CINDY A. COHN, ESQ.; SBN 145997
McGLASHAN & SARRAIL
Professional Corporation
177 Bovet Road, Sixth Floor
San Mateo, CA 94402
Tel: (415) 341-2585
Fax: (415) 341-1395
LEE TIEN, ESQ.; SBN 148216
1452 Curtis Street
Berkeley, CA 94702
Tel: (510) 525-0817
Attorneys for Plaintiff
Daniel J. Bernstein
IN THE UNITED STATES DISTRICT COURT
FOR THE NORTHERN DISTRICT OF CALIFORNIA
DANIEL J. BERNSTEIN )
) C 95-00582 MHP
Plaintiff, )
) DECLARATION OF
v. ) MATT BLAZE
)
)
UNITED STATES DEPARTMENT OF )
STATE et al. )
Defendant. )
)
________________________________________)
I, MATT BLAZE, hereby declare:
1. I am a Principal Research Scientist at AT&T Laboratories, and
an Adjunct Professor of Computer Science at Columbia University. My
primary research areas include computer security, applied cryptology, and
large scale distributed computing systems. My current interests focus on
the use of secure hardware, the management and specification of trust,
public-key certificate infrastructure, and cryptography policy.
2. I hold a Ph.D. in Computer Science from Princeton University,
an M.S. from Columbia University, and a B.S. from the City University of
New York.
3. I make this Declaration on my own behalf and not on behalf of
my employer.
4. Although there are many different types of cryptography, the
purpose shared by all of them is separation of the security of information
from the security of the physical media in which the information is
embodied or transmitted. This is accomplished through the use of
mathematical transformations, called "cipher functions'' or "cipher
algorithms'', that alter information in such a way that it can only be
recovered with the knowledge of a secret, called a "key.'' These
transformations are combined to form "cryptographic protocols" that
accomplish various security objectives.
CRYPTOGRAPHY IS MATHEMATICS
5. While the study of cryptography draws upon many disciplines,
the most important activity engaged in by cryptographers is the design and
analysis of the underlying mathematical cipher functions and protocols.
Although the subject has existed for literally thousands of years (being
perhaps as old as the written word itself), the mathematics of
cryptography is not yet fully understood, and cryptography is today one of
the most vital and exciting areas of mathematical research.
THE SCIENTIFIC COMMUNITY FOR CRYPTOGRAPHY INCLUDES
ACADEMICS, INDUSTRY RESEARCHERS AND INDIVIDUAL RESEARCHERS
6. Like researchers in all scientific disciplines, cryptographers
seek to advance their field through open discussion of new approaches,
collaboration with one another, and the rigorous peer review that comes
from informal scientific exchange and the publication and presentation of
technical papers at conferences and in journals. The community of
cryptographic researchers is extraordinarily diverse, and includes
academic researchers working in universities (primarily in mathematics and
computer science departments), scientists employed by industrial research
laboratories, as well as individuals with no formal employment in the
subject.
GOOD CRYPTOGRAPHY REQUIRES WIDESPREAD SCRUTINY AND TESTING
7. Because the mathematics of cryptography is not fully
understood, we are not able to systematically determine or mathematically
prove that any given proposed cryptographic algorithm or protocol is
"secure''. That is, there is not yet a useful "theory'' of cryptography
that would enable the designer (or user) of a cipher algorithm to be sure
that a proposed system is free of subtle flaws that might allow an
attacker to obtain information without knowledge of the decryption key.
The only way to obtain any assurance whatsoever about the strength of a
cipher function or system built around one is to expose the system to the
scrutiny of the largest possible community of cryptographers. Systems are
usually acknowledged to be "secure'' only after an extended period of
widespread scrutiny. For example, it took over fifteen years after the
publication of the US Government's "Data Encryption Standard'' before the
standard was trusted by many cryptographers to be free of
easily-exploitable weaknesses.
8. The US National Security Agency (NSA) is said to be the largest
employer of cryptographers in the world, and is said to be many years
ahead of the commercial and academic world in its understanding of how to
design cipher functions and protocols and how to use them to build secure
systems. The technical work of the NSA is primarily classified and thus
cannot be exposed to the scrutiny the public research community. However,
a few systems have been released from NSA for publication as civilian
standards.
9. My analysis of one of these systems, the interface to the
"Escrowed Encryption Standard,'' in 1994, suggests that even systems
designed with the benefit of the government's superior experience and
broad internal expertise can still benefit from outside scrutiny. In this
case, my analysis of the published specifications revealed a "protocol
failure'' that allowed the system to be used in a way that circumvented
one of its basic design objectives. This does not reflect especially
badly on the NSA's abilities. It simply re-affirms what the civilian
community has long understood - cryptographic systems are hard to design,
and therefore must be exposed to extensive and diverse scrutiny before
they should be trusted.
CRYPTOGRAPHIC ALGORITHMS ARE DESCRIBED IN COMPUTER PROGRAMS
10. Although in an abstract sense cipher functions and protocols
are purely mathematical objects, their properties and nature are usually
most readily understandable when they are specified and represented as
computer programs. In fact, modern techniques for analysis of cipher
functions rely heavily on computer simulation and experimentation, and
computer programming languages serve as a standard notation for describing
new ciphers. The analysis of the performance and behavior of a cipher
system on real computers is one of the central aspects of the evaluation
of new systems.
11. Because one of the most natural ways to describe a cipher
algorithm is by means of computer programs, there is little distinction
between a description of an algorithm and a program that implements it;
they are as often as not the same thing. It is virtually impossible to
fully describe a modern cipher system without at the same time providing a
program that implements it.
THE ITAR SCHEME IMPEDES SCIENTIFIC RESEARCH
12. The current export controls on cryptography have a
far-reaching impact on the practice of scientific research in the
discipline, even domestically. The cryptographic research community is a
truly international one, with researchers from all over the world
collaborating with one another and sharing their results through
publication and conferences. Many natural research collaborations are
limited or stifled by the export regulations, which are understood to
effectively prevent researchers in the US from working with their foreign
colleagues on certain kinds of applied cryptographic research.
THE ITAR SCHEME HAS IMPEDED MY RESEARCH AND TEACHING
13. My own professional life has been adversely affected by my
inability under the export regulations to fully collaborate with
researchers from other countries and from my inability to openly and
freely publish computer source code to my own cryptographic systems for
peer review. I will give three examples, chosen from many. First, in
1993 I was collaborating on a research project with a post-doctoral
researcher from Greece at Columbia University in New York City. We were
designing what would become one of the first proposals for securing
message traffic on the Internet from eavesdropping and forgery. Because
my collaborator was not a "US person'' under the law (he was not a
permanent resident), we could not legally freely exchange computer code
that implemented our proposed protocols, and so were unable to collaborate
at all on any experimental aspects of the analysis of our design. In
fact, we were uncertain as to whether it would even be legal for my
collaborator to have access to any computer programs he produced himself
that implemented or described our protocol.
14. A second example involves a system I designed in 1992 for
securing files stored on computer workstations. The system demonstrates a
number of engineering techniques for including encryption in a computer
operating system, and so, in addition to writing a paper that describes
the techniques in abstract terms, I wrote a computer program that
implements it to help other researchers understand, evaluate and measure
the technique. Unfortunately, because the computer program is covered
under the export controls, I was told by our corporate legal department
that I cannot legally make the system available on the Internet. Instead,
those who want it must write to me and ask for a copy, and I can send it
to them only if they indicate that they are US citizens in the US. To
this day, I spend a significant fraction of my time filing and managing
these requests, a task that would be eliminated completely were I able to
simply make the system available on the Internet.
15. A final example involves a graduate-level course I taught on
the subject of cryptography and computer security at Columbia University
in 1995. Many of the students in the class were not US citizens, and so I
was unable to make available as part of the course material computer
programs that implement the techniques being taught in the course. This
created an extraordinarily difficult situation for me and for the
students; imagine trying to teach or learn an applied technical subject
without benefit of real examples.
I declare under penalty of perjury that the foregoing is true and
correct and that this Declaration was signed at Murray Hill, New Jersey.
Dated:_________________
_________________________________________
MATT BLAZE