5.7 — Cryptography: The Key to Sending Secret Messages

Host Walter Isaacson and guests uncover the secrets behind cryptography over the years, following as it morphs from something used to protect highly-confidential military secrets to its applications in everyday messaging.
Transcript
Subscribe
All Trailblazers Podcasts

In this episode:

  • Pretty Good Privacy (0:00)
  • Caesar ciphers and Enigma machines (3:03)
  • The secrets of cryptography (10:36)
  • Encoding the internet (13:27)
  • A new appetite for secure communications (18:36)
  • Quantum computing (23:20)

It’s safe to say that without cryptography, communication as we know it wouldn’t exist. How did something originally designed for protecting wartime secrets develop into an essential part of our day-to-day lives? Find out.

There’s more to uncover about encryption:

“Every method that is available to people to communicate data over long distances was subject to interception.”

— Phil Zimmermann, inventor of PGP (Pretty Good Privacy)

Guest List

  • Andrew Hodges is a mathematician at the University of Oxford, England, a colleague of the Nobel prizewinner Roger Penrose. He is best known for the biography Alan Turing: the Enigma, first published in 1983. This book, combining Turing’s personal story with wartime codebreaking and the origins of computer science, has appeared in many editions and translations, with stage,TV and screen adaptations. His website is www.turing.org.uk
  • Philip R. Zimmermann is the creator of Pretty Good Privacy (PGP), which has grown from its origins in 1991 as a human rights tool to become the most widely used email encryption software in the world. In 2014 he was inducted into the Cyber Security Hall of Fame, and Foreign Policy Magazine named him one of the Leading Global Thinkers of 2014.
  • Steven Levy is Wired magazine’s editor at large. The Washington Post has called him “America’s premier technology journalist.” Levy’s work has appeared in many prestiges publications including Rolling Stone, Harper’s Magazine, and The New York Times Magazine. He is the author of seven books including “Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age.”
  • Alex Stamos is a cybersecurity expert, business leader and entrepreneur working to improve the security and safety of the Internet through his teaching and research at Stanford University. Prior to joining Stanford, Alex was the Chief Security Officer of Facebook where he led a team of engineers, researchers, investigators and analysts charged with understanding and mitigating information security risks to the company and safety risks to the 2.5 billion people on Facebook, Instagram and WhatsApp.
  • Whitfield Diffie is one of the inventors of public-key cryptography and the originator of the concept of digital signature that underlies internet commerce. For this work he received the ACM Turing Award, jointly with Martin Hellman and has been inducted into the NSA Cryptologic Hall of Honor.

Walter Isaacson:
Phil Zimmermann has received a lot of letters over the years from users of his groundbreaking encryption software called PGP, but he’s never received a letter quite like the one sent from the older brother of a 24-year-old Kosovan rebel. It’s the spring of 1999, the height of the Kosovo war, and thousands of rebels are under fire from the Serbian military. The Serbian attack is so overwhelming that they’re forced to flee the country over the snowy mountains to neighboring Albania. The lives of thousands of Kosovans are at stake, and coordinating a defense effort is no simple task. Phone lines and internet connections have been tapped by the government, so it’s almost impossible to communicate securely.

Walter Isaacson:
But that’s where Zimmermann’s software comes in. PGP, which was first released in 1991, stands for Pretty Good Privacy, and it’s the first piece of software designed at putting military-grade encryption in the hands of ordinary people. With PGP, just about anyone with a computer can send a message that’s unreadable by anyone except the recipient, even if your email is intercepted or your phone line is tapped.

Walter Isaacson:
The letter explained how the Kosovan rebels, aware that they’re being snooped on by government forces, started using PGP to coordinate their movements so they could safely order a retreat away from encroaching forces. More than 8,000 refugees cross a wintry mountain and pass safely into Albania. PGP may have just saved their lives.

Walter Isaacson:
The letter from Kosovo is just one of many Zimmermann receives over the years from conflict zones all over the globe, thanking him for his contribution to various human rights causes. Cryptography, once the domain of massive militaries and superpower governments, is now in everyone’s hands, and that fact has changed everything. Whether you know it or not, your life wouldn’t be the same without it.

Walter Isaacson:
I’m Walter Isaacson, and you’re listening to Trailblazers, an original podcast from Dell Technologies.

Speaker 2:
They’re about to engage a new breed of computer.

Speaker 3:
But it’s a secret.

Speaker 2:
Written in one of several programming languages available.

Speaker 4:
Designed to help safeguard the security of the nation.

Speaker 3:
But honey, it’s regulations.

Speaker 4:
Every precaution to prevent unauthorized persons from learning of its existence.

Walter Isaacson:
For most of human history, cryptography wasn’t a part of people’s lives unless you were a military commander or a spy. One of the oldest cryptographic systems ever created was known as the Caesar cipher. Invented by the ancient Roman general Julius Caesar around 58 BC, the Caesar cipher was a system that securely encoded sensitive information carried by trusted messengers in case they were captured by enemy forces. Every letter in the message would be transformed by shifting it three letters to the right in the alphabet, so the communication would look like jibberish. But if you took the coded texts and shifted every letter back three letters to the left, the original message would appear, as if by magic. That formula for encrypting or decrypting messages is known as a cipher or a key. By today’s standards, it’s a pretty simple system, but the basics of cryptography are all there.

Walter Isaacson:
Cryptography evolves slowly over the centuries, but it wasn’t until the late 1930s and 1940s that encryption took the stage as a matter of vital global importance. It was all because of a powerful little device with the mysterious name of Enigma.

Andrew Hodges:
So the history of the Enigma machine, basically it was a well-known machine of the 1920s and 1930s.

Walter Isaacson:
Andrew Hodges is the author of the biography, Alan Turing, the Enigma, the basis for the 2014 film, The Imitation Game.

Andrew Hodges:
It was used by banks just transferring confidential information, but the point is that the military version of it, as developed by the German forces and used by Army, Air Force and Navy during the Second World War, was an upgrade of the original Enigma.

Walter Isaacson:
When you typed a message on the Enigma, a complicated roto mechanism would encrypt the text according to whichever cipher you had set in the machine. You would get a version that was unreadable to anyone who didn’t have their own Enigma machine, and importantly, who knew the cipher you were using to encrypt that particular message.

Walter Isaacson:
In the 1930s and ’40s, the German military made extensive use of the Enigma machine, which allowed the military command to communicate with its naval forces over radio without fear of their messages being intercepted. Thousands of encrypted orders and reports were broadcast every day, and during the Second World War, that presented a huge problem for the Allies. German U-boat submarines prowled the North Atlantic, attacking Allied convoys bringing troops and equipment to the battlefields of Europe. If the Enigma code could be cracked, the Allies would have advance knowledge of where the U-boats would be, giving them a huge tactical advantage, and that’s where Alan Turing comes in.

Walter Isaacson:
In 1938, Turing volunteered for the effort to defeat Enigma, joining a shadowy organization called the Government Code and Cipher School, but this was no simple training facility. Based at Bletchley Park, a stately mansion in the British countryside, the cipher school was the headquarters of the British code breaking operation. It was a tough job. Technically, the Enigma machine can be set to over 150 trillion different ciphers, making it incredibly hard to crack. Luckily, Turing possessed a set of skills well suited to the job. Andrew Hodges.

Andrew Hodges:
He was incredibly well adapted to it because on the whole, most mathematicians would have been defined by their pure mathematics and nothing to do with actual practical machinery, and Turing was a pure mathematician. He did very advanced pure mathematics, but he had this great yen for actually handling machinery stuff himself. He liked doing it with his own hands, very unusual for that, so he was just the right person to see that when you have this new cipher machine system to break, it would need something mechanical to get into it. You wouldn’t be able to get away with just the puzzle solving crossword puzzle type methods which had been used before.

Walter Isaacson:
Using intelligence gathered from Polish codebreakers, Turing and his team developed what we now know as an algorithm to reverse engineer the Enigma code. And to do that, they needed to build a machine of their own, one with the odd name of Bombe. Bombe was a massive mechanical device capable of running Turing software, and was in many ways the precursor to modern computers. And while this incredible mechanical device ran Turing’s algorithms with remarkable speed, Enigma could not be broken by math alone. It still required a great deal of cunning and problem solving.

Andrew Hodges:
If you’re going to find out which of the trillions of trillions of key settings had been used, you need a certain amount of information. Just as in solving a crossword anagram, you have to have a certain amount of information before you to get something which fits. The amount of information is essentially about 22, 23 letters which you are absolutely sure or very, very sure were actually incorporated in the message that had been encoded.

Walter Isaacson:
One of the Enigma system’s greatest strengths, the huge number of possible ciphers with which to encode a message, is also its weakness. Remember, the cipher, or key as it’s also known, is the magic formula that turns regular text into encrypted text. So for the recipient to decrypt the message properly, they need to know exactly which key the sender was using, or the results would be meaningless.

Andrew Hodges:
There are different ways you can do this. You can send them all out in advance, or else you can have an elaborate system where you’ve disguised it in the course of the message, and then they tended to do that.

Walter Isaacson:
Individual keys were given three letter codes which were transmitted at the beginning of each message to let the recipient know which to use to decipher the message. By honing in on those first few characters of information, the team at Bletchley Park were able to identify the cipher and then use their Bombe machine to unlock the rest of the message with relative ease. At its peak, Bletchley Park decoded 84,000 German messages a month. Many believe that Turing’s algorithm hastened the end of the war by years, potentially saving millions of lives.

Walter Isaacson:
Not only did Turing help win the war for the Allies, he can also claim credit for the computer as we know it, but the cryptographic work he pioneered would take decades to get into most people’s hands, and it would take another team of rule-breaking geniuses to get it there.

Walter Isaacson:
It’s the late 1960s, and a computer programmer named Whitfield Diffie is traveling the United States in a battered old Datsun automobile. He’s not like so many other wanderers of the time looking to find himself or seek enlightenment. He’s looking for the secrets of cryptography, and they are extraordinarily hard to find.

Steven Levy:
Post-World War II cryptography was the domain of governments, so the most advanced countries had their intelligence agencies charged with keeping their secrets and decoding the secrets of their friends and foes.

Walter Isaacson:
Steven Levy is editor at large of WIRED Magazine and author of the book Crypto.

Steven Levy:
The U.S. was the leader in this. We had an agency for this. It became known as the NSA, though the name wasn’t uttered publicly for quite some time. People inside would refer to the initials as No Such Agency.

Walter Isaacson:
Any work being done on cryptography outside its walls was seen by the NSA as a threat to national security, and they moved very quickly to shut it down.

Steven Levy:
It was quite literally illegal to do advanced research work in cryptography because the government declared all that information classified, and you even had cases where people couldn’t access their own research once the government swooped in and said, “No, no, no, no, no. This is something for us.” As a result, research in the private sector for quite some time was non-existent and progress in the private sector was non-existent.

Walter Isaacson:
But that didn’t mean that nobody was interested in cryptography. For some, the very secrecy around the subject had a certain allure, and they were determined to learn more despite the official cone of silence around the matter.

Steven Levy:
One notable person was this fellow named Whitfield Diffie who came out of the hacker community at MIT, and he was obsessed with secrets and breaking them and keeping them. It was an interesting culture at MIT. They had these people called lock hackers. They came up with elaborate ways to get into locked safes even. They took courses on being locksmiths. So out of that culture came Diffie, and he found himself very frustrated when he learned that any information that he wanted to have to help him learn more about it was classified.

Walter Isaacson:
So Diffie did what any young person in the late 1960s would do when faced with an intractable problem. He hit the road.

Whitfield Diffie:
I traveled around thinking about these problems and digging up rare manuscripts in libraries and talking to anybody who I would find would talk.

Walter Isaacson:
This is Whitfield Diffie. He was passionate about the idea that everyday people would need accessible encryption to protect their privacy, and it was around this time that other entities outside the NSA became interested in cryptography as well. In the early 1970s, IBM realized that some sort of encryption was going to be necessary to facilitate networked electronic transactions. Specifically, as automated teller machines began to roll out across the country, there had to be a way to protect the sensitive account data they dealt in. IBM collaborated with the NSA in what was called the Data Encryption Standard, or the DES for short. It was a government-approved encryption scheme meant to be available for commercial purposes. Diffie and his cohort of encryption enthusiasts were immediately critical of the DES.

Walter Isaacson:
For one, it had a relatively short key size of only 56 bits. Key size is a term used to describe just how secure a cipher is. For comparison, it’s been estimated that the Enigma machine four decades before the DES had a key size of 88 bits.

Whitfield Diffie:
I did say, I thought the key was too short. It had just under a billion billion possible keys, and I thought about it and I figured you could build a specialized computer that would look through those keys in about a day, and I estimated that would cost $25 million and that seemed to me too little. In particular, I mean, the essence of this argument is, for God sakes, it doesn’t cost that much to increase the key size. Why not do it?

Walter Isaacson:
Just a couple of months later, Diffie would put his road trip cryptography research to good use. He and his partner, Martin Hellman, came out with their response to the DES, and in doing so created an entirely new concept in cryptography that would completely change the way it was done. They call it public key cryptography, and not only was it revolutionary, it was downright shocking. Steven Levy.

Steven Levy:
So, you have to understand, the basis of the way cryptography was done was there would be a secret key, and you’d use that secret key to encode a message, to scramble it in a way that you hoped no one could read unless they had that key that could unlock it, so the same key that locked something would unlock it, and that was the religion there. That’s the way it was done, it was always done, and the idea that a key could be shared with anyone else was crazy because that would mean you’re giving away the way to decode something.

Walter Isaacson:
Diffie and Hellman proposed to do exactly that.

Steven Levy:
So the way it worked is that I have a public key and a private key. I could give my public key, as the name implies, to anybody. And then if everyone has my public key, that means that they could send me a message that only I can read, because the only way to uncode the decoded message scrambled with a public key is by that one twin, that private part of the key pair that only I hold.

Walter Isaacson:
It was a fiendishly clever way of getting around the Enigma machine’s weakness, which was that the encoding cipher had to be transmitted to the person receiving the message for them to decode it. Now, all you need to send a message to someone is their public key. You can use the public key to encode your message, but only the person holding the second private half of the key can decode it. What’s more, it even works in reverse, effectively making it an unfakeable digital signature.

Walter Isaacson:
Today, those very concepts underlie the security of the entire internet as we know it.

Steven Levy:
Every time you use a browser, something based on that principle is being used. Secure HTTP, the language of the internet, is used by a variation of what Diffie and Hellman came up with.

Walter Isaacson:
When Diffie and Hellman published their paper, New Directions in Cryptography, it radically changed the basis of cryptography forever. But a practical way for the ordinary person to make use of their concepts still remained out of reach. In a little over a decade, that was about to change in a big way.

Walter Isaacson:
Until Diffie and Hellmann’s innovation, cryptography was traditionally used for wartime efforts, but the next revolution was going to come ironically from the peace movement.

Phil Zimmermann:
Well, in the 1980s, I was a full-time software engineer in my day job, and I spent all my spare time working on trying to stop the arms race.

Walter Isaacson:
Phil Zimmermann is the inventor of the groundbreaking cryptography software PGP, or Pretty Good Privacy.

Phil Zimmermann:
I think I worked the equivalent of two full-time jobs, 40 hours a week as a software engineer as my day job, and then another 40 hours a week trying to keep the world from blowing up.

Walter Isaacson:
Zimmermann saw the need for activist groups to protect themselves from spying government eyes both in the U.S. and around the world, and in an age where email was too rudimentary to include security features and any phone could be tapped, that meant accessible cryptography.

Phil Zimmermann:
I felt like grassroots political organizations in the U.S. needed protection from our own government, and human rights groups around the world also needed protection. They operated in dangerous environments, and the governments that they were monitoring for human rights violations were quite often client states of the superpowers, and so that means that encryption software to protect them would have to be strong encryption.

Walter Isaacson:
Once PGP was ready, Zimmermann got it out into the world any way he could. It was 1991, and the worldwide web was still in its infancy. What nobody expected was just how popular the software would become.

Phil Zimmermann:
There was a feeding frenzy for it. The context of that time was that there was really no way for ordinary people to communicate over great distances without the risk of interception. None of the usual methods of communication were safe. You couldn’t use telegrams, you couldn’t use fax machines, you couldn’t use phone calls. You couldn’t use postal mail or internet messages. PGP changed that. Ordinary people with PGP could communicate over intercontinental distances for the first time without significant risk of interception.

Walter Isaacson:
Human rights groups welcomed the software, and Zimmermann began to get letters from around the world, including that one from Kosovo, but the U.S. government wasn’t too happy about PGP’s success.

Phil Zimmermann:
The government response to PGP was that they took the position that it was illegal to export strong encryption on the grounds that they considered it to be a munition, and so they thought that I had violated the Arms Export Control Act, which is the law that I would violate if I was exporting Stinger missiles to Libya or something like that. They had a long list of things that were prohibited from export without a license from the State Department. One of them was strong encryption, so they opened a criminal investigation against me. I was pretty sure I was going to go to prison because I knew I was guilty.

Walter Isaacson:
Zimmermann faced up to four years in federal prison for writing and distributing PGP, but after three years, the government dropped the case without ever indicting Zimmermann. The ’90s saw another front page crypto controversy when the Clinton Administration proposed introducing the Clipper chip, a device that would give the government a backdoor into any encryption technology on the market. This did not go over well with just about everyone. Like the digital encryption standard two decades earlier, many feared the implications of a government backdoor. Whitfield Diffie even testified against the idea in front of Congress.

Whitfield Diffie:
Everyone felt this was an attempt to spy on them. The government people, they never would commit themselves to court-issued warrants or anything of that kind, and so basically this withered away over a period of about five or 10 years, but it played a significant role in crypto politics in the early ’90s.

Walter Isaacson:
The Clipper chip project died on the vine and the encryption wars died down for another couple of decades. And then in 2013, they came roaring back in a big way. In 2013, it was discovered that the National Security Agency had been conducting massive secret surveillance on millions of Americans. If your email wasn’t encrypted, it wasn’t safe from the NSA, or whoever else happened to have access to it. These revelations created not only outrage, but a new appetite for secure communications. Tech companies could encrypt users’ messages en masse, but their content would still be exposed on their way to the data centers. Any hacker who can infiltrate those centralized systems might still be able to intercept their contents.

Walter Isaacson:
The solution was a technology called end-to-end encryption, and it took advantage of the huge leaps in personal computing power that had occurred over the previous decade. With end-to-end, your own device, like you mobile phone, encrypts your message, and your recipient’s device decrypts it. Nobody in the middle can read it. It sounds complicated, and it is, but you’re probably using it already.

Alex Stamos:
I was at Facebook when WhatsApp shipped end-to-end, and then we also shipped in end-to-end encrypted mode in Facebook Messenger.

Walter Isaacson:
Alex Stamos is the director of the Stanford Internet Observatory and the former chief security officer of Facebook.

Alex Stamos:
The majority of people who use end-to-end encryption on the planet are doing so on those products, so if there’s a situation where somebody takes over another person’s account or they’re able to break into the infrastructure of one of these providers, end-to-end encryption greatly reduces the risk to individuals. It does not completely eliminate it, and there’s still a number of risks that exist, but it is a very important technology for reducing risk and to make systems more robust if they are compromised.

Walter Isaacson:
End-to-end encryption excludes any unauthorized recipient from reading your messages. This could be malicious hackers out to steal your personal information, but it also includes the government. Its use has increased calls for tech companies to build in some sort of backdoor that approved security agencies can use to read messages of suspected terrorists or other criminals. But according to Stamos, it’s not as simple as that. For one, a backdoor is fundamentally incompatible with end-to-end encryption. If a message can be opened halfway on its journey to you, then it hasn’t really been encrypted end-to-end. But perhaps most importantly, a backdoor could open a sort of cryptographic Pandora’s box around the globe.

Alex Stamos:
One of the fundamental problems with a backdoor is that every country in the world is going to believe they deserve it, and there’s no good mechanism by which any of these companies can say no to every other country after the United States gets a backdoor. It’s just going to happen. Every country that is economically relevant is going to get their own backdoor. The People’s Republic of China, India, the EU, all these folks will get their own backdoors, and I think in the long run, that is actually really bad for American national security and it’s really bad for the privacy of American citizens.

Walter Isaacson:
Legislation may be one threat to cryptography, but another hazard comes from a very different direction. For decades, scientists have developed an entirely new paradigm in computing known as quantum computing. These hypothetical devices would use quantum physics concepts like entanglement to perform functions exponentially faster than the classical computers we use today, and that could be a huge problem for encryption. Cryptographic researchers are preparing for the coming era of computing. Only a few years ago, the NSA itself publicly announced that it would be moving towards quantum safe algorithms, and it sounded the alarm that the quantum era might arrive before proper safeguards are in place, and our entire system of commerce and communication may rely on getting it right. Whitfield Diffie and Martin Hellman’s public key cryptography was the first step towards a networked world, but the era of quantum computing could change our lives just as dramatically.

Walter Isaacson:
I’m Walter Isaacson, and you’ve been listening to Trailblazers, an original podcast from Dell Technologies. For more information about any of the guests on today’s show, please visit delltechnologies.com/trailblazers. Thanks for listening.