Although he first made his name back in the 1970s, he still appears regularly on the international speaking circuit. At a recent event, he was focusing on issues of trust in a networked economy and it was interesting to learn that he still sees cryptography playing a major role in the development of 21st century computing.
The 1970s were a seminal time in the development of cryptography, when the age of secure computing seemed to have arrived, laying the foundations for the explosion in the use of the internet a decade or so later.
The Data Encryption Standard (DES) was adopted in 1975 as the standard method of exchanging messages using "symmetrical" keys, but it demanded that two parties use the same key. The problem of sharing keys securely remained a major obstacle.
With Martin Hellman, then a professor at Stanford University in California, and Ralph Merkle, a doctoral student, Diffie went on to solve the problem with the now widely used Diffie-Hellman key exchange method.
In 1976, Diffie published a paper explaining how authentication and encryption could be achieved using a publicly available key for encryption and a private key, known only to the recipient, for decryption. The theory depended on mathematical "one-way functions" and two large prime numbers.
The search for a way to turn Diffie's theory to practical use ended in 1977 when Rivest, Shamir and Adelman came up with the first commercial Public Key Infrastructure (PKI), still known as RSA.
In recent years, some people have questioned the originality of their work, so I began by asking Diffie about this. The claim is that James Ellis, Clifford Cocks and Malcolm Williamson – three scientists at GCHQ (a top-secret communications center operated by the British government) – had discovered the concepts of key exchange and public key encryption before 1975, but had been constrained from publication by the U.K. Official Secrets Act.
Diffie believed that to be true when he first met James Ellis in 1982, but he has since changed his mind. "I believe it less now because I've talked to him for hours and hours since then," he says. "I don't understand his paper; it wouldn't convince me of anything. He had the conception of a public key system in the same form that I had, but I never found any solid evidence that he or his colleagues understood the significance."
Despite claims from some, including the National Security Agency (NSA), that the implications were understood, "the papers I've seen declassified support the opposite point of view. When Ellis wrote his history in '87, he tried to suggest that this grew out of thinking about key management problems, but there's no sign of that in the original paper from 1970," says Diffie.
He is rather surprised that in less than 30 years, public key cryptography has "become a mainstay of information security," but concedes that "there's much less cryptography visibly in use than I would like to see."
He feels that PKI could have been much more successful and useful if it had been better supported. He points to the example of the U.S. Department of Defense (DoD) which has issued a million Java cards with integrated PKI to its employees to support his view that "the problem with PKI is a capital development problem. You have to put in a lot of up-front investment."
It is a matter of having ready-made applications, he argues. For example, when the first cell phones came into use, they were successful because you could call all the people who already had phones in their homes.
Something similar "might have been done with cryptography. Suppose that you had had lots of keys distributed in the smartcards, and suppose the minute you got an electronic certificate there had been something that you could do with it that was valuable, that might have capitalized the whole thing. DoD put a lot of up-front investment in for some of its own applications, but nobody was in a position to put a lot of investment in for the world at large."
Diffie thinks that either AT&T or NSA could have done that for the U.S., but the chance passed. "I don't see that either could do it now."
The RSA approach has lasted longer than he expected. "My expectation was not that it would be broken, but that it would be replaced much earlier." He felt that once RSA had become established, "then people with a lot more mathematical sophistication than I had would move into this business and we would have a whole new round of these things. It took longer, and then we had one new thing that really has gotten a lot of attention, which is elliptic curve cryptography (see panel, page 25) and it only enhances the Diffie Hellman [approach] rather than changing it."
Diffie was a big fan of the RSA system for the first ten years because it solved the problem he had envisioned. Now he can see that there are problems with the RSA type structure.
"If I send you my modulus and tell you to send me a secret message, there's no test you can do on the modulus that will tell whether it's built of good primes."
He contrasts this with a Diffie-Hellman system, noting: "It's much more open and the keying material is much cheaper. You can standardize on the modulus and on the generator and then those things are public, they can be generated in a publicly known fashion and all that you manufacture in the protocols is random numbers with very simple excluded cases. That makes it much more feasible to have protocols that are robust and that satisfy distrusting parties."
Although necessary, standards have had the effect of limiting the scope for the sort of creativity exhibited in the '70s. Change is now slower and more focused. "If you look at cryptography as a practical matter today, it is standards-dominated and the significance of that is that it's a hard sell for a new system."
He finds it very hard to persuade systems developers that even if their systems are very good, they are not going to squeeze out something that is now a major international standard for as long as the standard stays satisfactory."
People who think they are going to get somewhere with something that is thought more secure than Advanced Encryption Standard (AES) have an uphill battle. AES, if it is as secure as it appears, is secure enough for any application. So that direction seems closed.
"So you get something that's just as secure and, say, much faster. Well, that might address a very real problem because networks are getting faster – faster than processors are getting faster – but you still have a big uphill battle. You've got to persuade people that it's true. You have some arguing to do to show why you think this is more secure despite using less computation."
As expected, cryptography has a big part to play in Diffie's two major challenges for early 21st century computing. Sun has joined the Trusted Computing Group (TCG) and Diffie can see a key element of the TCG platform, remote attestation, growing rapidly.
Remote attestation uses cryptography to manage and assure the configuration of network systems. It could "prevent users running viruses," he says, but could also be used to "prevent other [legitimate] programs being run."
Even so, he sees advantages in being able to confirm the integrity of a whole network using attestations from the component devices. A whole syntax in XML would be needed to define "what it means for two systems to be identical and what class of programs they should run in their identical ways."
This could lay the foundations for a new approach to computing power. To smooth peaks in demand and make use of idle resources, companies "will be able to go out and hire computing power on the spot," he says.
This "on-demand" world of grid computing and web services, sometimes called adaptive computing, "needs security and the ability to reduce the making of contracts from days and years to minutes and seconds." This, too, will increase the need for public key authentication and encryption as well as for "letters of introduction" in the form of digital certificates.
When I ask if there are any issues burning in the background, as the Public Key issue had during the early '70s, he is modest. "I won't do anything like that again. I essentially took two years off to work on that project. I think about a variety of things that might produce a new breakthrough, but I also do a day job that takes up a good deal of what little thinking power I have."
With his track record, Diffie is likely to offer the IT security industry yet another breakthrough. His inclusion in the Global Council of CSOs, an elite think tank of "influential cybersecurity leaders" and his key position as CSO within Sun Microsystems show that many others share that view.