PROPHET OF PRIVACY He took cryptography out of the hands of the spooks and made privacy possible in the digital age, by inventing the most revolutionary concept in encryption since the Renaissance. Steven Levy decodes Whitfield Diffie _________________________________________________________________ The heat on this steamy June day is oppressive, but Whitfield Diffie doesn't seem to notice. He strides across the street from his hotel to the Washington, DC, Convention Center like a smart bomb homing in on a bunker. He has prepared for the Armed Forces Communications and Electronics Association Expo and Convention with his usual compulsive vigor. Some days before, in his office at Sun Microsystems Computer Corporation in Mountain View, California - where he holds the title of distinguished engineer - Diffie examined the list of exhibitors and methodically charted a course through the convention center that would take him past every vendor or organization that offers something related to the field he has helped revolutionize: cryptography. Diffie is quite at home in Washington. In the past 15 months he has testified three times before Congress and participated in a blue-ribbon panel on the future of crypto. This swing started two days ago, on his 50th birthday. He celebrated by having a quiet dinner with his wife, Egyptologist Mary Fischer. The following day he denounced the Clipper Chip at a conference organized by the Electronic Privacy Information Center. Now - accompanied by a small entourage of authors, including David Kahn (The Codebreakers), Bruce Schneier (Applied Cryptography), and me - he is ready to hit the convention floor of the Armed Forces show, where the theme of the day is "Digitizing the Battlefield." Even if he weren't leading a crew of cypherscribes, Diffie would cut an imposing figure. From the neck down, he fits the conservative mode of the bureaucrats, techies, and spooks in attendance: blue suit with a neatly knotted tie over a blue shirt. But hovering over the suit are piercing blue eyes framed by shoulder-length blonde hair and a beard worthy of Buffalo Bill. Then there's his unforgettable voice: Diffie speaks in a cutting tremolo that heightens the effect of his words, which are often already provocative. Diffie has a chance to exercise these vocal proclivities as he jaunts from booth to booth, happily bantering with the purveyors of surveillance systems, crypto-protected jeep communications, and "situation awareness" helmets with built-in quanta-ray sensors. At one modest display he jokes, "For an outfit of your formidability, you've managed an economical booth." The exhibitors wilt. At another booth he is offered a chance to try out an encryption-equipped walkie-talkie. "Presumably, we'll discover it works just fine," says Diffie, refusing the demo. Then Diffie reaches Booth 660, let by the National Security Agency. The agency is the world's largest repository of information about cryptography and usually operates under total secrecy. In these aprŠs Cold War days, however, the agency has been experimenting with a more public posture, and at the conference it has fronted two booths: this one, with its banner proudly unfurled, and an exhibit room off the show floor. A helpful NSA employee shows Diffie and company to the latter. It's hardly different from any other vendor's operation at a high-tech convention - except that visitors must provide social security numbers and proof of US citizenship. The room is filled with several elaborate demos of cryptosystems running off PC nets. Diffie examines a system that allows several levels of encryption to coexist on a network. The young agency technician running the demo is obviously bright, perhaps even a bit haughty as he runs the system through its paces. As Diffie turns away, someone asks the technician if he recognized that bearded fellow. "Who?" the technician asks. "That's Whitfield Diffie. He invented public key cryptography." The technician's eyes widen to the size of video monitors. For a second he is paralyzed. Then he bolts forward. "Dr. Dif-fffffie...," he shouts, "Dr. Dif-fffeeeeee..." When he catches up, his attempt to describe his awe comes out in a jumble. For a moment it looks like he might outstretch his arms and execute knee-bend bows, … la Wayne and Garth: "I'm not worthy!" It was in 1976 that Diffie and Stanford University electrical engineering professor Martin Hellman blew open the cryptographic world by announcing a new way to protect secrets: the public key. It was a profound discovery; historian David Kahn (still in tow as Diffie leaves the booth) called it "the most revolutionary new concept in the field since the Renaissance." A pursuit formerly limited to the domain of spies, diplomats, and the military now had the potential to enhance the privacy of the masses. Public key has the potential to change the way we work, even the way we live. Compared to ordinary encryption, public key is a type of magic. By splitting the scrambling-and-descrambling "key" into two components, a widely distributed public key and a closely held private key, it enables users to communicate in complete secrecy with people they've never met. And when that person replies, only the user will be able to read that message. Even more remarkable, it makes possible a "digital signature," assuring that an electronic message was generated by the person who claims responsibility for it. Together, these features allow us to create new forms of digital commerce with an unprecedented level of privacy. These possibilities also present a challenge to government, particularly to the NSA, which is accustomed to controlling the nation's cryptosystems. As cryptography slips into the mainstream, the agency is faced with a dramatic reassessment of its mission. And looking over the agency's shoulder is Whit Diffie, who has emerged as a passionate and public critic of government cryptographic policy. His eloquence alone would make him a formidable figure in the debate over whether the feds should limit the spread of crypto, but his credentials make him a figure truly to be reckoned with. "I would say he is the elder statesman of cryptography," says Jim Bidzos, president of RSA Data Security. "Few people have the kind of insights he does." Yet at one time, it looked like Diffie might slip into obscurity as an eccentric hacker who never made much of his genius for math and his laser-focus mind. As his wife tells it, on the very eve of the historic discovery of public key crypto, Diffie was virtually despondent. "He was telling me that he should do something else," recalls Mary Fischer, "that he was a broken-down researcher." This was 1975. Diffie was 31, with only a bachelor's degree, and he had reached a point in life where, he says, "I was worried that I wasn't particularly remarkable as a programmer and that my lot in life would get progressively worse if things continued going as they were." All his life Diffie had jigged in perfect cadence to an internal tune, heeding little of convention. Had the music led him to a dead end? Whit Diffie, it seems, had always been different. Born in 1944, he was the sole offspring of Bailey Wallace Diffie and Justine Louise Whitfield. They had met as foreign service workers in Madrid in the 1920s and married in Paris in 1928. Diffie senior became a City College of New York history professor specializing in Iberia and its colonies, and Whit grew up in Queens, in perhaps the only atheist Camelite household in a mostly Jewish neighborhood. "One of Whit's oldest friends told me he had an alternative lifestyle at age 5," says Mary Fischer. Diffie didn't learn to read until he was 10 years old. There was no question of disability; it was obvious he was a bright, curious child. He simply didn't read, and no one considered it a horrible problem. During the fifth grade he spontaneously worked his way through a tome called The Space Cat and immediately progressed to one of the Wizard of Oz books. Later that year, his teacher at PS 78 - "Her name was Mary E. Collins and if she is still alive I would like to find her," says Diffie - spent an afternoon on the subject of ciphers, and Diffie was so taken he had his father check out all the cryptography books in the City College library. But his code mania soon faded, and he pursued other interests - castles, camouflage rockets, and poison gases. (As late as his junior year in high school, he considered a career in the military.) Diffie also became interested in math - "I thought of myself as a mathematician in high school," he says. At the Massachusetts Institute of Technology, he harbored contempt for computers - he thought himself too pure a mathematician to have much truck with them. This began to change after he earned his degree in 1965. The Vietnam War dampened Diffie's military enthusiasm, and he became a self-described "peacenik," with no desire to deploy the armed rockets and poison gases that had entranced him in his youth. Like many, he found a way to avoid the draft - working for a defense contractor. It was the Mitre Corporation, a Massachusetts systems engineering company that worked for the Defense Department. The job was a plum - while technically a Mitre employee, he would write LISP code at the MIT Artificial Intelligence Lab. There Diffie was exposed to the best computer hackers in the world. By the time he left Mitre in 1969, Diffie was over his contempt for computers. Ever since his freshman year at MIT, though, when he spent the summer in Berkeley, Diffie had been pining to move west. "I hung out with the red diaper set in New York, the frontier of the sexual revolution. I'd been used to having a full social life - folk singing parties and stuff like that. There were such scenes in Cambridge, but I fell in with what was easy: hanging out with these guys at MIT's East Campus - with 25 women in a class of 950, it was a Boy Scout camp. But when I went back to Berkeley, immediately I was in among what I thought of as the real people. I have always believed the thesis that one's politics and the character of one's intellectual work are inseparable." Diffie got his chance to go west when he heard that artificial intelligence pioneer John McCarthy was interested in a mathematical problem that fascinated Diffie: proof of correctness of programs. Diffie was hired to work at Stanford's Artificial Intelligence Lab, where McCarthy was a professor. But he now conjectures, "In his view, McCarthy probably hired me as the LISP system programmer." Nonetheless, Diffie's work in proof of correctness (funded, ironically, by the NSA) apparently met with McCarthy's approval. Then McCarthy, in essence, lost Diffie as a worker by urging him to consider crypto once more. Diffie's long-dormant penchant for cryptography was quickly rekindled, and he began working on crypto obsessively. There areious. I felt that if I could just get to the bottom of this it would somehow be incredibly satisfying." Diffie poured over David Kahn's 1,164-page 1967 opus, The Codebreakers. "It must have taken me a year to read it," he says. "I read it more carefully probably than anyone had ever read it. It's like the Veda - in India if a man loses his cow, he looks for it in the Veda. In any event, by the spring of 1973, I was doing nothing but cryptography." Diffie took a leave from the AI lab and embarked on an epic sojourn to discover cryptographic truths. It was a lonely quest. True, NSA headquarters at Fort Meade, Maryland, was teeming with people working on these problems, but all the results were classified. Precious little information about the subject existed in the public domain. If someone did publish something, or try to patent a cryptographic innovation, the agency might attempt to classify that information. "My attitude was to keep my head down at first," says Diffie. For two years, Diffie crisscrossed the country in a Datsun 510. He hit every library that might have some information and attempted to talk to anyone whose ideas might inform his own. Some people refused to talk to him. But the journey helped in establishing the key problems Diffie needed to tackle in cryptography. (Besides, the trip wasn't all cryptography: he managed to take in several Skylab launches and, most significantly, to hook up with Fischer, who became his traveling companion.) When Diffie and Fischer finally returned to the West Coast in the fall of 1974, Diffie heard about a Stanford prof named Martin Hellman who was also interested in crypto. Diffie gave him a call; Hellmon that it came from a certain person, in the same way a written signature indelibly identifies a document? Pondering some ideas that came from techniques in military "identification friend or foe" systems, and combining them with an innovative scheme of protecting computer passwords using a mathematical technique called one-way functions, Diffie came up with a method to solve the authentication problem - a true digital signature. Two weeks later, he realized that by cracking that puzzle, he had also uncovered a way to solve the encryption problem - an amazing solution that used not one but two cryptographic keys. He clearly remembers that day in May 1975. He and Fischer were living in John McCarthy's house, with the understanding that Diffie would act as a househusband, taking care of McCarthy's daughter and watching the house, while McCarthy was on leave. His routine at the time was to fix Mary breakfast before she went to work at her job analyzing geologic findings at British Petroleum. Then he would spend the rest of the day alternating between domestic chores and research. Sometime during that afternoon he altered the course of cryptographic history by "splitting the key." "The thing I remember distinctly is that I was sitting in the living room when I thought of it the first time and then I went downstairs to get a Coke and I almost lost it," he says. "I mean, there was this moment when - I was thinking about something. What was it? And then I got it back and didn't forget it." That night, he went over to Hellman's and told his collaborator about the idea. Hellman recalls during the brief conversation that he first thought Diffie's heretical idea "was a little bit crazy." But as he thought about it later that night, he beganing jobs with either of the two most common employers of cryptographers - the government and academia. In 1978 he took a job as manager of secure systems research for Northern Telecom, the Canadian equivalent of Western Electric, working in its laboratory in Mountain View, California. One of the best pieces of work he did there was designing a secure phone system; it never saw commercial use, but part of its design became the heart of an innovative product called PDSO, or packet data security overlay, used to provide end-to-end security between hosts on packet data networks. In 1991, Diffie moved to Sun Microsystems, where he became a sort of internal consultant, a companywide resource on security issues. And, of course, a crypto researcher. "You know, I never know exactly what I do," Diffie says of the latter work. "I mean, every now and then, of course, I produce something, so I can say, 'I did that,' but most of the time Ictually need them. Prior to Aldrich Ames, two of the most damaging spy scandals of the last 20 years in the US - Boyce and Lee at TRW and the Walker ring in the Navy -- resulted from the fact that keys existed for longer than they needed to exist, and somebody got a chance to siphon some of them off. If you use public key correctly, particularly in interactive channels like telephones, you can avoid having this hazard. The keys exist only in the equipment, only for the duration of the call, and after that they go away. And so key escrow is just rescuing a dreadful vulnerability." (For more on public key encryption, see "Cypher Wars," page 129). The Clipper Chip is even less attractive, says Diffie, when one considers who's pushing it. "We're moving our society into a telecommunications environment. I think security mechanisms are fundamental social mechanisms, and what is needed is widespread trust in them - but there's no trusting secret mechanisms designed by an organization most of whose budget goes to spying." One would think that this sort of talk would place Diffie's picture at the top of an NSA enemy list. But relations between the agency and its most eloquent opponent are cordial. Clinton Brooks, an important architect of the NSA's key escrow scheme, has worked with Diffie on the Association of Computing Machinery's panel on crypto policy. "We came to this from quite different perspectives," says Brooks, with some understatement. "During this experience, my esteem and regard for Whit considerably increased. I found him open, considerate, and eager to listen to others' points of view." The respect is mutual. Even Diffie has tempered his opinion of the organization. "I started out being very antagonistic to them, but after a decade of studying their technology and history, I came to like and respect them much more. I believe I recognize and have for a long time been sympathetic to NSA's goals. I think from a purely nationalistic point of view those goals are certainly understandable. That does not mean that there are not other objectives that seem even more important. Personal privacy certnd beyond and laid out the Clipper controversy in dazzling context. Crypto, he argued, will not upset the balance of power by giving the individual a huge edge over the government - instead we should see it as one of the few resources available to the individual who wants some privacy. "It has been thoughtlessly said ... that cryptography brings the unprecedented promise of absolute privacy," testified Diffie. "In fact, it only goes a short way to make up for the loss of an assurance of privacy that can never be regained." In the flurry of concepts, however, few appreciated the resonance of Diffie's opening sentences. They summed up Whitfield Diffie's progress since he began his quest more than two decades ago. "I first began thinking about cryptography in 1972," he testified. "My feeling was that cryptography was vitally important for personal privacy, and my goal was to make it better known. I am pleased to say that if I have succeeded in nothing else, I have achieved that goal." In spades. _________________________________________________________________ Steven Levy (steven@echonyc.com) is a Fellow at the Freedom Forum Media Studies Center. He is author of Hackers, Insanely Great, and other books. _________________________________________________________________