LET'S TALK SECRET

by Robert Frenz

I know something which I wish you to know, but no one else. If you are a blabber mouth, then I defeat my purpose by revealing my secret. We'll assume then that you are worthy of being called my comrade and are hence, trustworthy.

I write down my formula and send it to you, since we live on opposite sides of the planet. Here is where a problem introduces itself. Suppose someone along the way gains access to this message? The secret between us is thus lost. I decide therefore to hide the formula using invisible ink or other such means. By one method or another, all invisible items can be made to reveal themselves. So, I leave the formula in the open, for all to see, but by clever transposition, or substitution, my "chlorate" becomes something else. The association, or transformation, is known only to us. Thus, in order to keep the formula secret, under the imposed conditions, we must impose new secrets, that is, how "A" becomes "B". This method of changing one thing into the other I shall call coding and avoid the distinctions which separate a code from an encryption and so on. While I am at it, I shall use the term random number to include everything including arbitrary, quasi-random and pseudo-random, which are only of interest to ghoulish mathematicians anyway.

We have 'input' which is the secret formula. We have 'output' which is the form of the formula you receive. The 'machine' is whatever is decided upon to do the processing. It may be a set of rules we carry in our heads, a code book, or a physical machine such as the "Enigma machine". The breaking of the German system during WW II was accomplished by using many man-hours, a wealth of messages, a traitor within the German population who supplied critical information, a subversion of cable connections also conducted by treasonous persons, and the capture of machines themselves. Without this plethora of accessories, no bank of brains can "crack" anything other than the most simple of codes.

True to the petrified notions which exist within the noggins of some, it has noted that coding machines are always captured. "So," the cement-brains burped, "why not make the machines available for all to see or even fondle?" In conjunction with mathematicians, the PGP (Pretty Good Protection) ballyhoo erupted upon the Internet scene and was seized upon by the tube-gawkers who really had nothing of importance to say anyway. I suppose that drivel, once encoded, therefore becomes valuable. Anyway, PGP relies upon more than one thing. First, it assumes that there is no way to factor very large numbers. If a way were found, then the whole system would collapse quicker than a minority designed bridge. Second, the secret message also needs other secrets. These are the secret "keys" which, simply stated, are the large numbers (character strings) which are used in the process. Since these numbers are large, no one would spend the months needed to use pencil and paper. Thus the reliance upon computers is demanded and computers depend upon electricity -- a taken-for-granted item which any sensible enemy, or terrorist, would make a priority target.

Secrecy has always appealed to men and boys. As a child, I was caught in the snare of the Little Orphan Annie code device. With it, one might get some foreknowledge concerning the outcome of the current 'cliff hanger'. This was a sort of prophesy and appealed to the same crowd who now listens to the doomsday stuff, Y2K, the messages "received from God" that the hucksters yap about, and so on and so forth.

If the workings of your coding machine, whether physical or mental, is not revealed, then the spy needs both input and output in order to determine the mechanism of coding. (Sometimes codes are cracked much in the way safe combinations are discovered -- by educated trial and error.) The output is usually available and that's an axiom upon which all secret messages are based. (If only the intended recipient ever received the message, then encryption would be superfluous.) If only one output (the coded message) was ever snatched, there is no way in heaven or hell to determine was the input -- the 'real' information -- was really about. It's easy to explain.

I want you to receive a very special number. What you receive is 48. Your nosy girl friend also obtains this number. She doesn't know that the 'real' number is and wants to learn of it. She knows not of the method which changed the secret number to a 48. The matter ends there and, of course, her curiosity could lead to many questions and considerations. Was 48 the product of 6 and 8?; 40 more than 8?; 1 less than the square of 7?; 1 less than twice the square of 5?; 50 less than 98? one-half of 96? Six questions yielded 6 different inputs. Let's do another.

You receive my message "zzzzzzzzzzzzz". Your girl friend remains puzzled as she does not know the mechanism -- the machine -- of the process. Let her daydream as long as she likes. The input, that is, the secret message, could be "I love Elaine". It also could be "mother Tucker". It all depends upon which machine, method, algorithm, etc., I choose to apply.

If a machine is secret, then it can be very simple. The simplest secure thing I can think of is to offset the character -- move forward or backward, position-wise in the alphabet -- by some random amount. Let's pick 'cat' for our message and 3,17 and 6 as our random numbers. We'll move 'c' forward in the alphabet 3 steps, thus arriving at 'f'. So, our 'cat' becomes 'frz'. Without the secret of the random numbers, the spy is merely whistling Dixie.

The bottom line is that a secret message inescapably involves another secret: how the message is transformed. As I have earlier mentioned, PGP does not need a secret machine but it does need secret keys and the extra clutter of public keys. Secret message, secret machine. Secret message, secret key. There is no escape from this necessary partnership.

A friend has a file which he desires to remain secret. He makes a diskette file which contains a set random offsets. He hides this key somewhere in his house and leaves the encrypted file on his hard drive. He is happy. He could have used some key phrase, a password if you please, to generate a set of 'random' numbers. He'd then have to hide this password, or keep it in his head. So, if he has to hide something, then why not the original and save all of that extra effort?

Security is a funny business. I once worked for Harry Adelman in his ice cream parlor. My closing directions included leaving about $40 in the cash register and bagging the remainder of the day's income and placing that sack underneath one of the 5 gallon ice cream containers in the freezer. The store was burglarized twice during my period of employment there, and only the cash register was broken into. The remainder of his funds were safely frozen. Mr. Adelman had his security secret but more importantly, he relied upon the trustworthiness of those whom he employed to guard his secret, his money and his property. "Those were ancient times," as my daughter has frequently remarked. Yes indeed, my sweet.

Trust is the glue of all civilized societies and one can readily ascertain the presence thereof by counting the number of locks he encounters. The less the trust, the greater is the proliferation of security devices. A society simply cannot be held together by chains, locks and sirens as Americans are now slowly coming to realize.

1 February 1999