sign in sign up
<<
Home , Simon Singh, The Code Book

rev-reeds.qxp 1/11/00 1:42 PM Page 369

Book Review

The Code Book: The Evolution of Secrecy from Mary, Queen of Scots to Quantum Reviewed by Jim Reeds

The Code Book: The Evolution of Secrecy from events. This makes Mary, Queen of Scots to Quantum Cryptography coherent exposition difficult. Almost every Doubleday Books, 1999 war, however, has no- ISBN 0-385-49531-5 table instances where 402 pages, $24.95 some cipher message solution foils a plot or It is hard to write a good book about the his- wins a battle. Here it tory of cryptography. The subject is technical is easy to connect the enough to be a turnoff for many readers. The ev- cryptographic or idence a historian of cryptography works from is cryptanalytic techni- often suspect. Because much of the practice and calities with particu- research in the field was carried out in secret, any lar historical events, particular document or interview must be viewed but a book that relies with suspicion: did the author or interviewee know too much on such in- the full truth? Healthy suspicion about the com- stances becomes in effect no more than an adven- petency of sources is of course appropriate in all ture story anthology. branches of historical research, but in the history So it is no surprise that there are few general of cryptography the proportion of misinformed or surveys of the and fewer deceptive sources is probably greater than gener- good ones. The rule of thumb seems to be one new ally found in the history of science or of technol- book every thirty years. ogy. The historian’s standard technique of precise In 1902 and 1906 Alois Meister published his and thorough citation of documentary evidence is immensely scholarly Die Anfänge der Modernen Diplomatischen Geheimschrift and Die Geheim- therefore especially important in the history of schrift im Dienste der Päpstlichen Kurie, repro- cryptography. Unfortunately, for popular works ducing and summarizing texts relevant to cryp- this technique can mean death to readability. tography in the late medieval and early modern In cryptography technical developments often periods. The readership cannot have been large. came in reaction to events and activities which were At the opposite extreme of readability was the at the time secret or, conversely, had ceased to be se- 1939 Secret and Urgent: The Story of Codes and cret. If we do not understand the “who knew what Ciphers by the journalist and naval affairs com- when” details correctly, our reconstructed timetables mentator Fletcher Pratt. The book presented a for technical progress seem to show puzzling fits and breezy series of thrilling anecdotal historical starts, apparently unconnected with contemporary episodes involving ciphers and code-breaking ex- Jim Reeds is at AT&T Labs, Florham Park, NJ. His e-mail ploits. Each episode came complete with Sunday address is [email protected]. supplement-style character sketches and just the

MARCH 2000 NOTICES OF THE AMS 369 rev-reeds.qxp 1/11/00 1:42 PM Page 370

right amount of technical information about the ci- episodic snapshot method. His remaining three pher or in question. The technical dis- chapters are based mostly on personal interviews cussions were not always tightly bound to the fac- with leading participants. Chapter 6 describes the tual historical setting: although they were always invention and early development of public key illustrative of the type of ciphers involved in this cryptography by W. Diffie, M. Hellman, R. Merkle, or that historical episode, they were not necessar- R. Rivest, A. Shamir, and L. Adleman in the U.S., and ily verbatim transcripts of documents in archives. independently, but in secret, by J. Ellis, C. Cocks, Pratt thus managed to make the technicalities—al- and M. Williamson in the U.K. Chapter 7 describes ways clearly explained—seem important and man- the current controversy about the proper role of aged to teach a bit of history in the nonrigorous way cryptography in a free society: personal freedom a historical movie or novel might teach a bit of his- versus the interests of the state, privacy versus tory. Like many others, I was inspired by this book wiretapping, key escrow, export of strong cryp- when I read it in my early teens. It was only much tography, and so on. The final chapter describes later that I came to realize that its lack of bibliog- quantum cryptography, the new system of com- raphy and detailed footnotes made it useless as a munications made untappable by exploiting the fact serious history of cryptography. that the polarization of a photon is altered when In 1967, about thirty years after Pratt’s book, a it is measured. much more serious book appeared, The Code- The good news is that Singh’s book has all the breakers, by David Kahn, also a journalist, but one good qualities of Pratt’s. Unfortunately, Kahn’s with a far sterner approach to standards of docu- criticism of Pratt’s book also applies to Singh’s mentation. Where Pratt had two pages of notes and book. Almost every page has small errors of fact. no literature references, Kahn gave 163 pages. Kahn’s In many places it is clear that Singh does not re- method (which he pursued over many years with ally understand the material he copies from his great energy) seems to have been simply this: to read sources. Many of these errors are of little conse- everything about cryptography in all the world’s li- quence when taken individually, but their cumu- braries and archives, to interview all cryptographers, lative effect is to destroy a knowledgeable reader’s and to write it all down as sensibly, as accurately, and confidence in the author’s standards of accuracy. with as much detail as possible; his book has 1,180 Here are just a few examples: pages. This is the book I read when I was in college. • On page 128 Singh describes the wired code By then I had grown up enough to appreciate Kahn’s wheels of the Enigma cipher machine (the “ro- comment in his preface that although his love for tors”, which he oddly calls “scramblers”): “The cryptography had also been sparked by Pratt’s book, scrambler, a thick rubber disc riddled with he was disappointed in the book. Kahn bemoaned wires…” But the Enigma’s rotors were not Pratt’s “errors and omissions, his false generaliza- made of rubber but of aluminum, brass, and tions based on no evidence, and his unfortunate Bakelite. Singh may have misunderstood a sen- predilection for inventing facts.” tence on page 411 of Kahn’s book: “The body Unfortunately, Kahn’s book was published a of a rotor consists of a thick disk of insulat- short time before the facts about the Polish and ing material, such as Bakelite or hard rub- British success in breaking the German Enigma ci- ber…”, accurately describing the rotors, not of pher of World War II became publicly known and an , but of a different cipher also a short while before the amazing invention of machine. the new number-theoretical “public key cryptog- • On page 168 Singh states that A. M. Turing (in raphy” techniques now pervasive in computers his 1937 paper “On computable numbers, with and the Internet. As a result, these interesting and an application to the Entscheidungsproblem”) important topics received no treatment. called “this hypothetical device a universal Tur- Now, thirty years after Kahn’s book, a new his- ing machine [Singh’s italics].” But of course the tory of cryptography has appeared, again by a jour- terms “Turing machine” and “universal Turing nalist: Simon Singh’s The Code Book: The Evolution machine” were not used by Turing himself; a of Secrecy from Mary, Queen of Scots to Quantum glance at his paper shows he used “computing Cryptography, a bestseller in England in its first machines” and “universal machines”. months of publication. Singh states in his preface that • On pages 187–8, Singh states that the British “In writing The Code Book, I have had two main ob- WWII code-breaking organization, the “Gov- jectives. The first is to chart the evolution of ernment Code and Cypher School”, was dis- codes…the book’s second objective is to demon- banded after the war and then replaced by an- strate how the subject is more relevant today than other, the “Government Communications ever before.” Headquarters”, or GCHQ. In fact, the change Singh’s first five chapters cover the history of occurred in 1942 and was one in name only. cryptography up through the end of the Second • On page 191 Singh claims the American break- World War, summarizing material found in earlier ing of the Japanese “Purple” cipher enabled the books and journal articles, presented by the naval victory at Midway and the assassination

370 NOTICES OF THE AMS VOLUME 47, NUMBER 3 rev-reeds.qxp 1/11/00 1:42 PM Page 371

of Admiral Yamamoto. In fact, these were due chiffre indéchiffrable. But Kahn (whose book ap- to the breaking of the “JN-25” code. “Purple” pears in Singh’s list of references), on page 107, was a machine cipher, roughly equivalent to shows an example of a homophonic cipher, la- the German Enigma, whereas “JN-25” was a belled as such, from 1401, about three centuries hand system relying on code books and ran- before Singh’s invented invention. dom number tables. A different kind of misunderstanding occurs in Singh’s unfamiliarity with the technical vocab- the discussion of the attack on the German Enigma ulary used by his sources seems to have led him machine in the early 1930s. The mathematical basis into a more serious mistake in the first two chap- for the initial Polish success was the well-known fact ters. To explain this, I must first summarize ma- that the cycle type of a permutation is invariant un- terial in Kahn’s chapters 3 to 6. der conjugation: when one writes the permutations From before 1400 until about 1750 only one and 1 as the products of disjoint cycles, the kind of encryption method was widely used (al- same lengths appear with the same multiplicities. On though others were discussed in books). This pages 148–54 Singh explains very clearly how Mar- method used what were called at the time “ci- ian Rejewski applied this fact to the problem of re- phers” or “keys”. A cipher was a collection of ar- covering German Enigma keys. If ever there was a bitrary symbols or numbers that substituted for let- real-world story problem handed to mathematics ters, syllables (or other letter sequences), names, teachers on a silver platter, this would be it. and common words and phrases found in plain text. The sample permutation Singh uses to illus- By 1700 ciphers with as many as 1,000 or 2,000 sub- trate the Enigma application decomposes into stitutions were common, and even larger ones with cycles of length 3, 9, 7, and 7. (Here, of course, the as many as 10,000 or 50,000 substitutions were in permutation is a permutation of the 26-letter al- use later on. Although the general trend was to- phabet: 3+9+7+7=26.) But here is the kicker. wards greater size and complexity, throughout The permutations which actually occur in the this period ciphers of widely varying size and com- Enigma application are of the form = , where plexity were used. Modern scholars have used a va- and are each the products of 13 disjoint riety of terms—more or less interchangeably—for 2-cycles. This forces to have even cycle length this cryptographic genre, including “homophonic multiplicities, which Singh’s example does not cipher”, “nomenclator”, “code”, “code chart”, and have. That is, Singh presents an imitation exam- so on, as the original terms “cipher” and “key” are ple, not an example of an actual Enigma per- no longer precise enough to distinguish these mutation he has worked out. This is perfectly ad- methods from more modern ones. equate for illustrating the mathematical fact of At the same time a theory for another kind of the invariance of cycle type under conjugation, cryptography was being developed, discussed, and but will not do for illustrating the historical facts elaborated in successive printed cryptography of Rejewski’s solution of the Enigma cipher. books all through the 1500s and into the 1600s. This is as if a historian of trigonometry, de- The set-piece example of this new kind of cryp- scribing some early work, wrote: “In a right trian- tography, the “Vigenère” cipher, also known as gle with sides of lengths 2, 3, and 4, the angle op- chiffre indéchiffrable, was more algebraic in nature, posite the side of length 2 was found by taking the based on Latin squares and what we now know as inverse sine of the ratio of the opposite side to the modular arithmetic. This kind of cryptography hypotenuse, in this case arcsin(2/4) = 30 .” The was slow to gain acceptance: although available for formula is correctly stated and worked out, but ap- use in 1575, it was not actually used until the mid- plied in an impossible context. Which is the worse 1600s, and then only sparingly. Even at the end of fault: Singh not bothering to use an actual histor- the 1700s Thomas Jefferson’s adoption of the Vi- ical—or even realistic—example, or not knowing genère cipher by the U.S. State Department was an that his example is unrealistic? innovation, and when he left office, the department Singh does better in the remaining chapters, reverted to the older nomenclator technology. Only where the story line and technical explanations de- in the nineteenth century did the Vigenère cipher rive from interviews. His interviewees’ personali- come into common use and serve as a basis for fur- ties are clearly visible, and the technical explana- ther technical developments. tions are usually comprehensible.1 Singh, however, seeing one author use the term Chapter 6, about the invention of public key “nomenclator” to describe a cipher in use in 1586 cryptography, repeats the stories which have been and another author using the term “homophonic told in public lectures by Diffie, Hellman, and cipher” to describe one in use in 1700, supposes Shamir about their discovery of the basic ideas of the two ciphers to be different kinds of things. And he invents a theory explaining why the latter kind 1Whitfield Diffie, however, has complained in a book re- was devised: he says on page 52 that the “homo- view ( Times Higher Education Supplement, 10 Septem- phonic cipher” was invented in Louis XIV’s reign ber 1999) that not everything he told Singh was accurately to serve as a more practical alternative to the reported.

MARCH 2000 NOTICES OF THE AMS 371 rev-reeds.qxp 1/11/00 1:42 PM Page 372

one-way functions and public key cryptography, as awarded credit. Righting such imagined wrongs is well as their discovery of the number-theoretic ex- not what history is about. amples based on modular exponentiation and the Chapter 7, based on interviews with the PGP difficulty of factoring. More interesting is Singh’s (Pretty Good Privacy) programmer Philip R. description of the secret and somewhat earlier in- Zimmermann, concentrates on the currently un- dependent discovery of these ideas by Ellis, Cocks, settled matter of the proper role of cryptography and Williamson at the GCHQ, the secret British in a free society. Zimmermann represents the lib- government cryptography organization. GCHQ has ertarian side: the people should use—must use, if recently “gone public” in this matter, making Cocks they do not trust their government—the strongest a media celebrity by GCHQ standards. (The chronol- kind of cryptography they can. Governments, how- ogy of this matter is somewhat hard to assess be- ever, remembering the invaluable results of crypt- cause not all the relevant GCHQ files have been analysis during the Second World War (and pre- made available. One result, the Diffie–Hellman ex- sumably since then) would wish to somehow keep ponential , seems not to have been the strongest forms of cryptography out of the first discovered by GCHQ.) hands of potential enemies. As the target of a In this chapter Singh spends many pages dis- grand jury investigation, Zimmermann suffered cussing the matter of priority of scientific discov- from the American government’s embarrassingly ery, exulting in the recent declassification of the inept way of trying to make up its mind on this pub- lic policy issue. earlier GCHQ work as if an injustice had been The final chapter returns to the purely techno- righted. This vision of the abstract reward of logical, with a discussion of quantum cryptography. “credit”, based on strict chronological priority, dis- Here again, interviewees (D. Deutsch and C. Bennett) tracts Singh from looking at the historically more carry the story along. The description of the basics interesting questions of influence of ideas. These of quantum mechanics is painfully incoherent, that include: how were the initial GCHQ discoveries of quantum computing is superficial and vague, but understood by the discoverers’ colleagues at the the explanation of how polarized photons can carry time, how were these ideas developed, and how untappable information is fairly clear. were they used? The available evidence is scanty, In the preface—justifying his rejection of a pedan- but it seems likely that they were regarded within tically more accurate title for his book—Singh states GCHQ as impractical curiosities and ignored until “I have, however, forsaken accuracy for snappiness.” the rediscoveries on the outside alerted GCHQ to With hindsight this is ominous. His carelessness their importance. with facts will not harm those readers who pick up The historiographic issue is neatly illustrated in the book, skim it, and find the subject not to their an example at the end of the chapter, referring back taste. Nor will it harm the enthusiasts (like myself), to an episode in Chapter 2, which Singh takes as who will seek out other, more reliable books.2 But a parallel foreshadowing. One of the techniques for most, I suspect, will fall in the middle ground: in- breaking the Vigenère chiffre indéchiffrable was terested readers who will rely on this book alone for first published in 1863 by F. Kasiski, but apparently their information about cryptography. This group, sometime in the 1850s Charles Babbage had which will mine Singh’s book for years, if not decades, worked out the same method in private. Singh for term-paper and lecture material, and possibly claims (on no evidence whatsoever) that Babbage material for other books, will be disserved by the did not publish his results because of the interests author’s lax standards of accuracy. of military secrecy during the Crimean War of 1854. But now Babbage’s injustice is also righted: he gets the credit in the end. Regardless of the rea- sons for Babbage’s failure to publish, the follow- ing seems clear: Babbage’s discovery, since it was unpublished, had no influence on the further de- velopment of cryptography. That he made this discovery tells us something about Babbage’s men- 2My favorites: instead of Singh’s Chapters 1–3, people tal capabilities; that it was independently redis- should read D. Kahn, The Codebreakers: The Story of covered tells us something (but not much) about Secret Writing (Macmillan, 1967) and F. Bauer, Decrypted its intrinsic level of difficulty. Babbage might have Secrets : Methods and Maxims of Cryptology (Springer, been first, but (in this matter) he was historically 1997). Instead of Singh’s Chapter 4, read F. H. Hinsley unimportant. Society uses credit and priority as a and A. Stripp, Codebreakers: The Inside Story of Bletch- ley Park (Oxford, 1993) and G. Welchman, The Hut Six reward to encourage the dissemination of new Story (McGraw-Hill, 1982). Instead of Chapter 7, read W. ideas, and it is not at all clear that a researcher who Diffie and S. Landau, Privacy on the Line: The Politics fails to publish a new idea—whether out of diffi- of Wiretapping and Encryption (MIT, 1998). All but one dence, patriotism, or employment at a secret re- of these books are in Singh’s “Further Reading” list, search laboratory—is done an injustice when not pages 388–393.

372 NOTICES OF THE AMS VOLUME 47, NUMBER 3