8 October 1999: Add messages of J.V. Field and Adrian Ridley-Jones; JYA message to CESG and FOIA request to NSA.
6 October 1999
See related docs:
See CESG non-secret encryption papers: http://www.cesg.gov.uk/about/nsecret.htm
To: John Young <email@example.com> CC: Susan Landau <susan.landau@East.Sun.COM>, "J. V. Field" <firstname.lastname@example.org> From: Whitfield Diffie <email@example.com> Sender: Whitfield Diffie <firstname.lastname@example.org> Date: Wed, 6 Oct 1999 11:52:32 -0800 Subject: Authenticity of Non-Secret Encryption documents Wednesday 6 October 1999 at 10h44 > Ross Anderson has today raised the possibility of GCHQ/CESG forging > documents used to substantiate the claim that PK was invented by the > agencies before Diffie-Hellman-Merkle . . . > Would you know anything that would support Ross's allegation? John, I haven't time to treat this matter carefully at the moment. Here is a quick summary of what I remember. You are welcome to publish it. I am inclined to believe that the documents are substantially correct, though the historians are contemptuous of GCHQ's expecting them to believe in documents released only in the form of Internet transcripts. The fluidity of digital media encourages such minor alterations as calling organizations by later names in reprinted documents. I have seen this in industrial circumstances and consider it outrageous but beyond ridiculing the process whenever it comes to light and designing document systems of the future to make it difficult, I suspect there is little we can do about it. I had three reservations in particular, only partly resolved. (1) I had long believed that Ellis, Cocks, and Williamson knew the mathematics of public-key but I had doubted that they understood its significance. This view is supported by conversations with people who were in contact with their organization at the time. Ellis's retrospective paper: ``The Story of Non-secret Encryption'' states that in the 1960s, ``The management of vast quantities of key material needed for secure communication was a headache for the armed forces.'' This suggests a more applied understanding but I recall no support for this view in his 1970 paper ``The Possibility of Secure Non-secret Digital Encryption'' and Ellis never said anything to that effect in our numerous conversations. In my view, the issue of how well they understood the significance of what they were doing remains open. (2) In his lecture at Bletchley Park, 20 June 1998, Cocks had referred to the ``Chief Mathematician.'' I believed correctly that this was Shaun Wylie. I believed, incorrectly, and stated in my lecture at University College, London, that this was the ``Chief Cryptanalyst.'' The two jobs are distinct; Cocks was right; I was wrong. (3) I was skeptical that CESG existed, particularly under than name, in 1969. I don't have a documentary answer on that but Cocks, who ought to know, says it did and this is confirmed by someone else I cannot remember. When I asked Cocks why they had not released photographs of the original documents, he said it was because they were marked with still classified codewords. He also said that declassification of the paper originals was underway. That was June 1998. Whit
[By permission of J.V. Field] Date: Thu, 7 Oct 1999 01:17:07 +0100 To: Whitfield Diffie <email@example.com>, John Young <firstname.lastname@example.org> From: email@example.com (J. V. Field) Subject: Re: Authenticity of Non-Secret Encryption documents Cc: Susan Landau <susan.landau@East.Sun.COM> At 11:52 6/10/99, Whitfield Diffie wrote: > >> Ross Anderson has today raised the possibility of GCHQ/CESG forging >> documents used to substantiate the claim that PK was invented by the >> agencies before Diffie-Hellman-Merkle . . . >> Would you know anything that would support Ross's allegation? > >... Here >is a quick summary ... > > I am inclined to believe that the documents are substantially correct, >though the historians are contemptuous of GCHQ's expecting them to believe >in documents released only in the form of Internet transcripts. The >fluidity of digital media encourages such minor alterations as calling >organizations by later names in reprinted documents. I have seen this in >industrial circumstances and consider it outrageous but beyond ridiculing >the process whenever it comes to light and designing document systems of >the future to make it difficult, I suspect there is little we can do about >it. As an example of a contemptuous historian I should like to comment on this. First, I note Whit's sensible comments on the ease of introducing deliberate modifications into a transcript. This is a standard uncertainty one faces in reading texts transmitted from lost originals, e.g.. Euclid's _Elements_. In the case of the NSE-related documents, the transcripts are known to have been made by people who may reasonably be suspected of having an interest in the content of the documents. Ellis's work was done in secret, in a context of other secret work. The absence in the transcribed text of material relating his work to anything else going on at the time strikes me as curious, even for an internal memo. Given Ellis's place of work, one may legitimately wonder whether, in being transcribed by his surviving colleagues, his original text has been modified so as to remove references to other work that remains classified. Such cleaning up would be a wise security move for GCHQ; to a historian, it constitutes removal of possibly significant information about the intellectual context of a discovery. Context can be a vital element in interpretation. Conspiracy theories have a very bad name among historians, but in this case we are dealing with people whose normal paid activity includes a large measure of deception (considered legitimate), and I must admit to having a further nasty thought: we have been told that the release of these documents was opposed by someone whose death made the publication on the web possible. I cannot help wondering whether the opposing voice was that of Ellis. I would not accept as authoritative documents on the Vatican website that were presented as transcripts of previously unknown items relating to the trial of Galileo. _Mutatis mutandis_, I am applying the same standards to the twentieth century. Supporting evidence is required. And the more important the claim is to the claimant the stronger the supporting evidence needs to be. Pax vobiscum J. V. Field J. V. Field Department of History of Art Birkbeck College 43 Gordon Square London WC1H 0PD fax: +44.171.631.6107; tel(ans mach)/fax: +44.171.736.9198 email firstname.lastname@example.org home page http://www.hart.bbk.ac.uk/staff_research/jvf.html
Date: Thu, 07 Oct 1999 12:43:02 +0100 To: email@example.com From: Adrian Ridley-Jones <firstname.lastname@example.org> Subject: Re: Diffie on GCHQ/CESG PK Forgery >(1) I had long believed that Ellis, Cocks, and Williamson knew the >mathematics of public-key but I had doubted that they understood its >significance. This view is supported by conversations with people >who were in contact with their organization at the time. > > Ellis's retrospective paper: ``The Story of Non-secret Encryption'' >states that in the 1960s, ``The management of vast quantities of key >material needed for secure communication was a headache for the armed >forces.'' This suggests a more applied understanding but I recall no >support for this view in his 1970 paper ``The Possibility of Secure >Non-secret Digital Encryption'' and Ellis never said anything to that >effect in our numerous conversations. > > In my view, the issue of how well they understood the significance of >what they were doing remains open. Since I was handling key encryption material in 1974 I can confirm that this issue was a matter of considerable importance to the military. However I agree with Ross [probably, Whit] that perhaps CESG did not appreciate the significance . Key handling and key replacement in the event of compromise formed a considerable element of cyrpto related issues. As crypto became more widespread and down to lower levels in the military these issues rose in importance. However any further amplification is the subject of the Official Secrets Act .... although given the recent revelations of Norwood and the failure to hang her for treason (!) then frankly this hypocritical government has lost any right to govern or prosecute anyone else ever again !! Regards Adrian
To: email@example.com From: John Young <firstname.lastname@example.org> Subject: Non-Secret Encryption Date: October 6, 1999 Dear CESG, We would be most grateful if you could you provide an e-mail address for Cliff Cocks or ask him to contact us. We operate a Web site on cryptography affairs and would like to interview him on the topic of non-secret encryption. In particular we wish to learn more on the declassification of papers on this topic. Thank you very much, John Young Cryptome http://jya.com/crypto.htm
JYA/URBAN DEADLINE 251 WEST 89TH ST, SUITE 6E NY NY 10024
By fax to: 301-688-6198
October 6, 1999
National Security Agency
ATTN: FOIA Office (N5P5)
9800 Savage Road STE 6248
Ft. George G. Meade, MD 20755-6248.
Under the Freedom of Information Act I request any and all information and documents on:
The invention, discovery and development of "non-secret encryption" (NSE) and public key cryptography (PKC) by United Kingdom, United States, or any other nation's intelligence and cryptology agencies, prior to, parallel with, or subsequent to, the PKC work of Diffie-Hellman-Merkle.
The terms "non-secret encryption" (NSE) and "public key cryptography" (PKC) are taken from the paper by James Ellis, GCHQ, "The Story of Non-Secret Encryption," available at:
The purpose of this request is to publish information and documents on the Internet at Cryptome (http://jya.com/crypto.htm). I shall be pleased to pay FOIA-provided costs for fulfilling this request.
Thank you very much.
[JYA note: Our last NSA FOIA request has taken about 18 months to be processed. We're due to hear this month what NSA will release, if anything -- the never squeal agency won't.]