The Cryptography Project

Note: This page is no longer being maintained. Go to my home page for current pages.

The Cryptography Project focuses on encryption policy, but some technology is also covered. This page provides links to papers that I have authored or co-authored and to other selected documents and web pages. See copyright notice for general information on copyright restrictions. -- Dorothy E. Denning

• Denning articles on cryptography and wiretapping
• Denning letters, testimony, comments, debates
• U.S. Cryptography Policy
• International Cryptography Policy
• COSC 350  Codes and Ciphers
• Other Documents and Sites

Denning Articles on Cryptography and Wiretapping

• Hiding Crimes in Cyberspace (Word 97 without figures) - Denning and Baugh, Information, Communication and Society,  Vol. 2, No. 3, 1999, pp. 251-276.  Also to appear in Cybercrime, Routledge. Use of encryption, steganography, anonymity services, and other technologies for hiding crimes.  An HTML version  is on John Young's Cryptome.
• Easy Guide to Encryption Export Controls - Denning and Baugh, September 1999, describes regulations prior to September 16, 1999 announcement
• Cases Involving Encryption in Crime and Terrorism - last updated October 7, 1997
• Encryption and Evolving Technologies as Tools of Organized Crime and Terrorism - Denning and Baugh, excert from the introduction to paper published by the National Strategy Information Center's US Working Group on Organized Crime - May 15, 1997 - full paper
• Encryption Policy and Market Trends - Revised May 17, 1997
• Export Controls, Encryption Software, and Speech - Statement at RSA Data Security Conference, January 28, 1997
• Encrypting the Global Information Infrastructure - July 1996 paper in Computer Fraud & Abuse
• A Taxonomy for Key Key Recovery Encryption Systems - May 1997 paper on key recovery terminology and approaches - revised from A Taxonomy for Key Escrow Encryption Systems - March 1996 CACM - coauthored with Dennis Branstad
• Descriptions of over 30 Key Escrow Systems - descriptions of key recovery systems and approaches
• Decoding Encryption Policy - Denning and Baugh Feb. 1996 Security Management article
• Key Escrow Encryption Available - article in Lathe Gambit News Briefs
• The Future of Cryptography - revised Jan. 1996 but does not reflect my current thinking
• Crime and Crypto on the Information Superhighway - 1995 JCJE paper
• MIT Technology Review article on Clipper - July 1995
• Is Encryption Speech? A Cryptographer's Perspective - Feb. 1995
• Key Escrowing Today - Denning & Smid Sept. 1994 article on Clipper chip and its key escrow system
• Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy - ACM study report, 1994
• The SKIPJACK Review: Interim Report and LaTeX Appendix - July 1993
• Skipjack specs -- declassified in June 1998
• To Tap or Not to Tap - March 1994 CACM debate on encryption and wiretapping
• Wiretap Laws and Procedures - with Don Delaney, John Kaye, and Alan McDonald - Sept. 1993

Denning Letters, Testimony, Comments, Debates on Cryptography and Wiretapping

• Testimony on H.R. 850 Before the Subcommittee on Courts and Intellectual Property, Committee on the Judiciary, U.S. House of Representative - March 4, 1999
• Is Triple DES Secure? - comments on recent announcement of weakness, April 1998
• Denning & Baugh Testimony Before Senate Judiciary Committee, Subcommittee on Technology, Terrorism, and Government Information - Sept 3, 1997
• My position on encryption policy - last updated 6/97
• Remarks before the House Science Committee Technology Subcommittee - Nov. 26, 1996
• Dorothy Denning vs. John Gilmore on Hotwired's Brain Tennis - July 29 - Aug. 7, 1996
• My comments of June 11, 1996 on the NRC Cryptography Report, May 1996
• My Letter to Senator Leahy on S.1587: The Encrypted Communications Privacy Act - Mar. 1996
• Roving Wiretaps and the Anti-Terrorism Bill
• Criterion #5: Access Through Sender and Receiver - rationale, technical approaches, exposure risks, and wording - Dec. 1995 comments on software key escrow proposal
• Testimony on Encryption and GPS/WAAS - June 1995
• Testimony Before U.S. House of Representatives, May 3, 1994
• The Denning-Barlow Clipper Chip Debate - March 10, 1994
• Newsday Editorial on Clipper

U.S. Cryptography Policy

• September 16, 1999 Announcement and followup regulations
• Draft regulations - January 10, 2000
• Policy update documents from the Administration, including White House Press Statement, fact sheet, and questions and answers
• Batch of documents on the crypto policy update, including the White House press conference transcript, a Commerce Department statement, the President's transmittal letter to Congress for the CESA bill, and fact sheet
•  A preliminary copy of the Cyberspace Electronic Security Act (CESA), including a section by section analysis
• Export Regulations
• Commercial Encryption Export Controls - Government documents on encryption policy and export controls
• Export Administration Regulations (EAR)
• Liberalization 2000: Recommendations of the President's Export Council Subcommittee on Encryption (PECSENC) - June 1999
• Easy Guide to Encryption Export Controls - Denning and Baugh, September 1999, describes regulations prior to September 16, 1999 announcement
• Bureau of Export Administration 1997 Annual Report (pdf) - excerpts in html
• Encryption Items Transferred From the U.S. Munitions List to the Commerce Control List- Federal Register, Dec. 30, 1996 - Amendment to ITAR
• Congressional Bills
•  H.R.850 - Security and Freedom Through Encryption (SAFE) Act, introduced by Goodlatte and Lofgren, February 25, 1999
• S.798 - Promote Reliable On-Line Transactions to Encourage Commerce and Trade (PROTECT) Act of 1999, introducted by McCain, April 141999
• S.854 - Electronic Rights (E-Rights) for the 21st Century Act, introduced by Leahy, April 21, 1999
• H.R. 695 - SAFE Bill, introduced by Goodlatte February 12, 1997
• S.909 - Secure Public Networks Act, introduced by McCain and Kerrey June, 1997
• S.377 - Pro-CODE, introduced by Burns and Leahy, February 27, 1997
• Legal challenges to export controls
• Junger case - US Court of Appeals Decision, April 7, 1999
• Law enforcement statements on crypto policy
• Encryption: Impact on Law Enforcement - June 3, 1999 - states FBI position and gives summary of Congressional legislation
• FBI Director Louis Freeh's Testimony Before Senate Judiciary Committee - July 9, 1997
• DOJ statement on crypto policy
• FBI Director Louis Freeh's testimony before Senate Committee on Commerce, Science, and Transportation - July 25, 1996
• Law Enforcement in Cyberspace Address by the Honorable Janet Reno to the Commonwealth Club of California, June 14, 1996
• Administration statements and papers on crypto policy
• Cyberspace Electronic Securiity Act - August 1999, draft bill regarding protection and disclosure of recovery information and establishing procedures for a mechanism under which the government can, with a search warrant, install a recovery device on a computer that would allow access to keys or plaintext
• Encryption Key Recovery - Government documents on key recovery/escrow encryption policy and technology
• Statement of the Vice President - November 15, 1996 announcement of special envoy for cryptography and executive order
• Executive Order on Administration of Export Controls on Encrypton Products - November 15 EO trasferring jurisdiction from State to Commerce Dept
• Statement of the Vice President- October 1, 1996 announcement of initiative to relax export controls
• Administration Statement on Commercial Encryption Policy and Why We Are Taking the Current Approach - July 12, 1996
• Enabling Privacy, Commerce, Security and Public Safety in the GII - Adminstration draft paper, May 17, 1996
• Clipper Chip Announcement - April 16, 1993
•  NIST materials on cryptography
• Advanced Encryption Standard (AES)
• Encryption - general
• Public-key infrastructure
• Other - including key recovery
• NRC Report: Cryptography's Role in Securing the Information Society, May 30, 1996 - Prepublication copy of Overview and Recommendations -Prepublication copy of full report - My comments
• FBI Wiretap Capacity Requirements under CALEA
• FCC Ruling on November 5, 1998
• Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy - ACM study report, 1994

International Cryptography

• International crypto regulations
• Crypto Law Survey by Bert Jaap Koops
• Cryptography and Liberty 1999: An International Survey of Encryption Policy by EPIC
• Countries
• Australia
• Attorney-General's Electronic Commerce Expert Group
• The Walsh Report
• Canada
• A Cryptography Policy Framework for Electronic Commerce - 1998 - Analysis of Submissions
• Denmark
• Report by Expert Committee on Cryptography
• France
• French law on trusted third parties - analysis and translation by Steptoe & Johnson
• French decree to lift many controls - March 17, 1999
• Ireland
• Framework for Ireland's Policy on Cryptography and Electronic Signatures
• Sweden
• Crypto policy
• U.K.
• UK papers on Electronic Commerce and Licensing Regime for Trusted Third Parties
• U.K. Paper on Regulatory Intent Concerning Use of Encryption on Public Networks - DTI paper of June 10, 1996
• Survey of Views on Government Access to Encrypted Information in the U.K. - 1996
• OECD Cryptography Policy Guidelines - OECD Dec '96 news release
• Wassenaar Arrangement on Export Controls
• Cryptography and Liberty - An International Survey of Encryption Policy - Global Internet Liberty Campaign
• Pan-European Confidentiality Services Pilot with Key Recovery
• The International Cryptography Institute
• Legal and Technical Developments, April 29-30, 1999, Washington DC
• Global Challenges, September 21-22, 1995, Washington DC
• Keynote Talk by FBI Director Louis J. Freeh
• Industry statements at ICC-BIAC-OECD Business-Government Forum, December 1995
• IBAG (INFOSEC Business Advisory Group) Statement
• EUROBIT-ITAC-ITI-JEIDA Statement
• National Information Systems Security Conference, Oct. 22-25, 1996 - panel on International Perspectives on Encryption
• Joint Australian/OECD Conference on Security, Privacy, and Intellectual Property Protection, February 7-8, 1996, Canberra, Australia
• Computers, Freedom, and Privacy 96 panel on International Developments in Cryptography

Other Documents and Sites

• AccessData - provides key/password recovery products and services
• Americans for Computer  Privacy - coalition of 40 trade associations and over 100 companies and 3,000 individuals
• AOL E-Commerce Project
• Bellcore announcement of crypto attacks against smart cards
• Center for Democracy & Technology (CDT) - Senate and House encryption bills
• Computer Systems Policy Project - CSPP crypto report
• COMSEC Solutions - Cryptographic and Biometric Countermeasures
• CRAK Software
• democracy.net - Senate and House encryption hearings
• Distributed.Net - cracking RSA challenge ciphers
• Electronic Frontier Foundation (EFF) crypto page - law suits and ruling challenging export controls
• Electronic Privacy Information Center (EPIC)
• Nick Ellsmore - Cryptology: Law Enforcement & Naitonal Security vs. Privacy, Security & The Future of Commerce
• Factoring on the web
• Foundation for Information Policy Research - UK
• Michael Froomkin - many excellent papers on encryption policy and legal issues
• GCHQ papers on origin of public-key cryptography
• George Washington University, Cryptography Policy Institute
• Brian Gladman
• Global Internet Liberty Campaign (GILC)
• Global Trust Register
• Peter Guttman - papers on security weaknesses in products
• Hewlett Packard - International Cryptography Framework Press Announcement- November 18, 1996
• IBM - Alliance to enable international strong encryption - SecureWay crypto infrastructure - Position statement on cryptography policy
• IETF - Architecture for Public-Key Infrastructure
• Information Hiding Workshop - at Isaac Newton Institute
• Internet Privacy Coalition - includes Golden Key Campaign
• ISAAC - Internet Security, Applications, Authentication and Cryptography at UC Berkeley
• Neil Johnson - site on steganography
• Paul Kocher - Cryptography Research - papers on tdifferential power analysis, iming attacks, other
• Bert-Jaap Koops - Crypto Law Survey - survey of international crypto regulations
• NSA
• National Cryptologic Museum- NSA Venona Project
• Threat and Vulnerability Model for Key Recovery (KR) - unofficial NSA document, February 18, 1998
• PGP - Download from MIT
• Phil Reitinger's paper on Compelled Production of Plaintext and Keys
• Ron Rivest- links to Rivest's papers, other cryptographers, and other resources
• RSA Data Security - Challenge Ciphers
• Bruce Schneier - essay Why Cryptography is Harder than it Looks
• SourceFile - key recovery services
• Steganography
• Steptoe & Johnson, Law and the Net - articles by Stewart Baker and others
• TriStrata Security - enterprise-wide security
• Trusted Information Systems - commercial key escrow, crypto survey, and ICE
• John Young Architect - Cryptome - extensive collection of documents