The USA does not have an absolute ban on discussion of cryptography or posting of cryptography programs.
- in cases where posting of cryptography programs is permitted, the person who posted the cryptography program must immediately thereafter report the posting to the appropriate branch of the US government.
- Although the reporting onus is on the person doing the posting, then because arguments can be made that matlabcentral does not fall within the "Safe Harbor" provisions of US law, there are legal arguments that Mathworks might be considered the "publisher" for legal purposes, and that therefore Mathworks could be liable for posted cryptography programs that were not prompty reported by the author. This is a legal risk that is mitigated by Mathworks saying that such postings are not permitted
- the USA regulations generally permit discussion of encryption when the keyspace is no more than 56/64 bits (many 64 bit encryption techniques involve stuffing the MSB of 7 bytes into an 8th byte to get 64 bits with the top bit clear in each byte)
- For discussion with larger key spaces, the person must actively get permission for the discussion from the appropriate branch of the US government before the discussion happens.
- Major difficulty: the discussion of even small key-space encryption requires prior permission if users can readily extend the key space beyond 56/64 bits.
This bit about possibility to extend is a big PITA, because about the only encryption technique that cannot be readily extended to larger key spaces is the null encryption whose output is the unchanged source.
Every time I notice someone posting ROT13, I have to close the discussion, because ROT13 is a Caeser Cipher example that is very easily extended to arbitrary large keyspaces. Extending ROT13 to use a key of 'MATHWORKS' would result in a cipher that would require prior permission to discuss.
So legally speaking, it would be possible for Mathworks to permit discussion of small key space techniques, but only in one of the two situations:
- The program contains obvious and fundamental bugs that would prevent it from ever working as a successful encryption program -- not just small implementation bugs like an off-by-one that someone might be able to fix: it would have to be theoretical errors that make the program useless; or
- The program is so long and complex and obscure as to make it impractical for most people to understand and so it exceeds the required level of modification difficulty to make it work with longer key spaces
In practice, this means that they occasionally permit a sufficiently ugly program in the File Exchange, but that they cannot really permit encryption discussion.
So... why can encryption discussions be found in practice in Answers:
- Mathworks doesn't read every posting. They hope one of the volunteers will close or flag encryption discussions. None of the volunteers read every posting either. Things get overlooked.
- the boundaries between watermarking and steganography are rather blury.
- The legal restraints are on encryption specifically. Not on mathematical techniques that could potentially be used for encryption. For example function out256 = incr(in); out=mod(in+1,256); could potentially be used in the context of a Caeser Cypher. If the poster were to say that they wanted to do a Caeser Cypher we would have to block the posting. But it is a basic mathematical technique that has other uses. Elliptic Curves have other uses than just cryptography, so a question about Elliptic Curve compution is not inherently a question about cryptography. We aren't required to ask about intended use of everything.
