As electronic mail, cellular telephones, and electronic banking become more important tools of daily life, there is a growing need for a reliable means of ensuring the privacy of the communications and authenticating the identity of the communicators. What is missing, in effect, are the electronic equivalents of the sealed envelope and the ink-on-paper signature.
But two new computer-based encryption devices will be reaching the market in early 1984, each offering protection against eavesdropping as well as a sort of electronic signature.
Both systems were developed by cryptography specialists, who had to deal with some difficult problems inherent in the nature of electronic communications. Specifically, they had to come up with a signature that would cover the whole of the message or document in question -- memo, purchase order, contract, whatever. Only this way could the sender guarantee that his signature would remain attached to the same document he intended to sign. There is, of course, no "original document" for reference in an electronic environment except the ephemeral arrangement of electronic ones and zeroes.
The Public Key Cryptosystem (PKC), one of the two new coding systems, was first proposed by three mathematicians, Winfield Diffie, Martin Hellman, and Ralph Merkle, at Stanford University in 1976. The other system was patented last May by cryptographers Miles Smid and Dennis Branstad of the National Bureau of Standards.
The PKC system is unusual because it allows the separation of the coding and decoding procedures, somewhat akin to the operation of a bank's overnight deposit box. Because the two PKC keys are different, and because one key does not betray the other, one key can be made public, and even published -- hence the name, public-key cryptosystem. As a practical matter, the number would be published in electronic form, on a floppy disk or a magnetic-strip card for example, because the keys would be numbers of 100 or more digits.
A PKC-coded message itself constitutes, in effect, an electronic signature because the recipient can be certain that any signed message that can be decoded using the sender's public key was encoded by the sender's private key. But the recipient's key will only unlock the signed message; the recipient can't change it or recode it in the sender's format.
The PKC design will first be available to the half-million IBM Personal Computer and PC-compatible users. A new company called RSA Security Inc. designed the first commercial implementation of the PKC concept. Ronald Rivest, a principal of RSA, said the company plans to begin selling it later this spring as a software module on a floppy disk for "a few hundred dollars." If that market justifies the investment, Rivest said the software will be offered for other personal-computer products. This summer a solid-state chip version of the PKC device will be available, probably through original equipment manufacturers, as insert boards for personal computers and subassemblies for other communication devices. It is expected to cost less than $500.
RSA has been raising capital and recruiting professional management to shape its business strategy, according to Rivest, a Massachusetts Institute of Technology professor and one of the three founders of the company. He suggests that contracts eventually could be signed electronically using coded messages.
The Smid/Branstad device, called the Key Notarization System, meanwhile can work in systems of all sizes, but is better suited for the sort of large centralized computer networks now common in major corporations and government. The microcomputer-based Smid/Branstad device, which uses an ingenious pattern of traditional codes is scheduled to be available by early summer from an established vendor of cryptographic systems, PE Systems Inc. of Alexandria, Va. In the Smid/Branstad scheme, the Key Notarization System itself serves as an arbiter charged with guaranteeing that proper identifications have been given by the individual sender and the individual receiver.
The U.S. Army and the U.S. Department of Energy have already bought prototype versions for testing and evaluation. Key Notarization Systems will be priced from $5,000 to $25,000, depending on the network's protocols and communication characteristics for each station on the network.
Both products will be aimed originally at the business computer and microcomputer markets, but there are vast electronic opportunities beyond those fields. The PKC system, for example, could be adapted for use by consumers using their credit cards for placing telephone orders.
"With cellular telephones, there is going to be lots of communication that is going to be wide open to anyone who wants to listen in," notes Leonard Adleman, co-inventor and co-founder of RSA.