Whitfield Diffie on the History of Cryptography


Peter McCormack: Good morning, Whit. How are you?

Whitfield Diffie: Good morning. I’m fine. How are you?

Peter McCormack: I’m very good, thank you. So my podcast has been known to have almost the who’s who in the Bitcoin world. I’ve been very fortunate to have some great guests on. But I’ve told people that-

Whitfield Diffie: Now you’re adding who’s nobody in the Bitcoin world.

Peter McCormack: No, not at all. Actually, you know what?

Whitfield Diffie: I mean, something in some world, but not particularly the Bitcoin world.

Peter McCormack: No. You say that. I was telling people the whole time. Like I must’ve told about 10 people I’m coming to interview you. And every single time their eyes have lit up with pure excitement. Because you have this kinda name, “The father of cryptography.” How do you feel about that?

Whitfield Diffie: It’s really much easier growing old being a success than everybody makes a fuss over me. I enjoy it.

Peter McCormack: Oh, good. And you got to … You were on stage at Consensus last year, weren’t you with Zooko?

Whitfield Diffie: Yes.

Peter McCormack: How was that?

Whitfield Diffie: Of course it was great. But it was not … It was neither … The subject matter wasn’t either as close to my heart as some. Or you’re talking thousands of people. It’s an on-stage experience. Some of them were great. That one just strikes me as something I did.

Peter McCormack: Yeah. And I guess this boom in cryptocurrencies is, it kinda probably came out of nowhere for you. And then suddenly brought all your work and the history of everything you’ve done as like a second wave.

Whitfield Diffie: Or third.

Peter McCormack: Third wave. Okay.

Whitfield Diffie: Yeah. Because there was a big explosion. I mean, we have cryptography up until 1990. But then suddenly in the 1990s, with transport layer security and stuff, there was a big explosion.

Peter McCormack: Of course, yeah.

Whitfield Diffie: And there’s been ongoing enthusiasm about things like homomorphic encryption, and multi-party computation, things like that. And then all of a sudden yeah, cryptocurrencies come on. And that’s, my gosh. You know, we thought we’d solve this problem and now here everybody’s enthusiastic about it.

Peter McCormack: Yeah. I mean, the excitement especially over the last year or so has been … Like it’s just been huge. It’s been like this explosion of excitement. So, I’ve got lots and lots I want to talk to you about. But I think it’d be really cool for you to tell me what you told me over breakfast this morning. Because you told me a very interesting thing about the date you were born, and then kind of like your life journey.

Whitfield Diffie: Ah.

Peter McCormack: I think it’s a really interesting story. Do you mind retelling it?

Whitfield Diffie: No. I was born the day before D-Day in Washington D.C. And would’ve been D-Day, except the invasion was postponed one day because of the weather. But as it turns out, that meant I was born almost exactly at the time that the first signals intelligence deception started against the Germans. They dropped what the Brits call Window, and the Yanks called Chaff out over the channels, simulating a large flight of aircraft by a small number of aircraft that are dropping stuff that shows up very well on the radar.

And so I, at some point somebody asked me this kind of question, “What can you tell us about yourself?” And I came up with this and I said, “Most people, lots of people believe in astrology. The notion that the stars affect your life. But I have this notion of terrastrology. It’s celestial events that … “ Not celestial. “Terrestrial events that affect your life.” And so I think that the course of my life was set by the things that were going on at the moment of my birth.

Peter McCormack: That’s incredible. That’s incredible. Okay. And well then maybe, because wasn’t it about 1976 was it, where you wrote that very important white paper?

Whitfield Diffie: Yes.

Peter McCormack: And then that was-

Whitfield Diffie: It was published November ‘76.

Peter McCormack: ’76 okay. So that was a couple years before I was born. And now here we are now. So maybe like that was some kind of, you set something in motion for my life. And that’s why I discovered cryptography, and we’ve both ended up here.

Whitfield Diffie: Right.

Peter McCormack: In Palo Alto talking about this. Okay. So can you then tell me, ’cause I think other people are going to find it really interesting, what’s the journey to becoming a cryptographer? What were the things that kind of sparked your interest growing up? And then what happened kind of like the college process that got you to that point?

Whitfield Diffie: Well, the journey is probably a funny way to put it, in the sense that mine will have been very different from anything anybody does today. In the 60s, I was working at the … I was being paid by an outfit called MITRE Corporation. But I was the guest of Minsky’s artificial intelligence lab at MIT. To work some symbolic mathematical manipulation. Things that take your calculus course for you. And we were in the same building with the MULTICS Project, which is the most ambitious operating system project of all time.

And it had all sorts of fancy file protection mechanisms and things like that. And I thought about that. And my response was, “Well, what good is that?” Because the system programmers, I didn’t know … I didn’t distinguish between those and the operators at that time. So that distinction was already clear in the industrial world. System programmers aren’t going to go to jail to protect your files. If the subpoena comes in for your files, they’ll just hand them over.

And as you can see, I already had a very counter-cultural viewpoint at that time. So my notion now seems naïve, although the basic thing is still the subject of a big fight was of, you encrypt your files. Then only you can get at them. And it’s all right that they’re sitting there on the desk. So what I was … I thought I was working on something more important. I was moving into working on proof of correctness of programs. And that, in my opinion, was then and is now the most important problem in engineering.

And so I didn’t work on cryptography myself. I tried to persuade friends to work on it. And my view was, I knew the government knew a lot about it and didn’t want to tell us about it. And I figured it could be rediscovered. And so I tried to talk a number of friends who since wish they had been talked into working on it. But nothing much happened. And I moved out here to Stanford to work with John McCarthy, who was the person who really understood what I understood about the importance of proof of correctness.

And I did that, worked on that for I guess it’s roughly speaking two and a half, three years before I was rescued by a blessed event. Larry Roberts who died a weeks ago was the founder of the ARPA net. And he went up to NSA to talk to the … To Howard Rosenblum who was the Deputy Director for research. And I wasn’t present at that conversation. But roughly speaking, they must’ve said, Robert said, “I have a $100 million a year military communications research project. We ought to give some thought to security.” I can’t see that they disagreed on that.

But I think it came apart over the fact that that part of ARPA was very open and didn’t want to support any classified research. And Howard Rosenblum didn’t want to do anything else. And so Larry Roberts went back to his office in Roselyn. And he had a job where his principal investigators came by with their hats in their hands and had to talk about anything he wanted to talk about. So that week he was talking about network security. And at that time, we all thought network security meant cryptography.

And John McCarthy got excited about it. He’d go talk to him, and got excited about this, came back out to California. Chatted us up at the lab on the subject. And two of us at least got interested in it. The other one was Hans Moravec, who is now head of the robot laboratory, or maybe he’s retired. But had his robot laboratory at CMU. And John had designed a cryptosystem, what would now be called, much later be called a shrinking generator. One sequence generator picks bits out of another one. And he had got Moravec to code it for him. And Moravec introduced something that’s later called [Key-S grow 00:09:21], that as he reasoned, “Well if my thesis advisor wants to encrypt something, I might want to know what it is.”

So his program hid the key where he could find it. And he stayed interested for a week or two, or something like that. Six weeks later … Or six months later, I was doing nothing else. And John was fed up to his back teeth because I was being supported by under the table money from NSA, the National Security Agency. The cryptographic people. To work on proof of correctness, which they were big champions then and still are. So we negotiated an amicable parting of the ways. And I went off travelling around the country, thinking about these problems and talking to anybody who’s willing to talk. And digging up rare manuscripts in libraries.

And this process, my first discovery in this process is my wife, Mary Fisher who died a couple of years ago. And well, without that discovery I don’t think I would’ve made any of the others. But she and I then travelled for a couple of years. And the next great event is the Summer of ’74, we went to York Town Heights to see a man named Allen Tritter, who called himself the biggest man in computer science. Weighed 500 pounds.

And he was a notorious phone freak and hacker. And he introduced me to his boss, Allen Conheim, who was a statistician. And was head of the mathematics department at York Town Heights. And that was one of the key elements in producing what later came out as the data encryption standard, the first pretty good public cryptographic standard. And so Conheim only told me one thing. He was very secretive. He only told me one thing, and since then he’s wished he never said that. You know, “And I can’t tell you anything, we’re under a secrecy order here. But go out back out to Stanford, you should look up my old friend Marty Hellman. Because he’s interested in this stuff. And two people who work on a problem are better than one.”

And that’s interesting for a couple of reasons. I mean, the reason he wished he’d never said it was we became a great pain in his ass. And because we thought that the data encryption wasn’t strong enough. In retrospect, not sure that was the right conclusion. But we thought it should’ve had more key bit. And we delayed its adoption perhaps for a couple of years. But Conheim nonetheless, despite saying that he had a fundamentally scientific orientation. If he’d been an NSA guy, he wouldn’t have done anything. He would’ve done things to mislead me, and certainly wouldn’t have connected me with somebody else working on the problem.

And I came back out here to Stanford. And I find it amusing the small world department. Mary and I was staying with a man named Leslie Lamport, who won the Turning Award two years before I did. And he has lived up in Oakland. And I called Marty Hellman down at Stanford, and he graciously granted me half an hour of his time from 04:30 to 05:00 some afternoon. And Mary and I drove down here, and she took off and went off with the car, and wisely didn’t bother calling back until around 05:30 or so. But she called in, and we were still talking. And Marty invited us over to his house for dinner. And that’s what began … Or that was a wonderful evening. As families, we got along very well. And that began four years of work together. That’s what led to public key cryptography.

Peter McCormack: Wow. That’s some story. So I came here really to thank you for the work. But it sounds like it’s actually Mary we need to thank because you’re saying it wouldn’t have happened without her.

Whitfield Diffie: I think that. I think that’s right. Almost everybody loved Mary. And that meant people put up with me in order to get her company.

Peter McCormack: “Almost,” so that sounds like she had an edge.

Whitfield Diffie: No, it’s not about her having an edge. You know, it’s hard to fool all the people all the time, as Lincoln said. There were people who weren’t taken with her, but most people were.

Peter McCormack: But what was it about her that enabled you to work on these projects? And what did she make happen for you?

Whitfield Diffie: Well, for example, I think she deserves a lot of credit for my relationship with Marty Hellman.

Peter McCormack: Right. Okay.

Whitfield Diffie: Okay. And for me … Typically people thank their partners for their emotional support, right?

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: And I said when I gave her obituary at RSA, I said, “I was very grateful of her irrational enthusiasm for whatever I was doing.” But my view that people, that I a lot of credit for how charming she was. And she opened a lot of doors for me.

Peter McCormack: Wow. That’s a really nice way to hear you talk about her though. Okay. So what was the key breakthrough in cryptography? What was the moment where you realized, “Okay, we’re on to something here.” And also, there are lots of different types of cryptography. Try and help me as somebody who doesn’t understand it.

Whitfield Diffie: So I like every other mathematician who have went into cryptography, right? That might be an exaggeration. But not much. I went in thinking, “Oh gosh, this is a mass. I want to clean this up. We’re going to have proofs that systems are secure. What about the theory of this subject?” And we won’t have sort of an ad hoc proposing things, trying to break them, we’ll like them if we can’t break them. That sort of thing. And I had gotten nowhere. Nobody’s gotten anywhere with that yet. So I was sitting, I had a list of what I called ambitious problems in cryptography. That was actually … You know, because I didn’t imagine any of them were going to make any progress soon. That was easier to think about.

And one of them was an attempt to combine two things. So sometimes that was very important that I had discovered, and discovered somebody who worked on, was what’s called identification friend or foe. So you imagine a fire control radar, that is it’s, a sweeping radar finds aircraft. And then a fire control radar looks at them. And then it has to roughly speaking, it’s going to tell the gun whether to take a shot at it or not. And a fire control radar issues a challenge to an aircraft.

And roughly speaking says, “If you can encrypt … You know, if you can read this challenge and re-encrypt it correctly and send it back to me, I’ll refrain from telling the gun to shoot at you.” Now the way that works, that’s very important what that does, is it keeps somebody who overhears the challenge in response, from responding to another challenge. If the plane just had a password, which is what they did circa World War Two and a good bit later. Then if you were able to intercept one such exchange, then you could reuse it for quite some length of time.

But the early 1950s, the Air Force Cambridge Research Lab, the root of many things in cryptography, worked on that problem. Produced something that’s used worldwide now with many cryptosystems, call The Mark XII IFF. And in effect, that scheme protects you from the shoulder surfing. You can do this challenge in response in public, everybody can listen to it. And still, they don’t learn anything about how to spoof you.

So I was trying to combine that with something else, which is what is used in UNIX password login. Although in fact it was developed … I think it was developed at Cambridge somewhat earlier. And that is that the password table doesn’t need to be secret. So you only store the encrypted password in the password table, and when you get the password typed in, you encrypt it. And you compare that with what’s in the table. Now yes, many of your listeners will respond, “Oh, Whit. But there are lots of problems with that, and have been.”

But at the time, that was thought of as revolutionary, and it was thought to be adequate, and so forth. So I was trying to combine these two things. And at some point … Well, unless you go back a little. Because two problems had dominated, had been hanging around in my life. In 1965, a classmate named Bill [Man 00:18:48] mistakenly told me that the NSA encrypted the telephones within its own building. Right. And turns out he was mistaken. They didn’t do … They barely did any of that now, and they don’t do that much of that then.

Sorry, they barely did any of it then. They don’t do that much of it now. They have two sets of phones. And they have protected conduit, and so forth. But I just got to thinking about this. And I can understand how you can do it. But I couldn’t … I had such a … I said I had a countercultural viewpoint. What I didn’t understand was what you gain from it. Because my notion of a private telephone conversation was, I call somebody and the person I called and I are the only people in the world who can understand this conversation, right?

And I just didn’t have the institutional point of view at all. NSA could perfectly well encrypt all calls within its own building with the same key, and get lots of benefits against its enemies, which is considered to be outside its building. But in any event, so I began thinking about what now call the key distribution problem. And then in 1970, just after I’d arrived at Stanford, John McCarthy went and have a talk on Bordeaux about what we would now call internet commerce. He called it, buying and selling through home terminals.

And what he proposed, I don’t know if there’s any influence on it. But what he proposed is sort of like the French Minitel, which came along a few years later. And so I began thinking about automated offices. And I couldn’t see what you did about … We depended so heavily on signatures and office memos, and so forth. And we depend … And a written signature, we depend so heavily on the fact that it’s hard to copy. And you can always digital signals precisely.

So I had been … Had these two problems hanging around in my mind for quite a while. And I realized you could solve the second one. That the fact that you could recognize a correct solution to a problem didn’t mean that you were able to solve it. And I took note of that and didn’t know how to do it. But I liked that idea. And about a week later, I realized if you could do that, you could turn it around to solve the problem I’d been thinking about for 15 years, which was how to negotiate keys. I’m putting it in a little more modern terminology. But how to negotiate keys between people who’ve never met before. And so Steven Levy has written this account up in his book, Crypto. And that’s the key … I did one good hour of work in my life, I’ve been making a living off of it ever since.

Peter McCormack: I think it’s a little more than that.

Whitfield Diffie: Or an hour and a half.

Peter McCormack: Hour and a half. At any time during your work prior to cryptocurrencies, had the thought of crypto in relation to money come up?

Whitfield Diffie: Oh, yes. Absolutely. In particular, I mean you mentioned having talked to David Chaum.

Peter McCormack: Yeah.

Whitfield Diffie: I believe I may have gotten him interested in that. I think it’s either ’76 or ’78. We could figure it out.

Peter McCormack: ’78 would be perfect on your thesis then because that was the year I was born.

Whitfield Diffie: Okay. Right. Just at the moment … Okay, though at that time there was something The National Computer Conference that was held once or twice a year in the U.S. And a quite big conference then. It’s got too big to be held. I mean, it no longer exists. But it was in New York. And David and I were there. And it probably is ’78. We walked up town to somewhere. I don’t remember where. But I was talking to him about such things, imagine a digital traveller’s check. Which works by having what’s now called a message digest, or secure hash algorithm. And so what’s on the traveller’s check is the output of the hash code, right? So we have SHA-2 of something written on the traveller’s check.

And if you know how to produce the input that’ll produce that SHA-2, then you can cash the traveller’s check. And he got … I believe that’s significant … Our discussion is a significant part of what had got him into worrying about banking and cryptocurrencies, and a thing of that kind. I never resonated with it.

Peter McCormack: But you did go to some of the early Cypherpunk meetings. We talked about that earlier. And was it coming up in those meetings?

Whitfield Diffie: Well, it must have. As I … I remember Cypherpunk’s being in favour of using cryptography.

Peter McCormack: Yeah.

Whitfield Diffie: Being very … Somebody wrote, and I think it’s plausible, that at the core of Cypherpunk’s work was anonymous remailers. They were … So to speak, the political action of a Cypherpunk was to write code, was sort of an in-principal notion. And I’m sure that money did figure … Cryptographic money did figure in it. But I don’t remember any detail.

Peter McCormack: Okay. So David obviously worked on DigiCash.

Whitfield Diffie: Yes.

Peter McCormack: Ultimately failed. But I think its failure was good for Bitcoin, because it proved … It was like another part of the ingredient of what Bitcoin needed to make a success. And so I was with Peter Todd early in the week. And we did an episode, I called it The Essence of Bitcoin. Where he talked about all the different things that made Bitcoin work. And I guess DigiCash proves that you couldn’t work if it was centralized.

Whitfield Diffie: Well, I think it must achieve different results of its centralized.

Peter McCormack: Yeah.

Whitfield Diffie: And certainly, there’s a … I do not know the technical reasons of DigiCash failed. But I think that Chaum in his school explored a vast range of things in this space that you could do. And the development of Bitcoin had the advantage of being able to go to the library and read these things, rather than having to discover all of them.

Peter McCormack: Yeah. So you-

Whitfield Diffie: David laid the foundation for this subject.

Peter McCormack: You first discovered … You first heard about Bitcoin were at the place we had breakfast this morning, right?

Whitfield Diffie: Yes.

Peter McCormack: Your favourite café.

Whitfield Diffie: Yes. I was sitting at a table that no longer is … There’s a longer a table in that spot. But it was right next to where we were this morning.

Peter McCormack: Yeah.

Whitfield Diffie: And John Markoff then of The New York Times walked in, sat down. And he had the Bitcoin paper. And he explained it to me. And I’m ashamed to say I didn’t read far enough in it or something or didn’t explore far enough to learn that I could just download some code and mine Bitcoin. Because what I was fascinated with was not the transaction mechanism, but the mining. And it struck me this was a very natural discovery that you could invest computation in manufacturing something that was valuable. And that struck me as exactly like prospecting and panning or something, for gold. Many things by the course that I didn’t see. But yeah. So I have the grace and disgrace of having known about this circa 2009, 2010. But not having done anything much about it, except talk to people about it.

Peter McCormack: I think a lot of people have been through that, though. I mean, I remember in 2013. And I think a Bitcoin was about $100. And I thought, “That’s too expensive.” And I think I bought one or two, and then sold them. And look where we are now. And across my interviews, there’s a huge amount of stories like this. When I interviewed Peter Todd the other day, he said his greatest ever investment was buying Bitcoin at 20 cents. And his greatest failed investment was only buying $20 worth. So have you ever used Bitcoin?

Whitfield Diffie: No.

Peter McCormack: You’ve never used it?

Whitfield Diffie: No, that café we were at, Koopa, used to take Bitcoin.

Peter McCormack: Right.

Whitfield Diffie: But they have a new cash register system with other virtues. And I don’t think Bitcoin was good enough for them. That John Paul the younger has bothered to code it for the new cash register. So I used to be able to keep up with the value of Bitcoin because the screen would tell me that my cup of coffee was worth one one-millionth of a Bitcoin, or whatever it was, ten-thousandths a day. So I could watch how Bitcoin moved around by how much my breakfast was worth if I wanted to pay in Bitcoin. And there was some app that ran on smartphones that you could pay in Bitcoin with. But I never did it.

Peter McCormack: Have you maintained much of an interest in it? Or have you kept kind of like an arm’s length distance?

Whitfield Diffie: Well one, I am fascinated with it.

Peter McCormack: Yeah.

Whitfield Diffie: In the sense that it’s a … It’s rare for first implementations of such broad concepts to do as well as that did, right? So Bitcoin is still here nearly 10 years after it started out. It is … There’s a fortune. I don’t know what the total value of Bitcoin is. But a whole … Probably there’s more involved than is reflected by so to speak, the market cap. There are lots of people who are now making careers off derivative phenomena. And I think blockchain is a fascinating phenomenon. Much broader than Bitcoin.

Peter McCormack: Right. Okay.

Whitfield Diffie: I am … If you look at the whole lifetime experience of Bitcoin, it has too high a beta, too high a variation to make very good currency. Right? So in one sense, this direction has until maybe recently. It stabilized a good bit I understand in the last few months. But you have to ask yourself, “What would make … “ And it’s a fascinating commodity to invest in, but what makes such a commodity volatile or stable? And I don’t know if that question’s been answered yet.

Peter McCormack: No. It hasn’t. There are different … People have different theories like, once you have more liquidity, so it’s traded more around the world by institutions then it will become more of a stable price. Or as it grows, the price becomes more stable. I mean, I don’t know. I sometimes think Bitcoiners invent future scenarios to justify the current situation.

Whitfield Diffie: Oh, no doubt. There’s probably a parallel. I bet you can find articles varying from op-eds to journal articles about the Euro, making predictions about how it would win, lose, be stable, be fluctuated, et cetera, depending on the interest of the people writing the articles.

Peter McCormack: Yeah. Of course. Where in life do people use cryptography without even realizing it? –

Whitfield Diffie: Well, far in the way the most common is in doing so many things on the web.

Peter McCormack: Right.

Whitfield Diffie: It used to be the … Well, transport layer security what used to be called SSL is the most widespread use of cryptography the world has ever seen. It used to be that when the military was the big customers when they bought a lot of something, they bought a 100 000 or possibly a million of them. There are some cryptographic devices in the U.S. and British inventories of which they bought hundreds of thousands. There are … Transport layer security is in every browser. There are billions of them in the world.

So the total amount of encryption that’s done by the ordinary process of paying for things on the web, or just using security conscious things like Google products on the web gets you involved in using cryptography. And of course, you don’t know it, because you would rather … It’s a tedious thing to have to know about. And so yes, I would suspect that almost everybody has some contact with it. There are other directions that are different. I mean, a GSM telephone which is one aspect of all of them now, encrypts a signal from the telephone to the base station. And that gives you another thing. People have no reason to notice and use constantly.

Peter McCormack: How would the world be different if there was no cryptography? If it had a problem that hadn’t been solved?

Whitfield Diffie: Well, I think a lot of things about web usage would be different. That is there are ways at present … Well okay. Look at something about old telephone practice, which is that you really couldn’t tell who was calling you, right? So lots of places that did what’s in the military jargon, command and control. That is, they were ordering things to happen over the telephone. Somebody would call in to do something, and they would call them back immediately, right?

So the person who’s going to hand out the important piece of information wants to know exactly who it’s going to. And even though they recognize the voice, and this, that or the other, they get better authenticity by having called the number themselves. And so many things like updates. One of the big uses of cryptography, and in particular something I gets a lot of credit for called, digital signatures are used if you get … If Apple of Microsoft sends you an update for your computer, then they have signed it. And your computer can check and see that it came from an authorized source. If we didn’t have that, then probably we would have to reorganize things so that what you get is a message saying, “There’s an update you can get.” And then what you do is, you turn around and call Microsoft and get it. So there would be a whole lot more traffic.

Peter McCormack: Right. Okay. And what are your personal feelings on privacy and surveillance?

Whitfield Diffie: Privacy is a very complicated social phenomenon. And I think the term, there isn’t good terminology. So people say things like, I remember somebody writing, “Small towns are no friends of privacy,” or something like that. And I thought about that. And I think that’s a fundamental mistake. And what I mean is, that if you live in a small town, of course people in the town know all sorts of things about you, right? But of course, you also know all sorts of things about them.

And that you’re answerable to each other. Whereas, when we talk about being worried about privacy in the modern world, we’re worried about the fact there are institutions you don’t know anything about, they’re very good at keeping themselves secret. Say the insurance companies, right? Things that are found out about you, insurance companies are allowed to use to decide how much insurance. Employers are allowed to use to decide whether they’ll hire you or not. So your whole life could be changed by things you don’t know about that are a result of the fact that people are holding on to lots of information about you that they get out of, as it’s now called surveillance capitalism.

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: So I don’t … I am involved with lots of organizations, like the Electronic Privacy Information Center that use that word, and are doing I think lots of good work. Same time I have many disagreements with them as to what … About privacy. Because in particular, privacy is constantly evoked effectively as a mechanism of censorship. People will say, “We can’t tell you this, because it would violate so and so’s privacy.” And that gives them control of the information. And that has become I believe a big phenomenon in the modern world, that privacy is used as an excuse for the secrecy for people whom it’s convenient to keep the secrets. Not really out the interest in the people the information is about.

Peter McCormack: And how do you feel about censorship?

Whitfield Diffie: Well, I’m generally opposed to it.

Peter McCormack: Uh-huh. Apart from? You’re generally opposed, are there certain…

Whitfield Diffie: Oh, I’m … Well, could I construct a case in which I thought it was legitimate to censor something? Maybe.

Peter McCormack: Yeah.

Whitfield Diffie: But my prejudice is against it.

Peter McCormack: Okay. Okay. So how long have you been out here in Palo Alto, this kind of area? The Bay Area?

Whitfield Diffie: It’s just, it’ll be 50 years in the Fall.

Peter McCormack: 50 years. So you’ve witnessed the entire span of the technical innovation we’ve had with the internet, mobile, telephony.

Whitfield Diffie: Well a lot of it. I mean, it’s usually creator determine who taught in mid-century at Stanford.

Peter McCormack: Uh-huh.

Whitfield Diffie: And so it goes back to World War Two and the radar lab here, and stuff like that. But yes, I’ve witnessed a great deal of it.

Peter McCormack: How have you … Like how do you take it all in? And what’s your kind of perspective of it all? Are you a big fan of technology?

Whitfield Diffie: Well, I hardly say that I’m not.

Peter McCormack: Okay.

Whitfield Diffie: ’Cause that I’m … It’s a funny thing to … I mean, I like … One, I consider it inevitable.

Peter McCormack: Right.

Whitfield Diffie: Is being a fan of something … It could happen more or less quickly, but it seems to me that people do what can be done. So as what can be done expands, people do it. And there’s a famous … There’s a claim. I haven’t checked it against a really authentic source. But that at some date, say 1500, it was illegal to burn coal in London because of the atmospheric effects. They were allowed to burn wood. And it was a very serious crime to burn coal. And essentially later, everybody was burning coal, because there was lots of it and it was cheaper, and so forth. And that led to the era of the famous London Fogs. So it’s, is every bit of technology good? No. Is technology inevitable? Seems mostly.

Peter McCormack: And I guess cryptography is a key part of a lot of this technology now?

Whitfield Diffie: Yeah. Technology is very large. Cryptography has played to my mind a surprisingly large role.

Peter McCormack: But do you, as you see the growth in technology you see advancements, do you look at it differently? So for example, when I now listen to a podcast, right? Doesn’t matter whose podcast I listen to, I don’t just listen to the interview. I listen to how the interviewer interviews, right? I listen to how their questions. But I notice the, “Um’s,” the, “Ah’s.” Because sometimes I get … So I notice things that other people don’t. Are you noticing … Are you aware of things happening and you’re thinking, “Ah, that was built upon my work.” Or, “Ah, this is where cryptography’s used. That was built upon my work.” Or, “Ah, this is where cryptography’s used.”

Whitfield Diffie: Well, I’m not aware of it. But I’m sure that I do.

Peter McCormack: Okay.

Whitfield Diffie: No. The thing I remember noticing, I notice things that we did not … Known unknowns. Things we didn’t see coming, right? And this is true in for example, the area of laptop computers. So when Alan Kay was pushing this notion in the 70s, there were all sorts of obvious things missing. And we didn’t have flat screen displays at that time. How would you have a compact portable computer if you needed to lug a cathode ray tube around, right? And so things have bubbled up out of the broad scope of technological work that I didn’t know anything about the origins of. I didn’t see that there was a direction of work that was going to lead to that.

Peter McCormack: Right. We also seem to have a … Technology seems to have brought the world closer together. But at the same time, it seems to have brought nations … Push nations away from each other. And there’s a lot of … I was reading last week about suspicions of say Chinese hacking. And we hear about North Korean hacking. So cryptography obviously plays a very important part of the world. How important is it for world security?

Whitfield Diffie: Well wait a moment. Let’s go back to your-

Peter McCormack: Okay.

Whitfield Diffie: … thesis. Which is, I’m not at all convinced that we weren’t xenophobic in my youth. Well before the modern round of technology.

Peter McCormack: Of course.

Whitfield Diffie: Right. I mean, we fought a war with China over Korea. But we no doubt had lots of bad things to say about them. We threatened them. So I don’t know that the hostility between nations is anything new.

Peter McCormack: That’s fair.

Whitfield Diffie: And one thing that’s interesting, there’s a wonderful book called I think, The Silent Weapon, History of … Communications on Foreign Affairs, 1850 to 1950. A title somewhat like that. And I think it says that the Spanish American war around 1895 was the first war in which communications were fast enough that each capital was looking over the other’s shoulder. So there’s a whole issue today of attempting to keep things secret so that you can make decisions without your opponents knowing at the same time you do exactly what you’re going to do.

And there wasn’t any great problem about that when it took weeks for a message … An observer, whether you call it a spy or reporter, somebody in Washington would learn what was being said. And write a letter home to London. And they would hear about what’s being said. But of course, it was weeks later. And by the time they heard in London, somebody would’ve sent out three division or something to do whatever it was. Whereas today, CNN and Al Jazeera, and all of the other competing network are telling you immediately anything that can be heard in the streets in other people’s capitals. So I think that’s one of the big effects is a manipulable awareness by populations of the activities of other populations.

Peter McCormack: All right. All right, I’m gonna move to … I’m gonna segue to something completely different now. But quantum computers-

Whitfield Diffie: Well, I managed to get you away from your … Steer you away from your question.

Peter McCormack: Well, do you know what it is? It’s like … I’m trying to think how to word this question. I wonder if there was no cryptography, nations would have to have more honest relationships because they wouldn’t have so many secrets. Or is cryptography good for security, and therefore positive? It’s a tough … I don’t know the answer.

Whitfield Diffie: So in the first place, let me put that in another way.

Peter McCormack: Yeah.

Whitfield Diffie: And put it back in a Cold War framework. Lots of people of the left, and that would loosely include me, dislike the intelligence agencies. In part because the intelligence agencies are very secretive.

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: But the fact is, the function of the intelligence agencies is to limit the ability of the nation’s states to keep secrets. So I consider they were a very good thing, because particularly as the Cold War framework. Because I would’ve thought the worst possible thing was to have these two superpowers with lots of nuclear weapons not having any idea what the others were doing. Right?

Peter McCormack: Yeah.

Whitfield Diffie: So I think of intelligence as a very stabilizing phenomenon in international affairs. Now, suppose there were not cryptography. Well in some sense there really was none before the First World War. That is to say, it was a minor security technique until you had radio. I mean, people did encrypt diplomatic messages and things like that. But mostly they guarded the diplomatic pouch. And once you had a radio, you had a communications phenomenon so wonderful, you couldn’t expect to get anywhere without making use of it. And yet radio has the wonderful property that everyone can listen to the radio.

Okay. So cryptography suddenly emerged as the only security technique applicable to a broad range of things. Suppose it hadn’t emerged? It’s hard to imagine how it could not have emerged. But certainly, that would’ve created… Look, if you look at signals intelligence, the expensive part of it has to do with collecting the signals, right?

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: So NSA and GCHQ have a budget of billions of dollars or pounds, for stations around the world that are listening to the radio. And even if the radio … And I don’t have a current figure. But most of the world’s communications in the past weren’t encrypted. Now that might actually have changed with transport layer security, and various things that have been done with satellite communications, and so forth. But I remember talking years ago to a cryptographer and information theorist, Elwyn Berlekamp. Who said some … He gave a figure around 90% for unencrypted communications. It could well have been 99.

Now so, lots of things that are … And of course, look at telephones, right? For decades I mean, very little telephone traffic is encrypted. It adds … I mean, yes if it’s cellphone traffic, pieces of it are encrypted. More for the use of the provider, not exactly for the protection of the individual. So would there be intelligence sources that there are not because of encryption? Yes. Would that transform the world? Hard to know.

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: And I think that basically, we are entering a golden age of surveillance.

Peter McCormack: Yep.

Whitfield Diffie: Because one, the foremost issue in the growth of signals intelligence is how much communicating they do. And to exaggerate that only slightly, things that were moving securely by camelback in the Middle-East 50 years ago, are now going by satellite, right? Now, if they’re going by camelback, the signals intelligence people can’t possibly get them. You gotta ride out there and grab a camel or something. Whereas now, there are satellites in orbit listening. There are other ground stations listening, et cetera.

So the more they move their stuff into satellite channels, or people move their stuff into smartphone … Mobile phone channels. Or especially as in lots of areas you get what’s called fixed position cellular telephony because it’s cheaper to use radios than run wires. Now, all sorts of things are opening up to interception. And artificial intelligence can put these things together and figure them out. There was a wonderful talk some years ago at the Center For International Security and Cooperation I’m affiliated with, down on campus.

And somebody was showing how to correlate satellite photos with other sources. And had some particular place in the Middle-East where there was a military facility, that following the archaeological principle that good occupations sites are good occupation sites, and they stay occupied for thousands of years, it’s right next to a Crusader fort. And the Crusader fort had lots of tourists. And the tourists took pictures of everything. And they put the pictures up on the web.

And so now you can off the web, these are so to speak open sources, right? Off the web now you can get lots of ground picture taken in the direction of this military facility. And you can correlate them with the satellite photographs that you can get of this facility. And you get a good deal of information out of it. So I mean, I think the same things that mean that individuals can’t protect information about themselves very well these days, because the web is watching us, right? Means that nobody can. And the fact that our governments can keep secrets from us doesn’t mean they can keep them from each other.

Peter McCormack: Wow. Okay. Now my other kinda big question. I’ve heard you talk about this before. Quantum computing, is it a big myth? Or is it a real threat?

Whitfield Diffie: I remember a line in a book called Wiseguy. And anybody who doesn’t know about a man named Henry Hill, who was … I think his father was Irish. But his mother was Italian. He lives in Brownsville, East New York. But [inaudible 00:51:22] in some meetings when they said, “This is a matter among the Italians.” Everybody understood the Italians were the bosses of that mob. And I think of this, this is a matter among the physicists. They’ve been promising this for 30 years, right? That’s not the longest. They’ve been promising controlled fusion for 100 … 100 maybe? No, 90. 90.

Certainly, they will … They were working on it already in 1930. But so I don’t know whether quantum computing is going to break public-key cryptography, I don’t know. But certainly, a lot of money seems to think there’s a lot in that direction. And that’s really all I know about it. There’s a big project to develop a quote, “Post-quantum cryptography.” And just for … Quantum computing won’t break a lot of cryptography. It has very little effect on something like the advanced encryption standard, or SHA-2. Any of the things other than Diffie–Hellman and RSA type systems that depend on hidden cycle lengths.

And Shor’s algorithm, the one big thing people know how to compute within quantum computing, or would know how to compute with if they had quantum computers to compute with it on. It breaks the currently popular public-key cryptosystems. Now if that comes through, the problem is that the replacements are all much more expensive. And that’s all I really know about it. The advantage of having key negotiation be cheap is as what you can get what’s called forward secrecy. Which means that you negotiate keys afresh based on newly generated random numbers for each communication you have. And that way of somebody guess the key is from one of them, that doesn’t tell them anything about another one.

Peter McCormack: Right. Okay.

Whitfield Diffie: But lots of things would work. And maybe from some points of view … From some people’s points view more successfully even without that.

Peter McCormack: Are there any unsolved, significant unsolved problems in cryptography? I assume there are. But are there?

Whitfield Diffie: Yes.

Peter McCormack: What-

Whitfield Diffie: I mean, all right. So let me start and run through a list. What’s the great problem that none of us made any progress on is proof that an adequate theory of computational complexity that allows you to prove the cryptography systems are secure. And there are all sorts of relative proofs that show, “Oh well, this can be reduced to that.” And people have been working on that for a long time. “And so we think this must be secure, because if you could break this then you could break that, and people … “ But there are no solid proofs, and I’m not even sure there is a solid statement, and that the terms in which the theorems should be stated are really clear yet.

And people … There’s an old aphorism about a policeman comes along and finds some guy searching stopped at a traffic light, and says, “What’s wrong?” And he says, “I lost my car keys.” He said, “Where’d you lose them?” “Oh, somewhere over there.” He points off into the darkness. And he said, “Why are you looking here?” He said, “The light’s better here.” Right? And people do a lot of that. So people talking about NP complexity and stuff like that. They’re trying to apply what they happen to know about. Whether that’s really the right … It doesn’t appear to be the right theory to pry to cryptography. It’s a theory. And it comes down to it, all the cryptographic systems at any given instant are entirely finite. So that’s the grand problem that shows no signs of having made a lot of progress over my career in the subject.

The glittering problems these days, or one of them is this issue of post-quantum encryption. Right? Are there perhaps entirely different … There are sort of two or three popular ways of building systems that don’t appear to be vulnerable to quantum computing. So people are working on those. Are there any utterly different approaches? I don’t … I suspect there are. But I don’t know. What’s called homomorphic encryption is a partially solved problem.

Homomorphic encryption is a wonderful notion that I have something, and I don’t have enough … I can’t compute on it for one reason or another. But you can. But I don’t wanna tell you what it is. So how am I going to get your help? And the answer is, “Well, I can encrypt it and you won’t be able to understand it. But you will be able to compute on the cryptogram I sent you.” So you sit there and compute on your cryptogram for a while. And then you send it back, and I can’t have done those computations. But I can decrypt it. Yeah?

Peter McCormack: Mm-hmm (affirmative).

Whitfield Diffie: And there were examples of this before recently. Before the last 10 years, that are very satisfying. So you imagine that you need exponentiation, which is an expensive arithmetic operation in order to do something like a signature. Say you have a smart card, and it doesn’t have much computational capacity, and you’re gonna put it into a slot. And it wants to get something done without giving its secret to the slot. And so it masks what it wants done, and sends it to the slot which then can do a compute on the masked item, and then send it back. All right. And it can be unmasked and exported as a final value. So you have an untrusted co-processor for a signature device on a smart card.

Well, the idea is to do that much more generally. And that’s what homomorphic encryption does. And it’s made a surprising amount of progress over the last decade or so. But not enough, and it’s not clear whether it will make enough to make up for just raw not having enough computing power. So if you want to do a monster hydro-code, numeric computation of some kind or other. And you want to get your computing for Amazon Web Services, then can you really do that more cheaply than buying your own computer if you have to do homomorphic encryption on everything? And I think the answer is no. There’s a factor of a million in cost.

On the other hand, a man named Drew Dean while he was at ARPA, put on a wonderful demonstration because he happened to find a problem. This is wonderful because he didn’t know this was a great classic com-sec problem. And it’s called the problem of a black conference bridge. So if we have a bunch of secure phones, and we wanna have a multi-person teleconference. Well, the classic way of doing it is we all call the same spot, which is called a red conference bridge. Red meaning it holds secret information. And it decrypts all the phones and mixes the voices together. And re-encrypts the stuff, and sends it back out.

And that’s no problem for MOD, or DOD. They own lots of property to put a secure system on. But if you were a startup with five people, and one’s in Hong Kong, and one’s in Paris, and one’s here, and things like that. Then how would you hold a secure conference? And he put on a demonstration using homomorphic encryption, using iPhone fives and Amazon Web Services. Because it just happens that those voice mixing algorithms are things that work with the homomorphic encryption techniques we have. All right, so that’s another very important problem.

There are very … There is so to speak, classic problems that are related. The fact that there are problems are related to the problems about proving that cryptosystems are good. If you look at the advanced encryption standard of which I am a great fan because it was developed … U.S. government held a worldwide contest to select it. And then unique … There are a lot of things I’m not proud of in the U.S. but I was proud of this one. They selected a Belgian algorithm to be the U.S. standard.

And that Belgian algorithm, there’s more to it than that, because a key element of it is Finish by a woman name Kaizen Eiburg. So it has a real claim to being an international development effort. That algorithm is moderately expensive to run. And so it would be very nice if you had something that was just as secure. But so to speak, ran a 100 times as fast, or used a 100 times less power, or used a 100 times as many gates. So there’s that kind of ordinary performance problem about people have intuitions about how many gate delays per bit you need to have in order to encrypt securely. But nobody knows for sure.

Peter McCormack: Right.

Whitfield Diffie: So that’s a very classic sort of problem. And then of course in your domain, I think there’s a tremendous amount that open about blockchain sort of systems, and proof stake, proof of work, proof this, that and the other. And how to get them to scale and operate smoothly. And I guess I think you’d have to call those cryptographic problems. And then another class of problems … I mean, I think it would be worthwhile to work. I’ve only done a little. I wish my community would do more work on them.

There are for example the bombes at Bletchley Park could only break enigma traffic by guessing at probably texts, and then verifying whether two things were true. Whether something was the right key or the right piece of the key. And if they were correct about what probable underlay what they were doing. They didn’t have a purely statistical technique for just looking at ciphertext and analyzing it.

Peter McCormack: I live 30 minutes from Bletchley Park.

Whitfield Diffie: Okay.

Peter McCormack: Right near me.

Whitfield Diffie: Hmm?

Peter McCormack: It’s right near me.

Whitfield Diffie: Well that’s interesting because you said you were near Cambridge. And it’s usually described as being hard to get to from Cambridge.

Peter McCormack: Well, if you like-

Whitfield Diffie: Well, that’s probably by rail. I mean, by-

Peter McCormack: Yeah.

Whitfield Diffie: … car-

Peter McCormack: By car, it’s 30 minutes. Yeah. I’m about 30 minutes from Cambridge. About 30 minutes from Bletchley. About 30 from London. They kinda sit in the middle of all of them.

Whitfield Diffie: How nice.

Peter McCormack: Yeah. You’re still working today?

Whitfield Diffie: Sorry?

Peter McCormack: You’re still working?

Whitfield Diffie: Oh, I am.

Peter McCormack: You’ve not retired?

Whitfield Diffie: No.

Peter McCormack: What are you working on?

Whitfield Diffie: Well, several things. Most prominent is as an operation called Cryptic Labs, which is a service organization of the blockchain industry.

Peter McCormack: Okay.

Whitfield Diffie: So we in effect do blockchain consulting, but not in the form usually of hourly consulting, but of having partners to whom our services are available. But we also do a lot about helping people find personal and work internally on problems of interest to the blockchain community. So this is only about a year old, and we’re still trying to figure out how we can be most useful.

Peter McCormack: Wow. This has been fantastic. It’s been a really, really enjoyable interview. Do you have any closing thoughts? Anything you wanna say?

Whitfield Diffie: Other than saying that I’m thirsty or something? No, I think you’ve really drawn me out quite nicely. I give all credit to the interviewers. And this … Of course, you’ve just let me go on and hold forth. But the result has flowed by quite smoothly.

Peter McCormack: Do you know what, it always comes down to the guest. The guest makes the interview what it is.

Whitfield Diffie: Oh, yeah. I have the opposite point of view. I-

Peter McCormack: Yeah.

Whitfield Diffie: … think the interviewer makes the interview. And now of course from the point of view of an interviewer, that has to be … Our points of view are built into our positions.

Peter McCormack: Right.

Whitfield Diffie: But as I like some of my interviews, and don’t like other as well. And therefore I attribute it to the variation in interviewers. You like some interviews better, and some less.

Peter McCormack: Yeah.

Whitfield Diffie: And the thing, you’re always the same. So you attribute it to the variation of guests.

Peter McCormack: Well, then we have to compromise and say it takes two to tango. If it’s a good interview, it’s both of us.

Whitfield Diffie: That’s a no-brainer answer.

Peter McCormack: Well, do you know what? I think it is … I think two people can make a good interview. One person can ruin it.

Whitfield Diffie: Of course.

Peter McCormack: One person can ruin it on their own. But look, this has been utterly fantastic.

Whitfield Diffie: Probably two of a marriage also. A dance.

Peter McCormack: Let’s not, I don’t wanna get-

Whitfield Diffie: A dinner.

Peter McCormack: Let’s not get in marriage. Okay. This has been great.

Whitfield Diffie: A war. “This would be a great war if it weren’t for the other side.”

Peter McCormack: Yeah.

Whitfield Diffie: A legal case.

Peter McCormack: Yeah. Well, that’s like crypto Twitter, that you’re not part of. But that is a war zone. Crypto people are fighting constantly.

Whitfield Diffie: Well, in what-

Peter McCormack: Difference in opinion. Have you heard of the Bitcoin maximalists?

Whitfield Diffie: No.

Peter McCormack: So Bitcoin maximalist believes Bitcoin is the only cryptocurrency of value, because of a number of reasons. And they don’t like Ethereum. And they don’t think anything else has any value. So there’s a war generally between Bitcoiners and people who like Ethereum.

Whitfield Diffie: Okay. No, that’s like any other so to speak industrial competition. You have two products in the same space.

Peter McCormack: I guess so. Yeah, yeah. Well anyway, I think everyone’s gonna love this interview. I think I’m gonna rush back now to L.A. and get this out tomorrow. ’Cause sometimes you record one and you’re just like, “I just wanna get it out there.” Whit, thank you so much.

Whitfield Diffie: You’re most welcome.