Intervista a Michael Marotta autore di "The code book"
"Codici, Cifrari e Tutela dei Dati"
Da "Loompanics' Greatest Hits", Loompanics Unlimited, USA, 1990
Nell'intervista si illustrano alcune note tecniche criptografiche soffermandosi sia sulla loro sicurezza che sulle possibilità, soprattutto in considerazione dell'attuale enorme potenza e diffusione dei computer, di essere forzate. Si sottolineano infine gli usi politicamente antagonisti che le varie componenti della società fanno di codici e cifrari.
Oltre all'articolo di Marotta presentato in questo stesso numero di MN consigliamo al lettore interessato ad un approfondimento specificamente matematico-informatico dei principali problemi collegati alle tecniche di criptografia i seguenti articoli divulgativi:
M. Ellman - Crittografia a chiave pubblica - Le Scienze n136
D. Chaum - La difesa crittografica della privacy - Le Scienze n.290
nel primo dei quali viene anche fornita un'analisi relativamente dettagliata per l'implementazione di algoritmi di codifica/decodifica secondo le tecniche kapsack e RSA.
E' infine importante ricordare il manuale, fondamentale ma di non facile accessibilità:
Modern Criptology: A tuturial
Lectures Notes in Computer Science n.325 - 1988
"CODES, CIPHERS AND KEEPING SECRETS"
A Special Interview with Michael E. Marotta author of
THE CODE BOOK
Loompanics. What is an unbreakable code? Is there really such a thing?
Marotta. Like the perfect circle or the line with no width, the unbreakable code is a goal, an idealization. Any code can be broken given time. Some codes are just less breakable than others.
Loompanics. To what extent?
Marotta. I just finished re-reading The Hidden World by R.A. Haldane. He says that many German ciphers from WWII are still unbroken. Of course, the need to break them is gone, so I guess the Germans won those little battles, though they lost the war.
Loompanics. Because of the loss of Enigma's complete secrecy.
Marotta. Yes, three separate Enigma machines were recovered by the Allies during the course of the war. Enigma was the primary method tor encrypting high command traffic. Still, many battlefield ciphers maintain their integrity to this day.
Loompanics. How can codes and ciphers be broken without the key?
Marotta. Ciphers, being transpositions or substitutions are relatively easy to break. But even codes can be broken. The important thing for the code breaker is to have a good volume of material to work with; the code breaker looks for repetitions. The random number pads which are explained in The Code Book are one way around this. The most important thing to remember is to keep your messages short and to change your codes.
Loompanics. That isn't always easy. For instance, if we were to encode our mailing list, we would produce a very long list with lots of repetitions in zip codes or common last names.
Marotta. Right. A formula for a new kind of plastic would be loaded with C's, H's and O's. The main thing to keep in mind is that what one person can do another person can undo. All you can hope for is to buy time. Yardley's book The American Black Chamber is full of autobiographical boasting on how various codes and ciphers fell to his powers from 1917 to 1929. He called his ability "cipher brains;" many are called, but few are chosen as regards the ability to undo ciphers and codes.
Loompanics. But the random number methods get around the problem of repeating words and phrases, don't they?
Marotta. Well, yes and no. Look, if you use a truly random method, like the I.C.C table or compiling the prices of stocks by company listed alphabetically, you have a good random number base. But most random number methods are actually pseudo- random and so the basic method can be teased out if the message is long enough. Like your mailing list, or the production plans for.a new plastic. For a short message, say 25 words or less, the pseudo-random and random methods are both good and secure.
Loompanics. You recommend some methods which go back five hundred years. Isn't it true that only the newest methods are impenetrable?
Marotta. Of course not. In fact, the newest methods are the ones everyone is interested in. Take the Data Encryption Standard used by the National Bureau of Standards. There is already a book out which goes through a bit-by-bit explanation of how the DES works. Given a computer and a smart programmer with plenty of time, the DES is just wide open. On the other hand, if your enemies, so called, are not hip to codes and you use a secure method of ciphering and transposing and count on this to hold for only a few weeks, well, you win.
Loompanics. Why use ciphers at all, when codes are more secure?
Marotta. Ciphers are far easier to operate. There are always trade-offs. You can encipher a message through several twists and turns in a few minutes. A long message might take an hour to encode, or even longer. Time is money. Ciphers are just as secure as Yale locks; codes are like guards at the door. How many people hire a guard to sit on their front porch?
Loompanics. How unbreakable are other methods which have been developed since the end of WWII?
Marotta. The hottest developments have been the "public key" systems developed at MIT by Rivest, Adleman and Shamir. The "public key" system worked out at Stanford by Hellman, Diffie, et al., was recently laid bare by Shamir and Adleman. Shamir was working for the Weizmann Institute at the time and his work was a matter of mathematical insight. Interestingly, the demonstration carried out by Adleman of Shamir's work was done on an Apple ll tabletop computer. The Apple ll runs about $2000 including screen and disk drive, so you see how cheap it can be to break a good code.
Loompanics. How secure is the RSA method which was developed by Ronald Rivest and his cohorts at MIT?
Marotta. They claim that it would require over 70 years of machine time to break a cipher created with a key 100 digits long. And the time factor increases exponentially. I think they claim that several thousand years of machine time would be necessary to break an encryption which uses a 300 digit number as the key.
Loompanics. Then these are very good.
Marotta. Yes, as far as they go. Realize that most people consider 70 years to be a human lifetime. Now, you sell the book on life extension by Pearson and Shaw. They say they can double this figure, so the time required to break an RAS code is only about half a human lifetime. Moreover, the newer tabletop computers are coming out with dual processors. For instance, a 6502 and a Z80 chip for the two CPU's. So we now have machines which can run in parallel with each side communicating to the other. That changes the picture some. Of course, the other side of the coin is that with such a machine, you can create even more complicated encoding schemes.
Loompanics. /s it necessary to have a home computer to do encryption ?
Marotta. No. The Code Book stresses principles and some of these are demonstrated with computer programs. But to write a useful code, you don't need a computer. A paper and pencil driven by a cunning human are enough.
Loompanics. What use does the average person have tor codes and ciphers?
Marotta. Realize that the "average" person is a government employee or a welfare recipient. But any decent person can use codes and ciphers for the same reason that a decent person might want to lock the garage door or seal an envelope. In short, any information which has market value should be protected with an unbreakable code. Blueprints, product descriptions, computer programs, fashions, anything which might be of value to someone else.
The average Loompanics survivalist would want to keep secret the location of his retreat, stashes and caches, and so on. Coded messages are the only way that a true survivalist would want to communicate in writing.
Even on the everyday level in a sane society, I cannot over- emphasize the value of secrecy over a patent. There is no telling what you have that can be used against you or be used without your permission. Any new invention should be protected with data encryption.
Loompanics. What about the National Security Agency? Are you worried that they might try to stop you from writing on this subject?
Marotta. If they came to me with a restraining order, I'd take it as a compliment. They don't worry me. As long as the American people hold an arsenal larger than the government's, this will be a republic.
Loompanics. What about the future? What effect will coding have on the world as it develops over the next twenty years?
Marotta. First of all, I predict a decrease in government power as a result of encryption technology. Unbreakable codes really stop the snoopers cold. There is no way that a bunch of overpaid government clerks can keep up with what is about to happen.
The government claims that the number of patents is dropping significantly. I think there are two reasons for this. First of all, regulation has strangled enterprise; society is collapsing. Secondly, however, the underground culture or parallel economy is expanding and these business people are just not going to the patent office. I sure wouldn't.
As a result of all this, 1 see a backlash which will eventually put an end to secret information. Look at how often someone in prison diddles the IRS computers. Look at how often some ninth grader violates a data bank. No matter what locks you use there will always be a lockpicking method. Sooner or later, people in general will have direct access to everything in every computer with a telephone line. The IRS, IBM, ATT, Standard Oil, the USSR, none of them will be safe. The only safe information will be that which is truly private. Private in the sense of not leaving your lips or at least your home.
Loompanics. How widespread is coding today?
Marotta. Very. Indy-type race cars, pharmaceuticals, new fashions, the whole gamut of time-sensitive information with market value. Christmas toys are a good example of what I mean .
Look, you could use a simple substitution cipher, like A = Z, B = Y, C = X, etc., then write out your product description or production plan with it in groups of five letters. Then rotate it 90 degrees and be safe until July when it is time for the trade shows. You don't need a computer to keep the information safe and you don't have to be the CIA to want to do so. The best example I can think of is the formula for Coca Cola.
Only three people know the formula at any one time and no two are allowed to travel together. If they patented Coke, there would be a slew of copiers in no time. And Coke has been around a lot longer than tabletop computers. The cosmetics industry is in the same position. Just try to find the formula for Chanel No. 5. My grandmother wore it; my mother wore it; my wife would wear it too, but it's too Freudian. Chanel No. 5 is not patented. It is secret.
Loompanics. The newest encryption methods, such as the RSA are definitely suited to computers, even if they can be run by hand, which we understand can be tedious. What other methods would you suggest?
Marotta. I recommend making an enciphered message look like an innocuous plaintext message. Cardinal Richelieu did this and it is just as secure today as it was then. Anything else just shouts "CODE" at the interloper. The unauthorized reader of an encoded message, given that it is obviously a coded message such as a page of five-letter groups, has his work cut out, to be sure, but at least he knows that he must work. If a message appears innocuous, then the coding is perfect.
Second-best is a set of page numbers and line numbers -- the old "dictionary" code. Use any standard book. I believe that Atlas Shrugged looks today in paperback just as it did 25 years ago. The same would be true of the Bible, the Encyclopedia Brittanica, and so on. The important thing here is that these are true codes since they are impossible to break without a key. Even the system developed for the National Bureau of Standards which shuffles data against 56 bits of O's and 1's is in fact a cipher, a regular system of transpositions and/or substitutions. Shamir broke the Stanford "knapsack" method because it, too, was a cipher, not a code.
Loompanics. How about using several keys?
Marotta. Good point. Any code can be broken given time. What helps the codebreaker most is a great volume of encoded material. Changing code keys foils the interloper. So does brevity (the soul of wit). Also avoiding the frequency table. Never use the word "the" in an encoded message.
Loompanics. a code requires a key, how can it be broken without the key?
Marotta. By knowing something about the sender or receiver. I don't recommend Atlas Shrugged as a code key between libertarians. The Bible has been overused, so has the Oxford English Dictionary. You see, a cryptanalyst is paid to check these boring details. They work themselves silly because they love their work. They will shed pounds and develop nervous tics trying to break a code or cipher. You have to be one step ahead of them. The Cajori edition of Newton's Principia Mathematica is an excellent choice for someone who doesn't know physics from physiology. Asimov's Foundation trilogy, Tolkein's works, etc., etc. -- anything that is not part of your ordinary lifestyle.
Loompanics. How long do you think it will be before a new round to unbreakable codes comes out?
Marotta. I would say 20 years with lots of if s. Fundamentally, new ground will be broken by someone who grows up with the current level of technology, with the RSA method, the "knap- sack" function, the random number generators, the one-time pads, etc. Even so, as I said earlier, a simple cipher can work wonders for secrecy. It will likely be a long time before anything new comes along, but you never can tell.
Loompanics. But you think that in the long run, we will see an end to secrecy?
Marotta. An end to "public" secrecy, yes. People have a right to privacy. Frank Lloyd Wright called the right to privacy the hallmark of civilization. I can see, however, that the same technology which allows the private person the security of home and person is just the other side of the technology which will eventually open up all of the so-called "secrets" held by governments and government-like corporations. Anyone with a computer and a telephone will be able to find out anything they want to know. Period.
Loompanics. You mean like in John Brunner's Shock Wave Rider?
Marotta. Yes, but sooner than even he thought possible.
Loompanics. Where does it all end?
Marotta. Hopefully it never ends, right?
Loompanics. How does THE CODE BOOK compare to other new books on codes and computers?
Marotta. The new ones I have seen are long on computer programs and short on principles. You sell the old books by Lysing, Gaines and Smith. These are classics for a good reason. Encryption is a matter of principles, not specifics. I would be very disappointed in any Loompanics reader who uses The Code Book as is without making changes and improvements. It is the same as any other technology -- once you see an example of a new idea, you can improve upon it.
Loompanics. What have you added to the new edition?
Marotta. The "knapsack" functions developed at Stanford were broken. No other book out now mentions this fact. The widespread use of tabletop computers provided the impetus to add new chapters and again, I use the computer programs as a means of illustrating principles which have been developed since 1978. Anyone who can do long division can follow the methods which I outline in the second edition of The Code Book. Also, the new edition, like the first edition, is aimed at the individualist/survivalist, not at the computer hacker.
I have been scanning every magazine and book for five years now which even mentions the word "code." Some of what appears in the popular press is just gobbledegook. They try so hard to avoid technical talk that they say nothing of value. On the matter of the demise of the Stanford system, Science '82 was miles behind The Economist and the former is supposed to be read by "science-oriented" people, while the latter is for soft- headed Keynesians. The Code Book is for anyone who wants to learn about keeping information private.
Loompanics. Thank you for an interesting interview.
Marotta. It was my pleasure.