“MIT Unlocks Cryptography for the Masses” How MIT People Played a Major Role in the Early Development of Public Key Cryptography

Home , Martin Hellman, Ron Rivest, Whitfield Diffie

“MIT Unlocks Cryptography for the Masses” How MIT people played a major role in the early development of public key cryptography.

by Ed Radlo ‘67 May 30, 2020

1 Why is PKC important?

 It’s what made it possible to conduct confidential (encrypted) communications over open (unsecure) networks, most notably the Internet. • enabled e-commerce • enabled confidential (encrypted) e-mails over unsecure networks  PKC is a two-sided coin: encryption and authentication. • Running the algorithm in forward gives encryption. • Running the algorithm in reverse gives authentication.  Authentication, implemented by digital signatures, gives three things: 1. mathematical proof that the message hasn’t been altered 2. mathematical proof that the nominal sender was the actual sender 3. the sender can’t repudiate that s/he sent the message

2 History of Encryption  Has been around for thousands of years. • Used by Egyptians and Phoenicians in 2000 B.C. • Mostly military applications. • Same key used for encryption and decryption (symmetric cryptography). • PKC is asymmetric cryptography.  In the 1970’s, computers became increasingly widespread. • DES was the first widely used commercial encryption algorithm  developed by IBM  symmetric  NBS (now NIST) made it a government standard in 1977  NSA made it intentionally weak o government had a monopoly until 1970’s o fear that encryption would get in the wrong hands 3 The Public Key Revolution  PKC per se invented by Whitfield Diffie and Martin Hellman in 1976. • Whit Diffie – MIT ‘65 • Marty Hellman – assistant professor of Electrical Engineering at MIT (1969 – 1971)  Three parts to the invention: 1. key broken into two – public portion and private portion  computationally infeasible to derive the private key from the public key  Rivest and Hellman also credit Ralph Merkle with this part 2. key exchange over open networks 3. digital signatures  “New Directions in Cryptography” (IEEE 1976) • no practical implementation • NSA tried to suppress publication under ITAR (national security) • Pushback led by Niels Reimers of Stanford (academic freedom) founded Stanford, U.C. Berkeley, and UCSF Offices of Technology Licensing (OTL) was loaned to MIT to “reform” the MIT OTL

4 Diffie and Hellman June 2016 edition of Communications of the ACM also on cover 5 Diffie and Hellman’s Seminal Paper

6 Rivest, Shamir, and Adleman  Three MIT Ph.D’s who invented RSA algorithm in 1977. • Ron Rivest is now an MIT Institute Professor  First successful implementation of PKC.  Based upon difficulty in factoring the product of two large prime numbers.  RSA algorithm became very popular and successful over time. • Software implementing RSA algorithm is the most widely used software in history. • R, S, & A assigned their invention to MIT, which patented it as U.S. 4,405,829 (issued 1983) • Patent was written and prosecuted by patent attorney Mark Lappin – MIT ’64 7 S, R, and A in 1978 at MIT 8 The RSA patent VectorStock.com/1687101 ® ® VectorStock 9 Much PKC Patent Litigation in the 1990’s  The validity of the RSA patent was at issue in federal district court litigation between 1994 and 1996.  Public Key Partners (PKP) joint venture: • Cylink Corp. (hardware) • RSA Data Security, Inc. (software)  started by R, S, and A in 1983  MIT was third party intervenor in January 1995 • Five of us at Fenwick & West LLP represented MIT.  The validity of the RSA patent was recognized by all parties when the litigation settled in December 1996. • There was never any trial. • The settlement gave a boost to exclusive licensee RSA Data Security, Inc.  RSADSI was able to establish a toehold in the field of non-governmental use of encryption  important because the government was trying to stifle the technology using export control law • MIT collected royalties until 2000  Other patent litigations involved Stanford. • Stanford had three PKC patents • Interference with MIT’s patent 10 Lingering Issues of PKC  U.S. government still regulates the export of encryption items. • no regulation of the authentication side of the cryptography coin • gradual loosening of regulations since 1995  exports now regulated by Commerce Department, not State Department  very complicated regulations  FBI and other LE still want backdoors into encryption algorithms to fight crime. • but nefarious entities could also enter the backdoors • a nefarious entity could be someone associated with the government  PKC is slow compared to symmetric cryptography. • bit lengths forced to get longer and longer as computers get faster and faster • used primarily to set up an encrypted channel (e.g., VPN, SSL, TLS) o symmetric encryption then takes over  Technical threat from quantum computing and its projected great computational power.

11 Stay Safe!

Ed Radlo Radlo & Su Silicon Valley, CA www.radloip.com [email protected]