3 Scholars Offer a Secure Way to Transfer Data

The ancient Sumerians, working in clay about 5,000 years ago, invented a couple of things crucial to the secure and private transaction of business and personal matters.

They were clay vessels to keep confidential the marks on clay tablets that comprised the business documents of the day, and clay seals that authenticated those tablets. Their equivalents in today’s world are envelopes, signatures, and notary stamps.

So far, none of those security devices has been successfully transposed into the digital world of computer data.

Three university professors, recognized as world leaders in the arcane science of cryptography, plan to change that.

They are about to introduce software for the IBM PC and compatible computers that will allow anyone to send securely encrypted computer files to anyone else, without ever having had prior contact with the other person.

The software also will allow a recipient to verify that what is received actually comes from the sender and has not been tampered with en route. What’s more, persons independent from the transaction will be able to authenticate the identities of the persons involved as well as certify the integrity of the data.

It would give computer data transfers the same high degree of security for which we now use notary publics, certified copies, registered mail and couriers.

Taught at MIT

The scholars are Ronald Rivest, a professor of computer science at Massachusetts Institute of Technology, Adi Shamir, an associate professor of applied mathematics at the Weizmann Institute of Science in Israel, and Leonard Adleman, a mathematics professor at the University of Southern California.

In 1977, when all three were teaching at MIT, they developed the RSA Public Key system of cryptography (named with the initials of their last names). MIT patented the system, and now its inventors have bought exclusive commercial rights from the school and have formed RSA Data Security Inc., headquartered in Redwood City, Calif., to market their product.

The RSA Public Key system is as simple as it is elegant. The key is a number used in a complex mathematical formula to scramble a computer file into gibberish. A key is also necessary to unscramble it back into its original form. (The file can be anything--a text document, a Lotus 1-2-3 worksheet, a computer graphic, even a computer program.)

The use of keys for encryption is an old concept. Most implementations of it require that the key be kept secret, available only to the sender and the receiver. That requires some way for one to give the other the key.

If you want to exchange coded information with lots of people securely, you would have to have a separate set of keys for each person, which quickly would grow cumbersome.

Rivest, Shamir and Adleman developed a public key by splitting the key into two components, one of which could be divulged to any and everyone. They based it on the fact that it is very easy to multiply two numbers and derive a product, but very difficult--given only the product--to decipher which two numbers were multiplied together to produce it.

In fact, if the numbers are very large, it is impossible to factor out the answer, even by the most powerful supercomputer running 24 hours a day. The system to be marketed will offer several levels of protection, using numbers ranging from 100 to 200 decimal digits in length.

Because the factors can’t be discovered, it is perfectly safe to publish the product half of the equation as the public key, listing it in directories just like telephone numbers and addresses for anyone to use.

The PC software, called Mailsafe, and selling for $250, will do a variety of things: It will let the user generate his or her own private and public keys and register the public key so that its proper use can be verified in the future if necessary (an electronic notary public).

It will encrypt a file to send to someone else using that person’s public key (creating an electronic envelope), and decrypt a file sent to you that was encrypted using your public key, (opening an electronic envelope).

Another function creates an electronic seal (or signature) to verify the authenticity of the file sent or received.

The program creates a 128-binary-bit coded digest (a series of ones and zeros) of the file’s contents, encrypts that digest using the recipient’s public key and appends that digest to the end of the file.

Sensitive to Change

At the other end, the recipient unscrambles the digest received, makes a new digest of the file with his own software and compares the two digests.

If they are not identical, the file’s contents have been altered during transmission. The coded digest is so sensitive that changing one character in a document will alter half the numbers in the digest.

If all this seems frightfully complicated, it’s actually very easy to do. The program makes good use of menus and graphic depictions to help you.

It takes only 150 kilobytes of RAM to operate and it’s reasonably quick--about one second per kilobyte of file length to scramble or unscramble on a PC XT, according to Barton O’Brien, RSA’s vice president for sales.

The program will come on a single disk when it’s released in June.

The target market is corporations, especially those with large local area networks tying their PCs together. Later this year RSA will introduce software to use its system on IBM mainframe computers.

O’Brien said the company welcomes telephone inquiries at (415) 595-8782, or by mail at 10 Twin Dolphin Drive, Redwood City, Calif., 94065.