Math's Role in Internet Security
SCOTT SIMON, host:
Without math there would be no Internet. But just as important, without mathematics, there would be no Internet security. The way that math prevents Internet anarchy is the theme of National Mathematics Awareness Month. And it's organized by our math guy, Keith Devlin, who joins us now from his studios at Stanford University to talk about it. Keith, thanks for being with us.
Mr. KEITH DEVLIN (Stanford University): Nice to be here, Scott.
SIMON: To note the obvious, without math computers wouldn't exist. Software is numbers, isn't it?
Mr. DEVLIN: Oh yeah. I mean in fact the theory of computers, if you like, was worked out in the 19th century. George Boole worked out an algebra of reasoning and a modern computer is simply an implementation these days in silicon of Boole's original mid 19th century algebra.
SIMON: Well, let's talk about Internet security, which is the other side of being able to use the Internet successfully. Now, for example when somebody buys something from an online store, let's say the NPR shop...
Mr. DEVLIN: Alright.
SIMON: ...r Amazon or Victoria's Secret or something like that, a box comes up saying that you're going to be entering a secure area. Now, I think most people obviously if they're going to buy something they click okay. What does that mean? What's happening when you click that button?
Mr. DEVLIN: So what happens is part of the browser that you have on your computer has an encryption scheme and that takes all of your message, in particular your credit card details, it encrypts it, and then the receiving end, the machine, the computer there decrypts it. So that if anyone catches hold of the message on the way, and the Internet is an open system so you can assume that any message which is sent will be picked up by someone with criminal intent, they will not be able to figure out the number is because they don't have the information required to decrypt it.
SIMON: They don't know what the code is?
Mr. DEVLIN: They actually can know what the code is because the actual coding system are actually publicly known. They're open source systems. But each code depends on a secret key and what happens is your browser will determine a key that's unique to you, or it's unique to you and Amazon, say. Only you and Amazon in principal can decrypt the message because only they know the key.
SIMON: Let me ask about this key. If I as a customer have the key and an online service has the other key, what's to prevent the people who stand between us who might intercept our traffic from acquiring the key? Why don't they have it?
Mr. DEVLIN: This is the genius of this and the genius goes back to two Stanford researchers in the mid 1970s, Whitfield Diffie and Martin Hellman. The key is a number. It's made up of two separate numbers and uses simple ideas of prime numbers and multiplying and dividing numbers. It depends upon the fact that multiplying numbers is computationally a very easy task but taking a large number and breaking it apart into the products of prime factors is computationally very difficult. So fitting those two numbers together can only be done by you setting up the system. You can always uncover what your key is but because splitting a number into prime factors is so difficult, even with a fast computer it could take them hundreds or thousands or millions of years. So the security depends upon the fact that certain computations take longer than an average lifespan, let alone, let alone longer than the length of your credit card.
SIMON: There's no chance we ever run out of cryptographic options?
Mr. DEVLIN: I would hope so, because one by one all of the various systems that have been proposed have been cracked, partly because of clever mathematics and partly because of the speed and the increasing power of computers. It's this constant battle between the good mathematicians and the bad mathematicians, if you like, because this ultimately is a war between mathematicians. Mathematicians on the side of good, and mathematicians on the side of evil. I'm beginning to sound like George W. Bush.
SIMON: No question which side you're on, Keith Devlin.
Mr. DEVLIN: I'm certainly not, I'm not the Darth Vader of cryptography, I don't think.
SIMON: No. All right, Keith, nice talking to you.
Mr. DEVLIN: Okay, a pleasure as usual.
SIMON: Our Math Guy, Keith Devlin, who is Executive Director of the Center for the Study of Language and Information at Stanford University. His most recent book is The Math Instinct: Why You're a Mathematical Genius. I don't think he's referring to all of us. Along with lobsters, birds, cats and dogs.