Don't you...anybody touch...This is my stuff!

She said, ``Don't you...anybody touch...This is my stuff!''
And I said, ``...you (*&^@&* die,'' like that.
I was finishing her part for her.
You know what I mean?
- Pixes (Vamos)

One question we have not addressed is that of someone modifying your anatomical monograph while it is in transit to the King. What if, when you were using an asymmetric cipher, one of the ``Double 0's,'' say 009, intercepted your treatise as it was on-route to the King and replaced it with a fake treatise encrypted using the King's public key. As the King's public key is in all the newspapers, it would be no trouble for the 009 to intercept your dissertation and switch it with sham research. All he would have to do is drub the messenger and don his clothes. How do we guard against this?

The first line of attack in dealing with such problem of message integrity is to introduce what is called a ``message digest.'' A message digest is an algorithm that given a set of data, say your anatomical monograph, computes a number associated with this input data. This number is often called the digest associated with the input data. What makes a message digest useful is that different input data leads to different numbers. So, for example, assume that your anatomical dissertation, before being encrypted, is fed to a message digest and yields the number 42. Assume then that you send two couriers to the King, one with the encrypted monograph and a second with the message digest of the plaintext dissertation. The King, upon obtaining both the encrypted dissertation and the message digest of the plaintext dissertation, decrypts the dissertation using his private key and computes the message digest of the decrypted dissertation; he then compares the message digest he computed with the message digest he received, see figure . If both are 42, he can be reasonably sure of your message's integrity, but only reasonable sure.

As there are so many ``Double 0's'' are on the prowl these days, her majesty's secret service in cahoots with Pope Leo X might enlist two ``Double 0's'' in a pincer movement to intercept your King bound missive. The first ``Double 0'' could intercept the ciphertext of your research and replace it with a sham ciphertext while the second ``Double 0'' could head the digest off at the pass and substitute it with a digest of the sham plaintext. The King, sitting pretty in his castle, would not be able to determine that the monograph did not come from you, Leonardo. The King computes both digests, as in figure , and finds that they match. So, what is to be done to guarantee message integrity?

The most common manner of dealing with this problem is to use what is called a ``signature.'' This is not a signature in the sense of a little illegible squiggle on a piece of paper that identifies you and only you, but it is an information age stand-in for this old standard of pen to paper. Say if you, in your role as the neuvo Leonardo, decided not to simply send the King the digest, but to put a little more thought into the process. Say if you compute the digest, then using your private key encrypt this digest with an asymmetric cipher, this encrypted digest is called a signature. If you now send this signature to the King along with a ciphertext version of your thesis, see figure , the King can use your public key to decrypt the signature to a digest and can use his private key to decrypt your ciphertext to plaintext. He can then compute the digest of the plaintext he decrypted and compare it to the digest he obtained from the signature. If they match, then he can be pretty sure that the monograph is actually from you and has not been modified in transit.

If you use a signature, then even if the ``Double 0's'' thrash both message boys, they can't replace the signature with a signatue matching their sham ciphertext as they don't have your private key. With this scheme we almost have a fool proof means of transmitting the message, but there still remains one sticking point. Do you see it?

The problem is that the King may not have a ``secure'' method of obtaining your public key. As the King's got gobs of filthy lucre stashed under his bed, so much so that sleeping is becoming a problem these days, he can afford to publish his public key in all the rags of the land. You, although you aren't doing to shabbily these days, don't have the resources to hire a biplane to write your public key large across the sky of Italy. So, to get your public key to the King you need to either have someone deliver it to the King or deliver yourself, and as you don't have time to go gallivanting across the olive tree pepered plains of Italy, the only choice is to get someone else to go on this vision quest for you. However, this journey becomes a single point of failure.

If one of the ``Double 0's,'' intercepts this public key on its maden journey and replaces with a bogus one, then the whole house of cards come crumbling down. Two more ``Double 0's,'' say 002 and 009, could thrash the messengers delivering the ciphertext and the signature, see figure . Upon doing so they could replace the ciphertext, using the King's public key, and the signature, using the private key corresponding to your intercepted public key, with a bogus ciphertext/signature pair and the King would be none the wiser. What we need is a method for any ``Joe,'' or Leonardo for that matter, without a King's shekels to distribute their public key in a ``secure'' manner. What is to be done?