Here's a thought exercise:
What happens if someone applies for an export license for a Java
Virtual Machine, which he intends to use as an "encryption routine"?
The idea (which is not new) is that a Java program (Java byte code)
would be the "key" for the encryption. It specifies how to turn
the input message into the output plaintext. Thus, the VM is doing
the encryption work as specified by the byte-coded "key".
If a license is required to export Java VM's, there is obviously a
huge problem.
If no license is required for exporting a VM for this purpose, then
export controls are effectively dead.
If they say, ``The VM is OK to export, but your `keys' are really
programs, and require export approval'' (which is the sensible
response) then we see that implementing the export regs requires the
ability to distinguish ``keys'' from ``programs''. This gets into
gray areas very quickly. Why is not a DES key a "program" that is
interpreted by the DES engine? What distinguishes repeated
substitution and permutations of the usual crypto sort from a ``Post
tag'' system (*) which does substitutions and rotations, and is
computationally universal? I note that in TwoFish the substitutions
are key-dependent, and so correspond closely to have a set of Post tag
rewrite rules (i.e. an arbitrary program) as the key.
Does the proper interpretation of the export regs means one should apply
for export control approval on a key-by-key basis? (There might be
some who would like this...)
If no per-key approval is needed, then I don't see why one can't
distribute code that embodies a fixed transformation procedure, since
this is really a "key" rather than a "program". That is, the
distributed specifies a single transformation out of a large universe
of possible transformations. Thus, a routine that computes:
y = AES(M,k0)
for transforming a message according to some fixed 256-bit AES key k0
is really more like a key (it is k0 in another representation) than it
is like a general-purpose encryption routine. Of course, it may (or
may not) be easy to modify such distributed code to handle arbitrary
keys (;-))
Food for thought...
Cheers,
Ron Rivest
---
(*) A Post tag system has a number of rewrite rules of the form
L_i --> R_i
where L_i and R_i are strings over some alphabet (e.g. binary).
As long as the prefix of the input matches some L_i, that
L_i is removed from the beginning of the input, and the
replacement R_i is added to the end of the input.
