Whitfield Diffie

 

Public-key cryptography pioneer Bailey Whitfield (“Whit”) Diffie was born in 1944 in Washington, D.C.  His father, Bailey Wally Diffie was a professor specializing in Iberian history at City College of New York. His mother, Justine Louise Whitfield, was a writer and scholar who passed away while he was in high school. He grew up in a Jewish immigrant neighborhood in the Queens borough of New York City, a liberal environment that helped to shape Diffie’s longstanding counter-cultural ethos. During his youth, Diffie read books on cryptography and had a deep interest in mathematics. Despite unremarkable grades, Diffie strongly impressed those he encountered with his deep intellect and was admitted to MIT where he completed his B.S. in Mathematics in 1965. [6]

To avoid being drafted for the Vietnam War, Diffie then accepted a job offer from the MITRE Corporation, one of the (nonprofit) Federally Funded Research and Development Centers (FFRDC) that could shield employees from military service. Diffie worked under mathematician Roland Silver, and co-developed a symbolic mathematical manipulation software system/package that (through the work of Carl Engelman, William Martin, and Joel Moses) evolved to become Macsyma (an influential computer algebra system).   Diffie was a “resident guest” researcher at MIT’s Project MAC’s Artificial Intelligence Laboratory, founded by renowned artificial intelligence scientists Marvin Minsky and John McCarthy, spending more time there than at the MITRE complex in Bedford, Massachusetts. [6]

Diffie discusses the relationship of his interest in cryptography to the counterculture and to MIT’s Multics operating system.

John McCarthy, who had departed from MIT for Stanford in 1962, invited Diffie to join the Stanford Artificial Intelligence Laboratory, SAIL, in 1969. Now too old to be drafted, Diffie left MITRE and the MIT AI Lab for California, where he felt more culturally at home.   Diffie often had discussions with McCarthy about computer networking, electronic keys, and electronic authentication—Stanford was one of the four original hubs of the ARPANET in late 1969. These experiences at Stanford and MIT (home to  Whirlwind/SAGE, CTSS, and Multics) helped to lay the groundwork for interactive computing, and provided an ideal background for computer networking and security. [1, 6]

Diffie carefully read David Kahn’s The Codebreakers: The Story of Secret Writing, a book that had a profound influence on him and his ever deepening interest in cryptography as well as his evolving ideas on the importance of privacy. On travel back to the Northeast, Diffie reconnected with his friend Mary Fischer in New Jersey. Her marriage was faltering and she soon became Diffie’s partner and later his wife.  She was his companion on his frequent travels in 1973 and 1974 to meet with other scientists with a deep interest in cryptography.

Reading David Kahn’s book caused Diffie to leave Stanford and devote himself to the independent study of cyptography.

It was in this span that Diffie became particularly interested in one-way functions.  He visited the Thomas J. Watson Laboratory in Yorktown Heights to meet with the cryptography research team that included Horst Feistel, Alan Konheim, Alan Tritter, and others. Konheim suggested Diffie get in touch with Martin Hellman, a professor at Stanford University with similar interests who had visited the IBM research lab and cryptography group recently. [5]

In the fall of 1974 Diffie requested a meeting with Martin Hellman.  What was planned for a short early afternoon meeting expanded to a rich discussion over many hours that continued through dinner at Hellman’s house and deep into the evening. Shortly thereafter Diffie began working with Hellman (taking a programming job in the research group) and in the second half of 1975 took Hellman’s suggestion to enroll as a doctoral student at Stanford to work with him.  Diffie was enthralled in the intellectual pursuit to conceptualize what became public-key cryptography, but chose not to follow through with all of the necessary bureaucratic hurdles, classes, and requirements to completing a doctoral degree. [5]

In 1975 Hellman and Diffie became aware of a similarly-focused individual, Ralph Merkle.  Merkle was a student at the University of California-Berkeley working on a protocol for public-key cryptography, who back in 1974 had formulated what became known as Merkle’s puzzles, a substantial contribution to key distribution of public-key.  As Diffie later reflected, however, he and Hellman recognized they had “a far more compact solution to the key distribution problem than Merkle’s puzzles…”  Further, Diffie wrote that Merkle’s subsequent “trap-door knapsack system…[did]…not lend itself readily to the production of signatures.” Nonetheless, these early contributions led Diffie to reflect on Merkle as “possibly the most inventive character in the public-key saga,” and Hellman to later argue public-key credit should be to Diffie-Hellman-Merkle. [1, 5]  

Diffie and Hellman cited Merkle’s work as a submitted paper in their path-breaking “New Directions in Cryptography” paper (presented in 1975 and published the next year). In this paper Diffie and Hellman conceptualized and explained a full public-key cryptosystem with message authentication.  Their article began, “We stand today on the brink of a revolution in cryptography,”—a revolution their mid-1970s insights were foundational to bringing to fruition in the years and decade’s ahead. [2]

Diffie describes his work with Martin Hellman to write “New Directions in Cryptography.”

Diffie-Hellman’s public-key is an asymmetric cryptosystem that relies on one-way functions (mathematically far easier to compute in one direction than the in reverse)—the product of very large prime numbers exceedingly difficult to factor—to allow parties to share their public-key but not their mathematically-linked private-key. This can facilitate secret communication between individuals who have not met and it can authenticate the message sender (digital signatures). [2] *

Diffie explains the concept of public-key cyptography.

Diffie-Hellman public-key cryptosystems concepts were implemented by MIT scientists/mathematicians Ronald Rivest, Adi Shamir, and Leonard Adleman with their pioneering RSA algorithm (first released in 1977). They jointly received the 2002 ACM Turing Award for the RSA algorithm and its impact on cryptography in practice. The RSA algorithm was the basis for the company Rivest, Shamir, and Adleman founded in 1982, RSA Data Security. In the mid-1980s, after some early struggles with finances and management, James Bidzos became the president and CEO of RSA Data Security, a position he thrived at and held until retiring in 1999. Bidzos also served as the Chair of the Board of Directors of RSA Data Security 1995 spin-off—for certifications or digital signatures—Verisign, Inc. [8]

A form of public-key cryptography had been conceptualized in the 1969 to 1970 timeframe by Great Britain’s intelligence agency GBHQ’s James Ellis.  In 1973 GBHQ  mathematician Clifford Cocks invented an algorithm for its implementation. And a past National Security Agency Director, without providing any details, “pointed out that two-key cryptography had been discovered at the agency roughly a decade earlier…” than Diffie-Hellman’s 1976 paper. [1] This highlighted the importance of researchers in the open (non-classified) community, as the work of Diffie, Hellman, Merkle, Rivest, Shamir, and Adleman, as well as businessman James Bidzos, greatly enhanced possibilities for secure communications and digital authentication; the work at GBHQ and NSA did not.

Back in 1977 Hellman, Diffie, and Merkle filed a patent for “public-key cryptography,” which was granted (US Patent 4200770) in April 1980.  Stanford Ph.D. and UCLA Electrical Engineering Professor Jim Omura obtained a license to use the Diffie-Hellman-Merkle patent (held by Stanford University) for his startup company Cylink that produced a silicon chip implementation of public-key in the early to mid-1980s. By 1984 Cylink was selling this hardware implementation to large corporations and some departments and agencies of the U.S. federal government (competing against RSA Data Security—Stanford had sublicensed the Diffie-Hellman-Merkle patent to MIT).  Other than Cylink, most enterprises focused on MIT’s RSA patent granted in September 1983 for implementation of public-key cryptography. [6, 8]

In December 1978 Diffie became the Manager for Secure Systems Research at Northern Telecom in Mountain View California.  In his dozen years in this post, he maintained a center for expertise in advanced computer security for Northern Telecom, Bell Canada, and Bell-Northern Research (the R&D joint venture of Northern Telecom and Bell Canada). This included designing the key management architecture for Northern Telecom’s PDSO security for X.25 packet networks.

In 1991 Diffie left Northern Telecom to become the Chief Security Officer for Sun Microsystems, where he was both a vice president and a Sun Microsystems Fellow. During his time at both Northern Telecom and Sun Microsystems, he was a frequent presenter at computer security conferences and published a number of articles and book chapters on cryptography and its contexts. From his co-published (with Martin Hellman) early critiques of the Data Encryption Standard forward, Diffie has been a policy advocate for rights to private communication—with strong and widespread public-key cryptography as a primary tool and goal. In the early 1990s and beyond he testified before various subcommittees of the U.S. House of Representatives and the U.S. Senate on issues of computer security, cryptography, and privacy.

Diffie co-wrote the book Privacy on the Line: The Politics of Wiretapping and Encryption (1998) with Susan D. Landau. This broadly accessible and influential study placed relatively recent issues—from early public-key, the DES key length debate (resulting in the compromised 56-bit key length), the Clipper Chip (NSA cryptographic device facilitating private communications with the exception of the NSA/U.S. government intelligence having the key) to policies and practices in the 1990s—within the longer historic context of cryptographic systems and wire-tapping to explore topics of law enforcement, national security, privacy protections, and public policy. [3]

From 2009 to 2012 Diffie served as a Visiting Scholar and Affiliate at Stanford University, and then became a Consulting Scholar for Stanford’s Center for International Security and Cooperation. Among his many honors and awards he was the recipient of the Golden Jubilee Award for Technological Innovation from the IEEE Information Theory Society in 1998 and co-recipient (with Hellman and Merkle) of the IEEE Richard W. Hamming Medal in 2010.

Author: Jeffrey R. Yost

Summary of Diffie-Hellman Public-Key

As they explain in their landmark paper:

In a public-key cryptosystem enciphering and deciphering are governed by distinct keys, E and D, such that computing D from E is computationally infeasible (e.g. requiring 10¹⁰⁰ instructions).  The enciphering key E can be disclosed [in a directory] without compromising the deciphering key D. This enables any user of the system to send a message to any other user enciphered in such a way that only the intended recipient is able to decipher it….The problem of authentication is perhaps an even more serious barrier to the universal adoption of telecommunications for business transactions than the problems of key distribution…[it]…is at the heart of any system involving contracts and billing. Current electronic authentication systems cannot meet the need for a purely digital, unforgeable, message dependent signature. [2]

By convention, cryptography characters “Alice” and “Bob” (seeking secure communication) frequently are used to explain public-key. Alice and Bob agree on large integers n and g with 1< g< n.   The selections impact the security of the system.  “The modulus n should be a prime; more importantly (n-1)/2 should also be a prime…and g should be a primitive root mod n…[and]...n should be…at least 512 bits long.” [7] The Diffie-Hellman protocol can be stated in basic form in 5 steps. [7]

(1)    Alice choses x (a random large integer) and computes X=g^x mod n

(2)    Bob choses y (a random large integer) and computes Y=g^y mod n

(3)    Alice sends X to Bob, while Bob sends Y to Alice (they keep x and y secret from each other)

(4)    Alice computes k = Y^x mod n

(5)    Bob computes k’ = X^y mod n