Book Review - Crypto by Steven Levy

Posted on 2018-06-14

I finished reading Steven Levy’s “Crypto” after seeing the recommendations from Prof Murat on his blog. One of the early books I read about Free Software movement was this book called “Hackers: Heros of the computer revolution”, also by Levy. However, off late, his writings in wired magazine looked more like “paid news” to me, so I was skeptical. But then I realized that this is an old book, much before the web 2.0 era.

I thoroughly enjoyed the book. The book was a page turner. “Crypto” does not start from WW2 era cryptanalysis though. It only starts from the 70s where Whitfield Diffie was a grad student of the legendary John McCarthy at MIT who later got interested in Cryptography and started thinking about the key management issues. The political situation in the US has been in the backdrop of all the stories in the book and has been an important element in the advancement of Cryptography ideas (ironically!). Every effort by the academia and the industry on crypto was targetted by the US Government and the NSA, always trying to kill it and suppress the spread of Crypto, citing national security. The book is again full of the cat-and-mouse games played by the researchers with NSA and the US Government.

Those early in the Free Software movement would have surely seen the various sunnet servers that sprang all around the world, mostly in privacy conscious countries like Canada, Switzerland etc where they hosted the servers with encryption software, mostly to avoid the ridiculous export control policies that existed in the US at that time. In order to demostrate how stupid these laws were (they equated people who exported arms with the people who offered cryptography software for download), someone showed in front of the law makers that one can download cryptography software from the web (say, from a server in Germany) and upload it unmodified in a server in the US and unknowingly make oneself vulnerable to the effects of the law because now someone outside the US can download it from this server. I still remember the US and non-US versions of the binaries of netscape with different bits of encryption (40-bits for the rest of the world vs 128-bits for the US). These tactics of the NSA and other big brothers are still continueing to this day.

The first part of the book mostly focusses on Diffie-Hellman algorithm and the framework set by their paper via the clever use of trapdoor functions and how the rest of the cryptography community which had then never heard of the concept of making a key “public” didn’t get it. Raph Merkle even got one of his early papers on Public Key cryptography rejected by his own professor for one of the course work he did at Berkeley. And the end of the book, the author tells the story of the GCHQ researchers who had independently coming up with the same idea, way before Diffie-Hellman algorithm was published but had to keep it under wraps because they were under the oath of secrecy,

The book then moves on to a concrete realization of the Diffie Hellman algorithm via the RSA algorithm which cleverly uses the integer groups of the prime order to create trapdoor functions. A large part of the book is about the company that commercialized the RSA algorithm based cryptography software and sold to companies like Lotus and Microsoft. The book has a good history of the DES block cipher developed at the IBM and a bunch of back story about the way NSA dealt with them to make it a NIST standard etc.

The scientific american article on public key crypto and RSA algorithm by Martin Gardner in 1977 and the challenge that appeared in the issue which was ultimately broken, is one of the most fascinating parts of the book. The famous words embedded in the encrypted message was “The Magic Words are Squeamish Ossifrage” and the winners’ use of Internet to partition the problem was one of the early collaborative effort to solve a problem in a distributed fashion.

A striking part of the stories in the book is that cryptography world is/was a minefield of patents. Ironic since cryptography is really applied mathematics and patenting equations is as bad as it can get. Fortunately, a lot of new age cryptographers like Daniel Bernstein (djb) and Dan Boneh do not seem to believe in the whole idea of software patents and so we are able to enjoy the benefits of their work like pairing crypto and other algorithms like the various works of djb.

The book touches on the cypherpunk movement, the one I was most interested in, but those sections are pretty weak. The author talks about the anonymous remailers, the work of Eric Hughes and Tim May. I would certainly have liked a much bigger part of these sections. I remember reading a detailed article about their work a few years ago, but cannot find it anymore to link here.

The author goes into the work of David Chaum, the father of modern cryptocurrency and privacy in a lot of sense. Perhaps it is hard to get these folks to talk about themselves because of their stong beliefs in privacy and hance the thin sections. However, the large body of cpunk mailing list archives is in public domain for people to study and learn from.

It later goes into the legal aspects of the works like PGP and the book “Applied Cryptography” etc and the publication of djb’s course notes (anyone who used to read slashdot in the late 90s or early 2000s would remember the celebration on the these communities when the law turned against the Government on these court cases). The book has detailed sections on these parts which I quite enjoyed.

The long sections on key escrow and how certain cryptographers supported them was alarming. Something similar would be pushed in my own country at some point (well, the GSM here is mandatorily run with encryption turned off anyway..). The big brother and surveillance companies want every bit of information anyway and when people are voluntarily disclosing a lot of it, they would use the argument to get more. And to those people who tell me why I have anything to hide if I haven’t done any wrong doing, my answer to them is a counter question: “do you have curtains in your house?”.

The book somewhat reminded me of the good old days of the Internet before the advertising companies made it into a billboard, before the advent of “web applications”, before the age of “apps” and smart phone, when Internet was still a means for various communities to talk to each other and learn from.

I wish Levy writes a book on the history of Cryptocurrency, another very fascinating field that has a rich history and is currently being targetted by Governments all over the world. Oh, also perhaps on Tor if he is going to create a new edition of the book.

In summary, if you like the history of the internet and how the building blocks of the stuff that we now take for granted were developed by idealistic individuals against all odds, you may like the book too.

Addendum: There is a nice wikipedia page that describe random constants (it is called “nothing up my sleeve number” in various cryptography standards.