Redefining Our Definitions and Expectations of Cryptography
Content and Concepts through Context
Copyright © 2002 by
A Speech Delivered to the George Mason University Telecommunications Society
Given May 2, 2002
Thank you for providing me this opportunity to speak about such an important topic, to such an enlightened audience, in such a fine educational environment like George Mason University. I am not here to wow you with gadgets or algorithms but to open your mind.
primary objective in the next fifteen minutes is to communicate a few ideas and
a few ideals about the future of cryptography as it relates to
telecommunication. My words are
about my philosophy, just as all academic statements and expressions of
technological issues or intentions ultimately are. However, more importantly, my words are
about the problems of current intentions of cryptography to telecommunications
and the resolution I see occurring. The
thoughts driving this speech are actually directed toward the potential of
cryptography with respect to telecommunications.
Science does not exist
without the principle of cause and effect.
Within that context exists the security paradigm by which society has
agreed are the fundamental technological engineering objectives of
telecommunications. This agreement
has occurred as an artifact of layers of technical development over many years. Some of the ideals of security were assigned to our industry
by the language, policies, and even laws arising out of war. It is correct and necessary from an
academic perspective to rethink our conceptual understanding of these ideals. We should rethink the crucial potential
that cryptography provides.
Today’s cryptography does not necessarily produce consistent security results. The concept of security within our dynamic open systems involves a nebulous and fluid tradeoff of risks and objectives. However, cryptography can be stated as a way to significantly improve the way that we search, create, disseminate, and control transactions of data, information, and knowledge. Cryptography can consistently improve our ability to communicate meaning more efficiently and more accurately. Cryptography can even make a positive contribution to the way that we think about others and ourselves, through telecommunications. Cryptography can only do these things if we are willing to engage in a new way of thinking and expand our ideas about the cryptographic domain. However, ideals are hard to change.
Some engineers within the telecommunications cryptographic community long ago fixed within their minds the objective of cryptography as a service; which might be best described in terms of an armored pipeline of bits. Communication goes into this tube at one point and communication squirts out at another distant point. In this context, from the engineers perspective, bits are created by some irrelevant user and it somehow becomes the overriding objective of some cryptographic engineer to see to it that these bits are carefully funneled in as input so that the resulting output at the distant end come out exactly the same. A equals B.
In between, this input
and the output, data is manipulated so that it is unintelligible to all. This simplistic idea of cryptography is
most philosophical because it is based in part on the ideal that cryptography is
by it’s essential nature a barrier to the “outside.” It presumes that all is well for the user, as long as the
pipeline remains intact, and that changes in content do not and should not take
place with respect to context at the distant end. Moreover, it implies that the process of communicating with
another through technology is no different from communication directly between
people face to face. For some
strange and unexplainable reasoning all of this idea has been tied to the term
“integrity.” To me there would
seem to be little integrity in the inability to adapt contexts. The word integrity is an important
wasted word when used in such a narrow sense.
Other engineers today think of cryptography as a kind of control process where the emphasis of armor is taken for granted as part of the context of the communication. The essential problem, as these even more philosophic creatures of cryptography see it, is that the right person should be able to input data and the corresponding person should be able to access the data. This authenticated access control is therefore to be considered as the most important thing.
Under their set of conditions, the rest of the requirements become obvious; what is in between must of course be protected for access control to remain true. When you begin to think about it, the armored pipeline theory of cryptography requires the analogous control of input and outputs just as much as it requires the cryptological armor. These philosophies are extensions of each other and their ideals fit like a nut and a bolt. A equals B.
Perhaps the most obvious observation I might make out of these examples would be that for the cryptographer it is cryptography that is most important focus. Cryptography as a subject has been carefully classified with conceptual boundaries. Cryptography as a process is described with a mathematical and technological beginning and an end. By this, I mean that from a current telecommunications view, encryption begins when we encrypt and cryptography ends when we decrypt, whether we are describing it in terms of mathematics, hardware, or software. It is an elegant box, which holds the cryptographic enigma. This domain attracts certain kinds of people with a certain orientation. Nothing could be more simple and easy to encapsulate as a closed process.
We believe that we understand the nature of cryptography because we have accepted the principle that encryption and decryption is cryptography. There are no stated grey areas to our engineering specification for cryptography within telecommunications, which we have decided must be computationally perfect. Consequently, we have allowed no room for error or inference within our specification. Encryption and decryption may work perfectly, but the design of telecommunication systems using cryptography became a limiting instead of an extending factor of secure communication.
The problem is that encryption is cryptography, but when you think about it, the inverse is not true. The rational purpose and scope are not the same. The familiar scene of the Mad Hatter’s Tea Party points out these unacceptable rational differences as posed by such inverted logical consequences. To paraphrase the great writer and mathematician Louis Carroll, who was a cryptographer in his own right, if we state that cryptography is encryption we might as well say “we eat what we see because we see what we eat.” In a rational logical equation, B may not equal A. The laws of mathematical equalities may not exist.
This seemingly insignificant point of philosophy has been one of my academic concerns, actually producing an avalanche of related concerns over the last decade. This was part of what lead to my consideration of VPN. We Cybersecurity architects may know we are very good at what we do with logic, but the question arises: Are our rational presumptions correct? Is cryptography more than an inverse relationship of encryption and decryption? Is the concept of cryptography ultimately limited to mathematical logic? Is the essence of cryptography in fact an integrated act of natural communication?
We could certainly choose to entirely limit the ideas of cryptography to algorithmic logical concepts. We can in the course of doing so choose to standardize and further restrict the conceptualized basis of modern cryptography but at some point, we must also realize that as we do, we also limit the potential of what cryptography might do, and therefore what cryptography can do for mankind. To begin to understand what is possible we first need to change our way of thinking of cryptography. We should begin with the idea that cryptography originates as a natural part of symbolic thought.
If the minds of mankind are made of the substance of intellect, then the content of that substance are the concepts that emerge. I do not intend this statement to be metaphorical nor strictly philosophical. Concepts, ideas, and ideals that our communicative minds bring into being take on a kind of interdependence. They represent a reinforcing matrix. Our symbolic concepts are born and give rise to our perceptual context. They are essentially decoded by contextual perception by the mind. Our cognition is the decryption of our perceptions that would otherwise be chaos. This is the foundation of modern physics which cryptography is a part.
In August, 1930, Dr. Herbert Blumer, the father of Symbolic Interactionalism discussed this concept in his address before the Ninth Annual Institute of Social Research at the University of Chicago. His topic was “Science without Concepts.” I urge you to go to the library and understand his ideas. I shall paraphrase what he said because in my opinion it has a bearing on the future of cryptography and perhaps more importantly on our expectations of our own future.
Dr. Blumer was speaking about the evolutionary nature of concepts within Science. In his speech nearly 72 years ago he made the point that mankind had not always thought of concepts the way that we do today and this fact makes our ancestors perspective of the universe very different from ours today. For instance, the concept of movement was a subjective concept associated explicitly with objects. “Fire moves up. Rain falls down.” A thrown rock had it’s own movement.
Until Galileo and Newton, movement was simply not a thing to be considered independently as an abstract concept. Mankind could not associate the dynamic physical forces of nature because we could not differentiate the concepts of motion and study it in context with everything that it may represent. Because of this the scientific concept of gravity could not exist. During the middle ages, it was both a leap of faith and genius to recognize and accept a new broader concept of movement. Keep this thought in mind as I now say that it may be just as difficult a leap for us to fully understand that we are surrounded by this same kind of conceptual problem within cryptography today.
Like the problem of extending the concept of physical motion, with cryptography we have failed to extend it’s context to rational associations related to communication content. By ignoring the general, in favor of the specific we have been more than simply searching in the wrong place, for that ideal does not exist. We have been engineering cryptography, but we have not been extending cryptography toward a universal and natural concept, as we should have been. Just as the limitations of a general concept of motion limited the notion of physics, our narrow conceptualizations have limited the scientific concept of cryptography.
The limitations we are placing on the future of cryptography have not merely been a singular problem with our ideas of mathematics; it has been the limitation of mathematics on our ideals. Cryptography is about natural communication, not communications systems.
As cryptographers, we may marvel at our cryptographic scrambling techniques, but for the millions of users of cryptography it is communication results that count. Users simply need to communicate to transfer content through concepts with context. Cryptography is ultimately how we can better communicate content using context. The concept of cryptography as fine grain context based transaction control of content is a far broader and richer concept than cryptography simply scrambling bits for security.
Communications systems may begin at one device and may end at others, but communication begins at a biological mind and ends at other minds. By extending the ideals of cryptography to context associated with user perceptions we change the fundamental ideals we expect of cryptography. This broader ideal I coined Cryptocommunication. Cryptocommunication is actualized out of a realization that the user objectives for cryptography should drive the processes of technology, not the other way around.
But does the concept and context of content truly have a role within the idea and ideals of future cryptography? In my research over the last decade, I have shown that it can. Moreover, I am convinced that it must. If not, then we must concede that cryptography services only cryptography, a black art for arts sake, which I personally find both irresponsible and unacceptable to the engineering sciences. Moreover, if cryptography is expanded to the management of content, then the complex control of contexts to concept is the nucleus of the technical issues yet to be addressed by cryptographers.
Managing the context of concepts is the next great future of cryptography and the advancement of telecommunications. Just as the differentiation of motion changed the nature of physics, the integration of the concept of cryptography will change the nature of communication, not just the structure of telecommunications systems.
By our creating the technical processes of cryptography, we began the study of cryptography. We are continuing to ask a central question: What is cryptography? So far, we have tied the cryptographic process to the integrity and control of our armored pipe as authenticated content in a way we call security. Nevertheless, in the end it is not communications that we seek by using cryptography, but better communication. Security must not define communication. Better communication must define security.
 Symbolic Interactionalism, Perspectives and Method, Science Without Concepts, page 153, by Herbert Blumer copyright © 1969, published by Prentice-Hall, Inc. Library of Congress Catalogue No. 76-80731
Copyright (c) 2001-2007 RDFollendoreIII All Rights Reserved