The PGPS History

PGP Timeline

The topic of PGPs history seems to be fraught with controversy, and it is difficult for a new comer to discover the full story.

This FAQ lists as much detail of the history as I have been able to gather together. My part in the creation of this document is to collate information, all of the information is obtained from others, from email comments, from my reading of other peoples past cypherpunks list posts, usenet posts, and from my reading of the resources available on the WWW, and the pgp source code and documentation (going back to version 1.0).

I think there are still many inaccuracies, so if you have any corrections, extra information, or know anyone who you think may know more, feel free to forward them a copy for comment.

Definitions of acronyms

PGP Pretty Good Privacy

PRZ Phil R Zimmermann, internet folk hero, author of PGP

RSA The RSA public key crypto algorithm as used in PGP. RSA stands for Rivest, Shamir, and Adleman (its designers). RSADSI rsa.com, RSA Data Security Inc, patent holders of some public key stuff, which they claim means that no one can use RSA without getting a license from them. They have a www page at: http://www.rsa.com/

PKP Public Key Partners composed of RSADSI plus Cylink (plus others?) (now disbanded)

ITAR International Traffic in Arms Regulations controls export of controlled munitions from the US, things like military aircraft components, biological and chemical weapons, and also (very strangely) cryptographic software. See:

ftp://ftp.cygnus.com/pub/export/itar.in.full.gz

for the full text of ITAR (file is GNU zip format).

PK Public Key (cryptography) as opposed to symmetric key cryptography PK is also known as "asymmetric key" cryptography.

NSA US National Security Agency, US govt's largest spook agency. whimsically known as No Such Agency because until recently the US govt tried to deny they even existed. (Also the letters NSA are jokingly said to mean Never Say Anything because their public relations technique is usually "no comment" to avoid giving anything away) CIA US Central Intelligence Agency, another US spook agency

DEA US Drug Enforcement Agency, agency charged with carrying out the "War on drugs".

NIST National Institute of Standards and Technology

ODTC Office of Defense Trade Controls, USG group charged with enforcing ITAR. They consult with the NSA, the NSA has the last word on what gets export approval.

USG United States Government

ETHZ Eidgenissische Technische Hochschule Zurich

ZLDF Phil Zimmermann Legal Defense Fund (now closed since his investigation was dropped)

IDEA International Data Encryption Algorithm invented by Xuejia Lai and James Massey at ETH in Zurich. Patent owned by Ascom-Tech.

Bass-O-Matic Symmetric key crypto algorithm designed PRZ as used in PGP 1.0. Bass-O-Matic was weak, and after having this demonstrated to him, PRZ replaced it with IDEA in later versions of PGP.

History of crypto as it applies to PGP

The year is 1976, a cryptographer and privacy advocate named Whitfield Diffie, together with an electrical engineer named Martin Hellman discovers public key cryptography. (DH key exchange is still a commonly used key exchange protocol -- DH = Diffie-Hellman).

1977 Ron Rivest, Adi Shamir, and Len Adleman discover another more general public key system called RSA (after surnames Rivest, Shamir, and Adleman). R, S & A were researchers at MIT (significant later, because MIT has part ownership of patents.)

NSA tells MIT and R, S & A that they'd better not publish this or else.

Amusingly Adi Shamir (S from RSA) isn't even a US citizen, he's an Israeli national, and is now back in Israel at the Weitzmann Institute. Who knows what the NSA would have done about him if they had succeeded in supressing RSA - not allowed him out of the US?

MIT and R, S & A ignore NSA and publish anyway in SciAm July 1977, in an article entitled "New Directions in Cryptography". They later published RSA in Comms ACM (feb 1978, vol 21, no 2, pp 120-126 (an international publication) in case you want to see if it's in your library - it's in Exeter Univ (UK) library).

Because the publication was a rush job due to the NSA, R,S & A and the later formed PKP and RSADSI lose patent rights to RSA crypto outside the US. This is because most places outside the US, you have to obtain a patent *before* publication, whereas in the US, you have one year from the publication date to file for patents. This also had implications for PGP later. Another issue is that the patent law in the US is unusual in that it allows the patenting of algorithms (well algorithms as embodied by a system for a specific purpose -- what is being patented is the system). The RSA crypto system would probably not have obtained a patent in many other countries due to it being an algorithm, and hence it would probably have been ruled unpatentable, even if R, S and A had not been rushed by the NSAs interference.

IDEA was developed by Xuejia Lai and James Massey at ETH in Zurich. (Relevant to PGP because IDEA is the symmetric key cipher used together with RSA in PGP). Also crypto politics relevance in that it is another (of many) examples of the fact that crypto knowledge and expertise is worldwide, ie why export restrict something which is available both sides of the ITAR fence, or even originated *outside* it? (Strangely, ITAR applies to importing and then re-exporting a crypto system, even if no modifications are made). There are lots of other symmetric key ciphers, IDEA is one with a good reputation (no known practical attacks better than brute-force to date, and a good key size), and is just referenced here because of its use in PGP.

(some years pass...)

Birth of PGP

While Iraq was still a secret US ally against Iran, Iraqi exchange students using the same literature as PRZ later did wrote a working PK cryptosystem for their military (which was using poison gas against the Kurds at the time). Not a peep from the govt., of course.

The US government introduces the 1991 Senate Bill 266. This omnibus anti-crime bill had a measure in it that all encryption software must have a back door in it. An excerpt is in pgpdoc1.txt, distributed with PGP. This bill prompted PRZ to write PGP. This is what PRZ says in pgpguide.lst in pgp1.0:

The 17 Apr 1991 New York Times reports on an unsettling US Senate proposal that is part of a counterterrorism bill. If this nonbinding resolution became real law, it would force manufacturers of secure communications equipment to insert special "trap doors" in their products, so that the Government can read anyone's encrypted messages. It reads: "It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall insure that communications systems permit the Government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law."

(This was 1991 Senate Bill 266 and it eventually failed to pass into law.)

PRZ wrote pgp1.0. He implemented RSA encryption, combined with a symmetric key cipher of his own design called Bass-O-Matic. It later turned out that Bass-O-Matic was weak, and he replaced it with the use of IDEA for subsequent versions of PGP. pgp2.0 and later versions have used IDEA. There were other differences between pgp1.0 and pgp2.0 and later versions. pgp1.0 used the MD4 message digest algorithm, Ron Rivest designed MD5 to fix a weakness which was discovered in MD4, and pgp2.0 and subsequent versions use MD5. pgp1.0 used uuenc