Charles William Merritt (born 1951)

Source : 1995 (March edition) of "PGP : Pretty Good Privacy"

1995-03-pgp-pretty-good-privacy-garfinkel.pdf /

Charlie Merritt

Charlie Merritt got his start in cryptography in 1977 in Houston, where he was technical director of a microcomputer marketing company. A friend in Arkansas sent him a copy of the original MIT public key paper by Rivest, Shamir, and Adleman. The friend wanted to know if RSA could be implemented on a microcomputer.

Merritt said, "Yes."

In 1980 Merritt moved to Fayetteville, where he formed a company with two other people to create an encryption system for Z80-based computers running the CP/M operating system. Merritt was right: RSA could run on the puny microcomputers of the time. It ran slowly but not as slowly as Merritt had feared. "We thought it would take a week or two to generate a 'pretty big' key. Encryption of a file might take 20 minutes," Merritt recalls. "Well, we did better than that. 256bit keys generated in 10 minutes; a small file encoded in 20–30 seconds."

Merritt and his friends started selling a system called DEDICATE/32, which performed encryption using 32byte (256bit) keys. After a while he had a falling out with his two partners and set up a new company called Merritt Software, which contracted with Merritt's former company to market DEDICATE/32.

By 1983 Merritt Software was having a problem: "Most interest came from business people who wanted privacy from Banana Republic competitors that had bribed 'El Jefe' or were related to him," he says. The company also kept getting visits from NSA employees ("They always travel in pairs," Merritt says) who informed Merritt Software that their RSA programs were "munitions" and couldn't be legally exported to any country in the world except Canada. "We had few customers as close as Canada. Evil spies could buy crypto in the U.S. and sneak it 'over there' and copy the beeJesus out of it, but I couldn't make an honest $50 by selling it to a business person who wanted privacy!" Merritt complains.

Merritt's call to Metamorphic was actually a marketing gimmick. Merritt had bought a few computer magazines and was calling every single company that might be the least bit interested in having his RSA encryption package run on its computer. (At this time, RSA had no known patent restrictions. Although MIT had filed for the patent on the RSA encryption algorithm, the patent had not yet been issued.)

Zimmermann "was the most gee-whiz-whoopie enthusiastic character I had run into," recalls Merritt. "He didn't have a need for crypto, but as he told me, he had been interested in ciphers since the Boy Scouts had introduced him to the subject. He was the only person I had run into that knew nothing about public keys, and wanted every single detail on how to do it. The thought crossed my mind that he might be a practical joke inspired by a friend."

Zimmermann told Merritt that he was anti-Big-Brother. Merritt liked that; he was really angry at the NSA for almost driving his company out of business with its policy against exporting cryptography. The two hit it off.

Indeed, Zimmermann had a lingering interest in cryptography since he had been a small boy; he simply hadn't had anyone to share it with and any practical knowledge of how to implement it. In fourth grade, Zimmermann found a copy of the book, Codes and Secret Writing by Herbert S. Zim, and read it cover to cover. "It was really cool," remembers Zimmermann. "I learned Morse code and Braille from it, and made invisible ink from lemon juice." A few years later, Zimmermann was making code wheels and transposition ciphers. He made codes in college with the school's computers. He even knew about the RSA algorithm that Merritt was using because he had written Ron Rivest asking for a copy of the RSA paper described in Scientific American.

Zimmermann had considered writing his own RSA implementation shortly after he received the original MIT paper but quickly gave up: microcomputers, Zimmermann thought, were just too slow. And here was Charlie Merritt, who had gotten RSA to work on a puny Z80. How did Merritt do it?

Merritt showed Zimmermann how. The Arkansas programmer had no formal training in mathematics, but he had taught himself the secrets of doing arithmetic with 100-digit numbers on a personal computer. Now he was teaching Zimmermann.

"He called more than once a week for [several] years," recalls Merritt. "He at first knew virtually nothing, but as time went on he began to grow quite formal. It was during this early time that he and I talked about his 8088 card for the Apple II and putting crypto on it. He studied the DES and gave me my first understandable explanation of why the cipher feedback would not melt down on a communication error.

I realized that this guy was real, and that he had a vision I had given up. He had drive, I felt beat. He began talking about protocols, in great detail. For hours, on the phone. I hate protocols, that's for the Phone Company. But he needed a brick wall. Then he began asking exactly how math was implemented on a Z80. I mean detailed stuff about memory allocation, and adding two giant numbers and what about the carry bit. We were back in my territory."

Merritt's territory, it turned out, was programming computers in assembly language—the actual machine code used by the computer. Zimmermann was a C programmer. He wanted to program in a language that could be run on more than one computer. Merritt thought that C was some sort of "weird language that PRZ

[Zimmermann] was hot on." Zimmermann sent Merritt a copy of Kernighan and Ritchie's C bible, with an inscription that said "Move into the 1980s." It was June 1985.

Phil Zimmermann Meets Public Key

Although the mathematics behind the RSA algorithm are theoretically simple, the difficulty of writing an RSA program is in performing the actual arithmetic. Making RSA work requires that you multiply numbers that are hundreds of digits long, then take those numbers to very high exponents, and finally perform modulo arithmetic.

Most computer languages have multiplications, exponentiation, and modulo-division built in, but they are limited in their precision to 10, 15, or 20 digits. To make RSA work securely with 200-digit numbers, you must write your own multi-precision arithmetic functions. While you can easily find these algorithms in textbooks today, such algorithms were relatively obscure just ten years ago. They were also difficult to teach over the telephone, as Merritt and Zimmermann discovered.

By the summer of 1986, Merritt and Zimmermann decided to have their first face-to-face meeting. The stated purpose of the trip was to teach Zimmermann the fine details of performing multi-precision arithmetic on a computer. Zimmermann was thinking of starting on his own project: an implementation of RSA for the computer that seemed to be taking over the world, the IBM PC. Merritt would fly to Boulder and stay with Zimmermann and his family for a week.

For Merritt, there was a second purpose for the trip as well. For more than a year, Merritt had been doing contract work for RSA Data Security, the company that Ron Rivest, Adi Shamir, and Len Adleman had started back in 1983. In February of 1986, RSADSI had hired a new employee, Jim Bidzos, who had risen to become the company's president within a year, firing all of the company's other employees and hiring his own team in the process. Merritt wanted to meet Bidzos. As for Bidzos, he had business in Denver: it was a simple matter to cruise down to Boulder and see Merritt. Meeting Merritt in Boulder was a lot easier than flying to Arkansas. The meeting was set.

A few days before Merritt flew to Boulder, he touched base with Bidzos. Bidzos said that he knew one of the best steak houses in Boulder. Merritt and Bidzos planned to go "eat thick slabs of dead cow, drink, and smoke some fine cigars in a dim steak house," recalls Merritt. "What a good way to meet someone you had been doing business with." To Bidzos, the fact that he was also going to be meeting Phil Zimmermann was inconsequential.

Face to Face with Jim Bidzos

Boulder, Colorado. November 1986. From the first moment that Merritt, Bidzos, and Zimmermann met, the three were off to a rocky start. Merritt found himself in the middle. On the one hand, Merritt's politics were more in line with Zimmermann's: neither trusted the government. Merritt had protested against the war in Vietnam, whereas Zimmermann was in the middle of his crusade against the nuclear arms race. Bidzos, Merritt learned, had volunteered for the U.S. Marines despite his being a Greek citizen. And yet, Merritt was working for Bidzos—and on a military contract, at that. When Bidzos learned that Zimmermann was a programmer, he asked Zimmermann if he wanted to help on a contract for the United States Navy. The contract wasn't classified or relevant to weapons, but Zimmermann refused. Sure, he needed the money, but how could an anti-nuclear peace activist work on a military contract?

Bidzos brought with him two copies of RSA Data Security's new MailSafe product, the program Ron Rivest wrote to sign and encrypt electronic mail. In many ways,

MailSafe was similar to the program that Zimmermann was thinking of writing.* Bidzos left a copy of the program with Zimmermann. They talked about encryption, and Zimmermann claims that during their meeting, Bidzos offered him a free license for the RSA algorithm—a claim Bidzos hotly disputes. The three then set their minds on dinner, and the evening continued to go downhill.

( * Despite MailSafe's similarities to PGP, Zimmermann says that he doesn't remember much from the demonstration and that he promptly lost his copy of MailSafe after Bidzos left.

Bidzos, on the other hand, claims that PGP is little more than a bad ripoff of the ideas that originated with MailSafe. It is true that the two programs have the same basic functionality, but they differ in two very important ways. The first has to do with the user interface: MailSafe has a graphical user interface, while PGP can be run only from the command line. The second is that MailSafe's system for encoding binary data as ASCII has a simple error-correction system that can correct some kinds of transmission errors — an important feature for people who are sending encrypted files by modem. )

Zimmermann vetoed the idea of going to the steak joint: he didn't drink and didn't smoke and he wasn't much of a meat-eater.

As the host of the evening, he had some influence on where the three men went for dinner. They ended up in the no smoking section of a well-lit restaurant that Merritt says was "PC before PC was PC."

"I was mixed up," recalls Merritt. "Jim and PRZ weren't. They flat out didn't get along. Jim kept pulling me aside, asking what was wrong with PRZ. PRZ kept giving me disgusted looks about the reactionary sitting with us." "Zimmermann kept saying he wanted to move to Canada so his tax dollars wouldn't go to military defense," recalls Bidzos. "I explained that Canadian tax dollars do the same."

Bidzos left for California the next day. Merritt stayed for a week at Zimmermann's house, teaching him everything he knew about doing fast arithmetic with huge numbers on a microcomputer. Phil's wife was a wonderful cook, Merritt recalls, and the house was a comfortable yuppie-ish place with a hippie crashpad feel to it.

"When I left, PRZ knew how my codes worked. He knew 95 percent of what I knew. He was now a 'real danger' to the national security machine."

1983 (April) - Quoted in Infoworld, as member of "PKS"


Apr 18, 1983

68 pages

Vol. 5, No. 16

ISSN 0199-6649

1981 (Sep) - Father passes


1946 - Parents in ...



2018 - In Albuquerque New Mexico ?



1999 - March 3

"MERRITT -- Robert M. Merritt, a second-generation native New Mexican, passed away on march 6, 1999 after a long illness. He was born on May 16, 1924, in Lucy, New Mexico. He was preceded in death by his parents, Thomas E. and Rose D. Merritt; brother, Lee Weldon Merritt and a sister, Tommie J. Vaughan. Robert is survived by two brothers, William C. Merritt of Truth of Consequences, NM and George L. Merritt of Houston, Texas and four sisters, Opal Garland of Estancia, NM, Lucy Clark and Ina Mitchell of Albuquerque, NM and Lynette Cox of Renton, WA; many nieces and nephews and cousins. Robert received his BS degree in Electrical Engineering from the University of New Mexico after serving in the US Army in World War II. He also completed many courses at the Geo Washington University in Washington, DC. He was wounded in the Battle of the Bulge suffering a shattered hip. He was a member of the National Society of Professional Engineers, The Illuminating Engineering Society, American Institute of Electrical Engineers and the Institute of Radio Engineers, Sigma Tau Chi Fraternity Chapter and The Society of American Military Engineers. He was employed by the Department of the Army Corps of Engineers for 27 years serving many of these years in the Middle East building military bases, specifically designing electrical generation and distribution systems for which he was awarded Sustained Superior Performance awards. He received laudatory comments from the Secretary of Defense Weinberger and Secretary of the Army Marsh regarding his performance during the construction of the Neger-Airbases for world peace-especially in the Middle East. He was a member of the Ewing Community Baptist Church. He attended the Ewing Community Elementary School and graduated from Estancia, NM High School. After returning from the Corp of Engineers, he returned to his farm in the Ewing Community residing there until his illness prevented this. Interment will be in the Santa Fe National Cemetery in Santa Fe, NM after a private service at French Mortuary, 7121 Wyoming Blvd. NE. "