News
Computing Profession

Assessing the Impact of Cryptography on Internet Privacy

Posted
Martin Hellman (left) and Whitfield Diffie at the Heidelberg Laureate Forum.
Whitfield Diffie (right) and Martin Hellman, who received the ACM A.M. Turing Award for 2015, said they knew their development of the key exchange protocol was important, but they could not have fathomed the profound impact it has had.

In 1976, Martin Hellman and Whitfield Diffie published a protocol for a task that was deemed impossible up to that point. The key exchange protocol enables two parties who have never met to agree on a secret encryption key, without the need to physically transmit this key. This became the core of the protocol for secure communication via https webpages (both men agree their collaborator Ralph Merkle also deserves credit for his contributions to the protocol). 

Diffie and Hellman were awarded the ACM A.M. Turing Award for 2015 "for inventing and promulgating both asymmetric public-key cryptography, including its application to digital signatures, and a practical cryptographic key exchange method." Both attended the Heidelberg Laureate Forum in Germany this year.

At the weeklong conference, Hellman looked inconspicuous from a distance, but he was still a man with a mission, and therefore eager to engage with young researchers and laureates alike.

During my conversation with Hellman, we were joined by Diffie. Combining an aging rockstar's haircut with three-piece suits, he draws attention in a crowd and doesn't seem to mind, but he seemed less inclined to mingle than Hellman.

Diffie has worked for several IT companies over the years, and says today he is still doing cryptography "in a sense. I'm with a new company called Cryptic Labs, which supports blockchain applications." He's not working on new cryptographic algorithms for that firm, and age has nothing to do with it, Diffie says: "It's not a matter of being young. I think the market for what interests me, is not very good now. I have an interest in building better symmetric cryptosystems, but first, the problems I picked out for myself are difficult, and second, it's not like you would have any way of competing with the Advanced Encryption Standard unless you break that."

The Advanced Encryption Standard (AES) is now the default choice for symmetric encryption, and considered unbreakable for the foreseeable future. Adds Hellman, "So much effort now goes into certifying AES and making sure it is secure; it's hard to get attention for new algorithms."         

Diffie and Hellman knew their key exchange protocol was important, but could not have fathomed its profound impact. Hellman remembers, "We could foresee the computer and communications revolution better than most people, but I could not envision the Internet, or the smartphone. Even debit cards didn't exist then."

Their invention is now the backbone of the Secure Sockets Layer (SSL), the 'handshake' protocol by which two https websites establish a shared secret key and secure communication. It is indispensable for all online banking and shopping.  Jokes Hellman, "I actually played a key role in implementing this—for just a few minutes." In 1995, he recommended a student of his, Paul Kocher, for a summer job with early browser fim Netscape; Kocher was one of the architects of what is now the SSL 3.0 cryptographic protocol.

Hellman left the field of computer science long ago, focusing instead on his work for Beyond War, a coalition of people from academia and business that advocate the resolution of international conflicts without violence. "In 1945 the American mainland was totally secure from attack. We've spent trillions of dollars since to improve our national security, and we can now be destroyed in an hour."

Said Hellman, "In mathematics, when a logical line of reasoning produces an absurd result, that's proof that at least one assumption is false. So, we must re-examine our fundamental assumptions; specifically, the assumption that national security can be bought, or acquired, at the expense of other nations. We make the same stupid mistakes again and again, because we think we are the world's only remaining superpower, and think we are Superman."

Hellman said he would have an announcement to make related to his work with the coalition early next year. He acknowledges "The chance of changing the nation's thinking about national security is very small, so I will probably fail in my big goal, but if you set a big goal and have no chance of achieving it, you can still achieve a lesser goal."

For Americans worried about national security, particularly Russian hacking and meddling with elections, Hellman offers, "Better encryption, and better cybersecurity, will help, but nation-states have so much resources, they will always be able to hack into personal computers. Look at Stuxnet (a computer worm used in a targeted cyberattack on Iran's uranium enrichment facilities); people were flabbergasted at what was done there.

"Besides, the average person does not protect his computer very well, including me. For instance, I don't use PGP encryption. I've argued for 40 years that the best security is automatic, integrated, and transparent. Https is a good example."

Even without being hacked, people lose a lot of their privacy online, Diffie said. "I don't think perfect security mechanisms of any kind would solve people's problems with privacy."

Diffie characterized his long relationship with Hellman as "a real partnership in the sense that neither of us could have achieved what we have achieved without the other." Said Hellman, "I absolutely agree."

Both are in their seventies now and on different life tracks, so their contact had been minimal for quite a while. "One nice thing of getting the Turing Award," said Hellman, "was that it got us back into a much closer relationship again."

He added, "The ACM has done a wonderful job of establishing the Turing Award as a prestigious prize. I really appreciate getting it, because it has given me the possibility to sustain our work, together with my wife, on a more peaceful and sustainable world. And coming to the Heidelberg Laureate Forum has given me a lot of valuable connections that help with that."

Arnout Jaspers is a freelance science writer based in Leiden, the Netherlands.

DISCLOSURE:

The Heidelberg Laureate Forum (HLF) is an annual conference for mathematicians and computer scientists. Invited guests include all living winners of the Fields Medal, the Abel Prize, the Nevanlinna prize, the ACM A.M. Turing Award and the ACM Prize in Computing, as well as 200 young researchers from all over the world. The (HLF) organization covered the author's stay and expenses, but had no say in the topic or the text of this article.  

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More