalphabetic cipher considered unbreakable for centuries. In the first of several pronouncements on priority, Singh credits the breaking of Vigenere to the 19th-century computer pioneer Charles Babbage, whose papers show that he developed his attack in 1854, nine years before it was published by Friedrich Kasiski. Singh asserts, at first tentatively and later flatly, that Babbage was denied proper credit because the work was "classified" by the British government to gain an advantage in the Crimean war.
Most of the material to this point can be found in David Kahn's 1967 work The Codebreakers , but Singh has not merely edited and paraphrased this classic tome as others have done. He has instead concentrated on a smaller number of topics, fleshing them out with pages of charming but non-cryptographic historical detail. For recent developments he draws on materials that have become available in the years since Kahn's book appeared and on interviews with contemporary cryptographers.
Cryptography in the 20th century has been dominated by automation, both of encoding and of code breaking. The first world war's introduction of radio - which requires cryptography to achieve security -swamped the code clerks and their hand-encoding methods. Immediately after the war, four different inventors filed patents on automated polyalphabetic systems. Singh devotes his attention almost exclusively to Arthur Scherbius, originator of the German Enigma line of machines.
He says more than once that Enigma provided the Germans with the "most secure system of cryptography in the world", while simultaneously explaining how it was broken, first by the Poles, then by the British. An example is given to illustrate the British technique but, regrettably, this is far less clear than the earlier Vigenere example. He has also made the curious decision to call the essential rotatable elements "scramblers" rather than, as in both German and English, "rotors". This is non-standard and can only confuse a novice who follows the book's suggestions for further reading.
There is much to be said for Singh's concentration on Enigma, since Scherbius was commercially the most successful of the rotor inventors and variations of his design (including the British Typex) were widely used.
In a curious deviation from his view of priority in other cases, Singh barely mentions Edward Hebern, whose patent was filed earlier but whose work was essentially stolen from him by the US government, using the cloak of military secrecy. (Hebern's estate eventually received some compensation after a lawsuit in the 1950s.) Had he followed this trail, it would have led him to SIGABA, the most secure mechanical system of the second world war. Singh mentions SIGABA but does not describe it, despite its great importance and the fact that its details have recently been declassified. Also neglected are the other Axis systems. He mentions the German SZ40 cipher attachment but mistakenly remarks that it "operated in a similar way to the Enigma machine".
Singh's exploration of "conventional cryptography" effectively stops with the second world war and fails to follow the polyalphabetic system into its next incarnation, the shift register. There are a few words about "computer encryption" and mention of the "data encryption standard" but no mention of other US, British, and Soviet systems, let alone any attempt to explain their workings or trace their development. Instead, Singh turns to the field's most noted postwar development: public-key cryptography.
As practised in the second world war and through most of the cold war, cryptography could only be used within an organisation that had a substantial degree of cohesion. This is because the protection of communication with cryptography required the sender and receiver to share a secret key. Such a need to share identical keys often limits secure communication in multinational military operations. It would seem to render secure internet commerce, in which the buyers and sellers have intrinsically conflicting objectives and thus limited trust in each other, impossible. The solution is public-key cryptography and consists of cryptographic systems in which the sender and receiver hold associated but not identical keys, one of which, moreover, cannot be derived from the other.
Public-key cryptography has been invented not once but at least twice in the past 30 years, once very publicly by myself and my colleagues at universities in the US, and once secretly at GCHQ, the British signals intelligence organisation in Cheltenham. Who invented it first depends on what rules you adopt for priority. The British started earlier, ended later, and discovered slightly different things than we did. On balance, Singh plumps for the British and treats this as another case in which military secrecy deprived cryptographers of timely credit for their work. Here, the evidence for this view is clearer than in the case of Babbage and Kasiski.
Singh describes our discoveries, their discoveries, and my efforts to track down our taciturn British colleagues - James Ellis, Clifford Cocks and Malcolm Williamson - and determine the relationship of our work to theirs. He conscientiously seems to have interviewed all the available participants; certainly he talked to my wife and me for several hours.
Despite this, he did not ask us after the chapters were written to verify the details and has muddled much of what we and others told him. Errors range from the historically innocuous running together of my various visits with Ellis to serious errors like placing my 1976 talk at IBM in 1974. Such mispresentation of the history is regrettable because it will create a set of myths that must be addressed and corrected by all serious writers in the future.
In a chapter about the popular computer program Pretty Good Privacy (PGP), Singh merges discussion of public-key cryptography with discussion of the politics of cryptography, exploring the US and British governments' various efforts to force users of cryptography to place their keys where the governments could get at them. These have gone under such names as "key escrow", "key recovery", and "trusted third parties" and the success or failure of the governments' approach has yet to be decided. Singh concludes sagely that "the deciding factor will be whom the public fears the most - criminals or the government".
The book concludes with a chapter on quantum computation and quantum cryptography. Singh is a physicist and by all rights this should have been the book's crowning glory. Quantum computing allows computers to operate in "quantum-superposition", a more fundamental and far-reaching form of parallelism than any we have seen before. Quantum cryptography, by contrast, makes use of the "uncertainty principle" to create communications that will be destroyed by the attempt of anyone other than the authorised receivers to record them. Singh seems to overestimate both fields. He predicts that if quantum computers can be built, they will "imperil our personal privacy, destroy electronic commerce and demolish the concept of national security". In fact, although the impact of quantum computing on the currently popular public-key systems might be devastating, its impact on more conventional approaches appears significant but manageable. So far, quantum cryptography is far better developed than quantum computing and has been used in experiments over optical fibres many kilometres long. Singh speculates that quantum cryptography will sweep all other forms aside, ignoring the fact that quantum cryptography addresses a far more limited range of security problems than purely mathematical cryptography.
Surprisingly, despite an apparently ample technical background, Singh seems never to have achieved any real understanding of cryptography. A full list of errors would exceed the length of this review and a few examples must suffice. A procedure in which an Enigma machine starts in the same configuration for every message on a given day is described as "reasonably secure", but the alert student will note that it can be broken by a straightforward extension of the technique earlier applied to the Vigenere cipher. Modern factoring techniques are described as "not significantly better than ancient techniques", although since 1970 the size of factorable numbers has gone from 41 to 155 digits. Finally, we read that one-time pads - the only provably secure crypto-systems, as Singh rightly observes - are "hardly ever used"; in truth they have been used extensively by every major power.
The Code Book contains a plausible selection of material and for the reader new to cryptography it presents a welcoming, readable face. Unfortunately, this same reader will be misled at many turns. Singh has made a potentially worthwhile contribution to the popular literature of cryptography, but we can only hope that the publisher will limit the first edition to a single printing and produce a corrected second edition as quickly as possible.
Whitfield Diffie is distinguished engineer, Sun Microsystems, California, United States. He is one of the inventors of public-key cryptography and co-author with Susan Landau of Privacy on the Line: The Politics of Wiretapping and Encryption .
The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography
Author - Simon Singh
ISBN - 1 85702 879 1
Publisher - Fourth Estate
Price - £16.99
Pages - 402