10 March 2001. Thanks to Michael
Anshel.

From: MikeAt1140@aol.com

Date: Sat, 10 Mar 2001 10:43:32 EST

Subject: Fwd: zeta function cryptography in my novel

To: jya@pipeline.com

The letter below is from Neal
Stephenson author of the best selling novel *CRYPTONOMICON*. One of his
advisor's Bruce Schneier, a well known cryptographer was also an advisor to
Arithmetica Inc the small company I help found in 1993. The theme of the novel
involves zeta function cryptography. Some facts:

M. Anshel and D. Goldfeld,
"Zeta Functions, One-Way Functions, and Pseudorandom Number
Generators", *Duke Mathematical Journal, *Vol. 88 No. 2 (1997)
371-390.

"In 1997,Anshel and Goldfeld
[6],presented an explicit construction of a pseudorandom number generator
arising from an elliptic curve,which can be effectively computed at low
computational cost. They introduced a new intractable problem,distinct from
integer factorization or the discrete log problem, that leads to a new class of
one-way functions based on the theory of zeta functions,and against which there
is no known attack."- Richard M. Mollin,"Introduction to
Cryptography" CRC Press (2000)

Date: Thu, 08 Mar 2001 20:52:23
-0800

From: Neal Stephenson <neal@well.com>

To: MikeAt1140@aol.com

Subject: zeta function cryptography in my novel

Dear Dr. Anshel,

Some e-mail has come into my box
recently that appears to be a fragment of an exchange between you, or some
friend or associate of yours, and Bruce Schneier. The subject is zeta function
cryptography in my novel *CRYPTONOMICON*. The e-mail has been bounced back
and forth a few times and so it is not entirely clear to me who was holding
down your side of the exchange. I am going to send this message to you in the
hopes that you find it of interest and that you will forward it to anyone you
think is interested.

As the e-mail correctly points
out, in the novel I do not explicitly acknowledge any modern-day researchers in
zeta function cryptography. This omission was made deliberately and
consciously. It was not made as the result of ignorance but rather from
knowledge and (if I may say so) a kind of wisdom about what the unintended
consequences would have been. It does not reflect a lack of respect for your
work but, on the contrary, a kind of awe of what mathematicians do, and a feeling
that what novelists do is rather mundane by comparison. I assumed---and I still
believe---that you would regret it if such a link were made, and would quickly
request that I remove it. Having been in this business for quite a few years
now I can assure you that the annoyance of people who are left out of novels is
nothing compared to the fury of those who fancy that they have been inserted
into novels without having given their permission.

As you know better than I, the
Riemann Zeta function has been, and continues to be, of intense interest to
mathematicians. During the 1930s, Alan Turing went so far as to build a
mechanical device for calculating its values. This dovetails naturally with one
of the chief themes of my novel, which is the early history of the computer.
So, in the book, I have invented two fictitious characters, Rudolf von
Hacklheber and Lawrence Pritchard Waterhouse, both mathematicians who (so the
story goes) befriend Turing at Princeton shortly before the outbreak of World
War II.

A few years later, at the height
of the war, von Hacklheber (who by this point has gone back to his homeland of
Germany and has ended up working as a cryptographer for the Nazi regime) needs
to invent a wholly original cryptosystem that has nothing in common with the
Enigma, which he suspects has been been compromised. The system he comes up
with, which is dubbed Arethusa, makes use of zeta functions. It is
computationally intensive by the standards of the 1940's, but this problem is
ameliorated somewhat by the fact that, as a result of having helped Turing work
on his zeta function computer at Princeton, von Hacklheber knows how to build a
device that will automate many of the calculations.

Arethusa, as described in the
novel, is simply an algorithm for generating daily one-time pads. It is a
secret-algorithm scheme in other words. The key used to generate a given date's
pad is simply the date, written down as numbers. This makes it convenient for
communicating with correspondents in the Asian theatre of the war, since the
one-time pads themselves do not have to be physically transported---it is only
necessary to send the algorithm once. In Asia, the pads are generated not by a
mechanical computer but by a room full of enslaved prisoners working with
abacuses. It is by examining the evidence left behind in such a room that
Waterhouse eventually breaks the cryptosystem. Some fifty years later, his
grandson Randy Waterhouse duplicates this feat working by himself in a prison
cell with a laptop computer.

Part of the point is that a
cryptosystem that might have seemed fiendishly clever and state-of-the-art in
the 1940s can be busted to smithereens in a few minutes by a modern computer.
The tricks used by Arethusa's inventor during the war seem clever compared to the
Enigma machine of his day, but no modern cryptographer of any stature would
think of making anything like the system that I have just described.
Furthermore, for von Hacklheber to base a secret-algorithm system on a function
intensively studied by every up-and-coming young mathematician in the world is
a grievous blunder, and implicitly raises the question of whether he actually
intended for the system to be broken by his friends on the other side of the
war.

Now anyone who has any degree of
mathematical sophistication will understand that there is absolutely no
relationship between Arethusa (which is a phantom, a wholly fictitious
imagining) and the zeta function cryptography that has been developed by Anshel
and Goldfeld. But mathematically sophisticated people are not the ones we need
to concern ourselves with here. Such people can look the Anshel/Goldfeld papers
up in the literature and judge them on their own merits. Rather, we need to
consider people who don't know math, but who can read novels. They are more
numerous, and they lack the ability to make informed judgments about the worth
of a cryptosystem. Having no real knowledge of your work, they will naturally
assume that it has something in common with the fictitious Arethusa.

This might sound like a silly
thing to worry about. But I can assure you that many readers of fiction
underestimate just how much of a novel's content is simply made up. There is a
common assumption among readers that much of what appears in a novel is thinly
veiled and repackaged reality. You can imagine how provoking this is to a
novelist who works so hard to invent it. Furthermore, since my novel actually
does contain an original cryptosystem (Bruce Schneier's SOLITAIRE), readers are
even more inclined than usual to assume that all of the crypto mentioned in the
book is real.

An example: the book contains some
Enigma messages. I simply made up the ciphertext of these by typing in
"random" letters. But after it was published I got a request from
someone who wanted to know which type of Enigma machine I used to encipher it,
and which wheel and plug settings I used.

Given the difficulty that many
readers seem to have in identifying the boundary between fact and fiction, for
me to place, in every copy of this book, an explicit reference to the
real-world zeta function cryptography purveyed by Arithmetica, and to name the
names of the company and its founders, would create nothing but problems for
you. I understand that you are involved in a business enterprise and that you quite
naturally would like to draw attention to your product, but I can assure you
that attention of this kind is worse than no attention at all. Simply put, you
do not want your fine product to be linked, in the minds of many readers, with
the rotten system described in my book---a system that may have been designed
by its creator to be broken!

Now. There exists a theoretical
possibility that I could craft an acknowledgment that would restate much of
what I have written in the above message. It would have to be even longer and
more detailed because I would be writing for an audience of non-mathematicians.
It would amount to a statement that there is zeta function crypto in the real
world but that it has absolutely nothing in common with that in my book other than
its name, and that anyone who wishes to learn about it should approach it with
a completely blank slate and should judge it strictly on its own merits.

This is not an appropriate thing
to put in a novel for any number of reasons. I could put such a statement on my
web page but, regrettably, I consider it most unlikely that my doing so would
improve your life.

My personal recommendation is that
we do nothing at all.

I hope that this has helped to
clarify matters. I am sorry if my handling of this matter has caused you
annoyance, and I wish you the best of luck with your continued research and
with your enterprise.

Sincerely,

Neal Stephenson