archiv.ethlife.ethz.ch    
ETH Life - wissen was laeuft
ETH Life - wissen was laeuftETH Life - wissen was laeuftETH LifeDie taegliche Web-Zeitung der ETHETH Life - wissen was laeuft
ETH Life - wissen was laeuftETH Life - wissen was laeuft


Rubrik: Science Life

Interview with the pioneering cryptographer and ETH Honarary Doctor, Whitfield Diffie
Lord of the Keys
Published: 02.10.2003 06:00
Modified: 02.10.2003 00:57
druckbefehl
In 1975 Whitfield Diffie discovered one of the key technologies for trade and private sphere of the information society. He was guest at ETH on September 22nd and gave a public lecture within the ZISC Fall School on the hundred-year history of information security. In an interview, Duffie talks about his discovery, about security and secret services.



By Richard Brogle and Jakob Lindenmeyer

In 1992 you received an Honarary Doctorate from ETH Zurich. What do the folks back home in the US know about our university?

Whitfield Diffie: Okay, ETH is perhaps not as well known in the States as the elite universities in Paris, Oxford or Cambridge. But ETH is one of the better known European universities. In the States, ETH is mostly known in connection with Albert Einstein.


The cryptographic pioneer

US citizen Whitfield Diffie (58) started off by studying mathematics at the renowned Massachusetts Institute of Technology (MIT) in Boston. Early on Diffie became interested in cryptography, at the time still the preserve of secret services. He started his doctoral thesis on the subject in 1974 at Stanford University, where, just a year later, he and his supervisor, Professor Martin Hellman, discovered the public-key cryptography. This works by drawing on both public and secret keys so that people who had not previously been in contact with one another can safely communicate. Diffie's discovery has therefore come to be the key technology for businesses and private persons in the unfolding information society.

Diffie never concluded his doctoral thesis but in 1992, on the recommendation of the Department of Electrotechnology, ETH Zurich awarded him an Honarary Doctorate for the creation of a new research discipline. Since 1991 Diffie has worked for the IT-corporation Sun Microsystems, where he is Chief Security Officer today. On September 22nd he honoured ETH Zurich with a public lecture on the hundred-year history of information security on the occasion of this week's ZISC Fall School. (1)


"The more something is censored, the more interesting it becomes." (Photo: Whitfield Diffie during a public lecture at ETH Zurich)

You work at Sun Microsystems. What are you working on at the moment?

Diffie: When I started to work at Sun in 1991 as a "distinguished engineer" I was asked to work on any issue that I considered to be important. For me that was the issue of security, together with its political implications. Today, as Chief Security Officer, I co-ordinate all relevant security technical processes, from their development to their production.

A propos security: Would you use cryptographic software to which you could not access the source code?

I try not to. In business one is often subjected to inherent necessities. Encryption programmes are, however, very small and the most important are accessible in the source text. If it is important to your security that the programme code be concealed, then you are vulnerable at this point. Don't rely on secrets that you can't readily change.

Are there such things as absolutely secure encoding systems?

With a few exceptions, we don't know. But in the meantime we do have systems that we can trust, like the Rijndael algrorithm developed in Belgium, which was adopted as an AES (advanced encryption standard). I believe there are systems that can't be broken into. But there is still a way to go until we reach the mathematical certainly that we would like to have.

Whitfield Diffie, (with a twinkle in his eye): Perhaps the deluge of spam mail is simply a gigantic Trojan horse. Perhaps it's even a conspiracy.

Can cryptography be used to hide who is communicating with whom?

When two parties exchange information, every router in between knows where the packet is headed. In order to deceive the router one would have to send out an awful lot of trash [thinks about it and smiles]. Perhaps the deluge of spam mail is simply a gigantic Trojan horse. I don't know… we should look into it. Perhaps it's even a conspiracy.

For the past ten years you have been fighting against export barriers on encryption software. Why did the US government suddenly lift these barriers in 2000? Was it because of your intervention?

My arguments were certainly an important input. But the main reason for the lifting was the pressure the US-industry brought to bear on the government. Europe felt that it was being spied on by the USA, especially after the interception programme "Echelon" became public knowledge. Following this Europe loosened the restrictions for software export in the field of security. The IT industry in the US also wanted its share of the global market and lobbied the government to get rid of the long-overdue export restrictions.

"Don't rely on secrets that you can't readily change."

What were your feelings when you heard that the British secret service had possibly discovered public-key cryptography before your own discovery?

When I heard that the British secret service had purportedly discovered something in this area ahead of me, I went to England to talk to the people involved. I spoke at length with James Ellies, the Brit whose work was closest to my own. I came to the conclusion that, although they understood the technology, there was no reason to believe that they realised its importance.

Why not?

The US secret service NSA (National Security Agency) and the other secret services were used to dealing with certain problems and they viewed these new possibilities as just a mathematical curiosity. The possibilities that public-key cryptography opened up did not begin to interest the secret services until it was published in freely available literature.

Did no-one try to stop you publishing your discovery?

Indeed, I had heated discussions with secret service officers but I was never threatened. Some of them might not have liked me but I have good relations with most of them nowadays. In the early days the secret services tried to gain control over the publication of anything to do with cryptography. But experience with similar censorship measures in the area of nuclear technology shows that the more something is censored, the more interesting it becomes.

Is it possible that secret service agencies, like the NSA still have a big enough lead that they are able to decode transactions generally believed to be safe?

I would say it's certain that the NSA has knowledge that it doesn't share with the public. But only a minor amount of NSA's work is devoted to crypto-analytical endeavours and in the past 25 years public knowledge in this field has increased enormously and begotten fundamental insights. The analytical technologies that we possess today lead us to believe in the security of our solutions.

Footnotes:
(1 "ETH Life"-report to the ZISC Fall School: archiv.ethlife.ethz.ch/articles/tages/Informationssicherheit.html (archiv.ethlife.ethz.ch/articles/tages/Informationssicherheit.html)


Copyright 2000-2007 by ETH - Eidgenoessische Technische Hochschule Zurich - Swiss Federal Institute of Technology Zurich 		ok