[1999] in cryptography@c2.net mail archive
Re: secret history of the development of PK crypto
daemon@ATHENA.MIT.EDU (Steve Bellovin)
Wed Dec 24 12:19:49 1997
To: Phil Karn <karn@qualcomm.com>
cc: cryptography@c2.net, mab@crypto.com
Date: Wed, 24 Dec 1997 08:42:54 -0500
From: Steve Bellovin <smb@research.att.com>
Precise timing -- that's the key to my idea for a highly effective
PAL. First, design the weapon to make the firing sequence as
inherently complex and critical as possible. Vary the chemical
composition and detonation velocities of the various pieces of high
explosive so they have to be detonated non-simultaneously. Then store
all of the required timing data in encrypted form in the weapon's
memory. Better yet, encrypt *everything* (program and data) except for
a small bootstrap that accepts an external key and decrypts everything
for firing. Include this decryption key in the "nuclear weapons
release" message from the "National Command Authority" (I've always
loved that military terminology!)
A number of us, myself included, have come up with the same design
independently. I would also use different explosives in different
bombs, so that each had a different timing sequence.
I'm not sure how public key cryptography is especially helpful here,
as conventional encryption would work just fine.
I can see several reasons. The most compelling, I think, is what Bill
Stewart pointed out -- it provides more protection against reverse-
engineering. There are also likely advantages in terms of key management,
as with any other use of public key crypto.
The most intriguing answer, though, may come from Weisner's memorandum
in support of NSAM-160. It says that "this equipment ... would
certainly deter unauthorized use by military forces holding the weapons
during periods of high tension or military combat". In other words,
non-repudiation -- a classic use for public key crypto -- was important;
if a bomb is used, they (or their heirs, or civilization's heirs...)
want to know who ordered it. Pending declassification of the rest of
the memo, I suspect that this is the crucial seed that led to the
invention of public key cryptography at NSA. (I should note that
the quoted sentence is right in between the two largest "sanitized"
section of the memorandum...)
