8 October 1999: Add messages of J.V. Field and Adrian Ridley-Jones; JYA message to CESG and FOIA request to NSA.
6 October 1999
See related docs:
http://cryptome.org/ukpk-true.htm
http://cryptome.org/ukpk-alt.htm
See CESG non-secret encryption papers: http://www.cesg.gov.uk/about/nsecret.htm
To: John Young <jya@pipeline.com>
CC: Susan Landau <susan.landau@East.Sun.COM>,
"J. V. Field" <jv.field@hist-art.bbk.ac.uk>
From: Whitfield Diffie <whitfield.diffie@eng.sun.com>
Sender: Whitfield Diffie <whitfield.diffie@eng.sun.com>
Date: Wed, 6 Oct 1999 11:52:32 -0800
Subject: Authenticity of Non-Secret Encryption documents
Wednesday 6 October 1999 at 10h44
> Ross Anderson has today raised the possibility of GCHQ/CESG forging
> documents used to substantiate the claim that PK was invented by the
> agencies before Diffie-Hellman-Merkle . . .
> Would you know anything that would support Ross's allegation?
John,
I haven't time to treat this matter carefully at the moment. Here
is a quick summary of what I remember. You are welcome to publish it.
I am inclined to believe that the documents are substantially correct,
though the historians are contemptuous of GCHQ's expecting them to believe
in documents released only in the form of Internet transcripts. The
fluidity of digital media encourages such minor alterations as calling
organizations by later names in reprinted documents. I have seen this in
industrial circumstances and consider it outrageous but beyond ridiculing
the process whenever it comes to light and designing document systems of
the future to make it difficult, I suspect there is little we can do about
it.
I had three reservations in particular, only partly resolved.
(1) I had long believed that Ellis, Cocks, and Williamson knew the
mathematics of public-key but I had doubted that they understood its
significance. This view is supported by conversations with people
who were in contact with their organization at the time.
Ellis's retrospective paper: ``The Story of Non-secret Encryption''
states that in the 1960s, ``The management of vast quantities of key
material needed for secure communication was a headache for the armed
forces.'' This suggests a more applied understanding but I recall no
support for this view in his 1970 paper ``The Possibility of Secure
Non-secret Digital Encryption'' and Ellis never said anything to that
effect in our numerous conversations.
In my view, the issue of how well they understood the significance of
what they were doing remains open.
(2) In his lecture at Bletchley Park, 20 June 1998, Cocks had referred to
the ``Chief Mathematician.'' I believed correctly that this was Shaun
Wylie. I believed, incorrectly, and stated in my lecture at University
College, London, that this was the ``Chief Cryptanalyst.'' The two jobs
are distinct; Cocks was right; I was wrong.
(3) I was skeptical that CESG existed, particularly under than name, in
1969. I don't have a documentary answer on that but Cocks, who ought to
know, says it did and this is confirmed by someone else I cannot remember.
When I asked Cocks why they had not released photographs of the original
documents, he said it was because they were marked with still classified
codewords. He also said that declassification of the paper originals
was underway. That was June 1998.
Whit
[By permission of J.V. Field]
Date: Thu, 7 Oct 1999 01:17:07 +0100
To: Whitfield Diffie <whitfield.diffie@eng.sun.com>,
John Young <jya@pipeline.com>
From: jv.field@hist-art.bbk.ac.uk (J. V. Field)
Subject: Re: Authenticity of Non-Secret Encryption documents
Cc: Susan Landau <susan.landau@East.Sun.COM>
At 11:52 6/10/99, Whitfield Diffie wrote:
>
>> Ross Anderson has today raised the possibility of GCHQ/CESG forging
>> documents used to substantiate the claim that PK was invented by the
>> agencies before Diffie-Hellman-Merkle . . .
>> Would you know anything that would support Ross's allegation?
>
>... Here
>is a quick summary ...
>
> I am inclined to believe that the documents are substantially correct,
>though the historians are contemptuous of GCHQ's expecting them to believe
>in documents released only in the form of Internet transcripts. The
>fluidity of digital media encourages such minor alterations as calling
>organizations by later names in reprinted documents. I have seen this in
>industrial circumstances and consider it outrageous but beyond ridiculing
>the process whenever it comes to light and designing document systems of
>the future to make it difficult, I suspect there is little we can do about
>it.
As an example of a contemptuous historian I should like to comment on
this. First, I note Whit's sensible comments on the ease of introducing
deliberate modifications into a transcript. This is a standard uncertainty
one faces in reading texts transmitted from lost originals, e.g.. Euclid's
_Elements_.
In the case of the NSE-related documents, the transcripts are known to
have been made by people who may reasonably be suspected of having an
interest in the content of the documents. Ellis's work was done in secret,
in a context of other secret work. The absence in the transcribed text of
material relating his work to anything else going on at the time strikes me
as curious, even for an internal memo. Given Ellis's place of work, one
may legitimately wonder whether, in being transcribed by his surviving
colleagues, his original text has been modified so as to remove references
to other work that remains classified. Such cleaning up would be a wise
security move for GCHQ; to a historian, it constitutes removal of possibly
significant information about the intellectual context of a discovery.
Context can be a vital element in interpretation.
Conspiracy theories have a very bad name among historians, but in this
case we are dealing with people whose normal paid activity includes a large
measure of deception (considered legitimate), and I must admit to having a
further nasty thought: we have been told that the release of these
documents was opposed by someone whose death made the publication on the
web possible. I cannot help wondering whether the opposing voice was that
of Ellis.
I would not accept as authoritative documents on the Vatican website
that were presented as transcripts of previously unknown items relating to
the trial of Galileo. _Mutatis mutandis_, I am applying the same standards
to the twentieth century. Supporting evidence is required. And the more
important the claim is to the claimant the stronger the supporting evidence
needs to be.
Pax vobiscum
J. V. Field
J. V. Field
Department of History of Art
Birkbeck College
43 Gordon Square
London WC1H 0PD
fax: +44.171.631.6107; tel(ans mach)/fax: +44.171.736.9198
email jv.field@hart.bbk.ac.uk
home page http://www.hart.bbk.ac.uk/staff_research/jvf.html
Date: Thu, 07 Oct 1999 12:43:02 +0100
To: ukcrypto@maillist.ox.ac.uk
From: Adrian Ridley-Jones <arj@burntwood.net>
Subject: Re: Diffie on GCHQ/CESG PK Forgery
>(1) I had long believed that Ellis, Cocks, and Williamson knew the
>mathematics of public-key but I had doubted that they understood its
>significance. This view is supported by conversations with people
>who were in contact with their organization at the time.
>
> Ellis's retrospective paper: ``The Story of Non-secret Encryption''
>states that in the 1960s, ``The management of vast quantities of key
>material needed for secure communication was a headache for the armed
>forces.'' This suggests a more applied understanding but I recall no
>support for this view in his 1970 paper ``The Possibility of Secure
>Non-secret Digital Encryption'' and Ellis never said anything to that
>effect in our numerous conversations.
>
> In my view, the issue of how well they understood the significance of
>what they were doing remains open.
Since I was handling key encryption material in 1974 I can confirm that
this issue was a matter of considerable importance to the military. However
I agree with Ross [probably, Whit] that perhaps CESG did not appreciate the significance .
Key handling and key replacement in the event of compromise formed a
considerable element of cyrpto related issues. As crypto became more
widespread and down to lower levels in the military these issues rose in
importance.
However any further amplification is the subject of the Official Secrets
Act .... although given the recent revelations of Norwood and the failure
to hang her for treason (!) then frankly this hypocritical government has
lost any right to govern or prosecute anyone else ever again !!
Regards Adrian
To: enquiries@cesg.gov.uk
From: John Young <jya@pipeline.com>
Subject: Non-Secret Encryption
Date: October 6, 1999
Dear CESG,
We would be most grateful if you could you provide an e-mail address
for Cliff Cocks or ask him to contact us.
We operate a Web site on cryptography affairs and would like
to interview him on the topic of non-secret encryption. In particular
we wish to learn more on the declassification of papers on this
topic.
Thank you very much,
John Young
Cryptome
http://jya.com/crypto.htm
JYA/URBAN DEADLINE 251 WEST 89TH ST, SUITE 6E NY NY 10024
212-873-8700
By fax to: 301-688-6198
October 6, 1999
National Security Agency
ATTN: FOIA Office (N5P5)
9800 Savage Road STE 6248
Ft. George G. Meade, MD 20755-6248.
Under the Freedom of Information Act I request any and all information and documents on:
The invention, discovery and development of "non-secret encryption" (NSE) and public key cryptography (PKC) by United Kingdom, United States, or any other nation's intelligence and cryptology agencies, prior to, parallel with, or subsequent to, the PKC work of Diffie-Hellman-Merkle.
The terms "non-secret encryption" (NSE) and "public key cryptography" (PKC) are taken from the paper by James Ellis, GCHQ, "The Story of Non-Secret Encryption," available at:
http://jya.com/ellisdoc.htm
The purpose of this request is to publish information and documents on the Internet at Cryptome (http://jya.com/crypto.htm). I shall be pleased to pay FOIA-provided costs for fulfilling this request.
Thank you very much.
Sincerely,
John Young
E-mail jya@pipeline.com
[JYA note: Our last NSA FOIA request has taken about 18 months to be processed. We're due to hear this month what NSA will release, if anything -- the never squeal agency won't.]