Encryption for India

N. Vittal recently voiced concerns about encryption software that is exported from the US being "specially designed" to be convenient for the US government to break. In this article, we look at the problem of encryption software in India.

Encryption as munitions. In World War II, there were three projects where the intellectual strength of the Allies proved to be of decisive importance: the Manhattan project which made the atomic bomb, the `rad lab' at MIT which worked on radar, and attacks on Axis encryption. Each of these efforts had scientists producing results of enormous military value. Germany, which lacked comparable geniuses, lost out on each of these contests.

After the fall of France, the British recruited first-rate mathematicians, linguists and other appropriate talent from Oxford and Cambridge into the task of codebreaking. This included talent such as Alan Turing, the first computer theorist. They were able to break the German Enigma encryption machine. Similarly, the US worked on Japanese codes. These code-breaking efforts were spectacularly successful. For example, the battle of Midway would probably not have been won without the codebreakers - knowledge of Japanese intentions allowed the Americans to position their inferior fleet of carriers so as to destroy the much larger enemy force. In his book The Second World War, the historian John Keegan writes: "Twenty years after the war was over, when their German opponents discovered that their most secret correspondence had been read daily, they were struck speechless".

Codes and their attack have been the subject of great military interest ever since. Even non-military applications of encryption have military ramifications, when we consider a scenario where an enemy brings India's economy to its knees by attacking the financial system. In the US, an agency called the National Security Agency. NSE is the largest congregation of mathematics Ph.Ds in the world. All research at the NSA is secret, and the knowledge and decryption capabilities that they have amassed over the last 50 years can only be imagined. The US has laws which treat encryption technology as munitions and forbid its export.

Hence, as Vittal observes, software purchased from US vendors features encryption tools cleared for export by the NSA; this is likely to be because the NSA thinks that it can break these methods. For example, the widely used "data encryption standard" (DES) was created by IBM, on contract for the NSA, in the late 1960s. It is widely rumoured that the NSA weakened the original IBM design to make it easier to attack. Today, given advances in computer power, the DES can be broken in a day.

Classified versus unclassified cryptography research. Worldwide, there are two distinct strands of research into cryptography: the classified research taking place in NSA -- which nobody outside knows -- and unclassified research taking place at universities all over the world. The impressive body of unclassified research can be accessed by merely subscribing to journals of mathematics and computer science. For example, the most thorough approach towards computer security, called Kerberos, was developed for the Unix operating system at MIT in the 1980s.


Caution!! Controlled munition
Do not export from the US

print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>

Many thinkers in the US oppose the ban on export of encryption software on the grounds that it violates human freedom. Many idealists have devoted considerable effort to subverting US laws, on principle. I will cite two fascinating examples here:

The ubiquitous web browser can be a powerful channel for financial transactions if it supported strong encryption. However, strong encryption methods cannot be exported from the US. Hence the browsers exported by US firms are forced to ship with crippled encryption. On 1 Apr 98, Netscape went "open source" by publicly disclosing its source code. A team outside the US worked on putting strong encryption back into this code. You can download Netscape with strong encryption, which you can't get from any US vendor (e.g. Microsoft).

The focus of development of unclassified encryption software has now moved outside the US. In India, Dr. Anand Soman of Signa Labs, in Poona, is an authority on encryption, and produces high quality implementations of unclassified methods.

Hence, we may answer Vittal's concerns as follows. Yes, software obtained from US firms is crippled where encryption is concerned. However, unclassified research into cryptography is alive and well, and when the best techniques fit on a Tshirt, it is impossible for the NSA to block their spread. Complete source code for the best unclassified encryption methods known are available in open source, and from non-US vendors such as Signa Labs. This is an area of active open source development, for applications such as web browsers, financial transactions on the Internet, and the desire to write email which nobody - not even the NSA - can snoop on. Search for "encryption" on freshmeat, and on TBTF.

These efforts are the vehicle through which strong encryption should be applied into securities markets and banking in India. NSDL is working on putting strong encryption into all depository transactions, and RBI will face similar issues in building the payments system. The problems that RBI and SEBI should address are (a) to standardise algorithms and data formats in a vendor-neutral fashion, and (b) establish "key management infrastructure", for use by the entire financial sector so that any citizen of India would be able to do all financial transactions using one single key.

The great mathematician Felix Klein once said that the best reason for working in a branch of mathematics called "Number Theory" was that it had no practical use. It is one of the great ironies of history that cryptography is all applied number theory. Hence, Klein's "most useless" branch of mathematics has now become prime military technology, a vital piece of machinery for rewiring the international financial system, and a device to strengthen democracy. We see how the hospitality of the US and England towards intellectuals, in sharp contrast with the attitudes prevalent in Nazi Germany, clearly helped them win the second world war. This is the best example of the practical benefits that flow from liberal values.

Back up to Ajay Shah's media page