10 March 2001. Thanks to Michael Anshel.
Date: Sat, 10 Mar 2001 10:43:32 EST
Subject: Fwd: zeta function cryptography in my novel
The letter below is from Neal Stephenson author of the best selling novel CRYPTONOMICON. One of his advisor's Bruce Schneier, a well known cryptographer was also an advisor to Arithmetica Inc the small company I help found in 1993. The theme of the novel involves zeta function cryptography. Some facts:
M. Anshel and D. Goldfeld, "Zeta Functions, One-Way Functions, and Pseudorandom Number Generators", Duke Mathematical Journal, Vol. 88 No. 2 (1997) 371-390.
"In 1997,Anshel and Goldfeld ,presented an explicit construction of a pseudorandom number generator arising from an elliptic curve,which can be effectively computed at low computational cost. They introduced a new intractable problem,distinct from integer factorization or the discrete log problem, that leads to a new class of one-way functions based on the theory of zeta functions,and against which there is no known attack."- Richard M. Mollin,"Introduction to Cryptography" CRC Press (2000)
Date: Thu, 08 Mar 2001 20:52:23
From: Neal Stephenson <firstname.lastname@example.org>
Subject: zeta function cryptography in my novel
Dear Dr. Anshel,
Some e-mail has come into my box recently that appears to be a fragment of an exchange between you, or some friend or associate of yours, and Bruce Schneier. The subject is zeta function cryptography in my novel CRYPTONOMICON. The e-mail has been bounced back and forth a few times and so it is not entirely clear to me who was holding down your side of the exchange. I am going to send this message to you in the hopes that you find it of interest and that you will forward it to anyone you think is interested.
As the e-mail correctly points out, in the novel I do not explicitly acknowledge any modern-day researchers in zeta function cryptography. This omission was made deliberately and consciously. It was not made as the result of ignorance but rather from knowledge and (if I may say so) a kind of wisdom about what the unintended consequences would have been. It does not reflect a lack of respect for your work but, on the contrary, a kind of awe of what mathematicians do, and a feeling that what novelists do is rather mundane by comparison. I assumed---and I still believe---that you would regret it if such a link were made, and would quickly request that I remove it. Having been in this business for quite a few years now I can assure you that the annoyance of people who are left out of novels is nothing compared to the fury of those who fancy that they have been inserted into novels without having given their permission.
As you know better than I, the Riemann Zeta function has been, and continues to be, of intense interest to mathematicians. During the 1930s, Alan Turing went so far as to build a mechanical device for calculating its values. This dovetails naturally with one of the chief themes of my novel, which is the early history of the computer. So, in the book, I have invented two fictitious characters, Rudolf von Hacklheber and Lawrence Pritchard Waterhouse, both mathematicians who (so the story goes) befriend Turing at Princeton shortly before the outbreak of World War II.
A few years later, at the height of the war, von Hacklheber (who by this point has gone back to his homeland of Germany and has ended up working as a cryptographer for the Nazi regime) needs to invent a wholly original cryptosystem that has nothing in common with the Enigma, which he suspects has been been compromised. The system he comes up with, which is dubbed Arethusa, makes use of zeta functions. It is computationally intensive by the standards of the 1940's, but this problem is ameliorated somewhat by the fact that, as a result of having helped Turing work on his zeta function computer at Princeton, von Hacklheber knows how to build a device that will automate many of the calculations.
Arethusa, as described in the novel, is simply an algorithm for generating daily one-time pads. It is a secret-algorithm scheme in other words. The key used to generate a given date's pad is simply the date, written down as numbers. This makes it convenient for communicating with correspondents in the Asian theatre of the war, since the one-time pads themselves do not have to be physically transported---it is only necessary to send the algorithm once. In Asia, the pads are generated not by a mechanical computer but by a room full of enslaved prisoners working with abacuses. It is by examining the evidence left behind in such a room that Waterhouse eventually breaks the cryptosystem. Some fifty years later, his grandson Randy Waterhouse duplicates this feat working by himself in a prison cell with a laptop computer.
Part of the point is that a cryptosystem that might have seemed fiendishly clever and state-of-the-art in the 1940s can be busted to smithereens in a few minutes by a modern computer. The tricks used by Arethusa's inventor during the war seem clever compared to the Enigma machine of his day, but no modern cryptographer of any stature would think of making anything like the system that I have just described. Furthermore, for von Hacklheber to base a secret-algorithm system on a function intensively studied by every up-and-coming young mathematician in the world is a grievous blunder, and implicitly raises the question of whether he actually intended for the system to be broken by his friends on the other side of the war.
Now anyone who has any degree of mathematical sophistication will understand that there is absolutely no relationship between Arethusa (which is a phantom, a wholly fictitious imagining) and the zeta function cryptography that has been developed by Anshel and Goldfeld. But mathematically sophisticated people are not the ones we need to concern ourselves with here. Such people can look the Anshel/Goldfeld papers up in the literature and judge them on their own merits. Rather, we need to consider people who don't know math, but who can read novels. They are more numerous, and they lack the ability to make informed judgments about the worth of a cryptosystem. Having no real knowledge of your work, they will naturally assume that it has something in common with the fictitious Arethusa.
This might sound like a silly thing to worry about. But I can assure you that many readers of fiction underestimate just how much of a novel's content is simply made up. There is a common assumption among readers that much of what appears in a novel is thinly veiled and repackaged reality. You can imagine how provoking this is to a novelist who works so hard to invent it. Furthermore, since my novel actually does contain an original cryptosystem (Bruce Schneier's SOLITAIRE), readers are even more inclined than usual to assume that all of the crypto mentioned in the book is real.
An example: the book contains some Enigma messages. I simply made up the ciphertext of these by typing in "random" letters. But after it was published I got a request from someone who wanted to know which type of Enigma machine I used to encipher it, and which wheel and plug settings I used.
Given the difficulty that many readers seem to have in identifying the boundary between fact and fiction, for me to place, in every copy of this book, an explicit reference to the real-world zeta function cryptography purveyed by Arithmetica, and to name the names of the company and its founders, would create nothing but problems for you. I understand that you are involved in a business enterprise and that you quite naturally would like to draw attention to your product, but I can assure you that attention of this kind is worse than no attention at all. Simply put, you do not want your fine product to be linked, in the minds of many readers, with the rotten system described in my book---a system that may have been designed by its creator to be broken!
Now. There exists a theoretical possibility that I could craft an acknowledgment that would restate much of what I have written in the above message. It would have to be even longer and more detailed because I would be writing for an audience of non-mathematicians. It would amount to a statement that there is zeta function crypto in the real world but that it has absolutely nothing in common with that in my book other than its name, and that anyone who wishes to learn about it should approach it with a completely blank slate and should judge it strictly on its own merits.
This is not an appropriate thing to put in a novel for any number of reasons. I could put such a statement on my web page but, regrettably, I consider it most unlikely that my doing so would improve your life.
My personal recommendation is that we do nothing at all.
I hope that this has helped to clarify matters. I am sorry if my handling of this matter has caused you annoyance, and I wish you the best of luck with your continued research and with your enterprise.