THE DRAWBACK in the simplest version of Gus Simmons' scheme is that the Soviets would not know everything being sent. But the secret key used to authenticate old messages would be periodically supplied to the Soviets, who could then exactly reconstruct the authentication words to determine whether espionage information existed. The Soviets could also dismantle a similar piece of authentication gear to discern its intelligence potential.

In that simple approach, the same key is used to encrypt and decrypt a message. In 1976, however, a different method emerged. Called public-key cryptography, it uses one key to scramble a message and a different key to unscramble it. Hence the ability to decrypt a message does not also permit one to make forgeries.

Such a scheme is ideal for verification work, for it allows authentication without secrecy, and it can prevent some convoluted ways of cheating. The United States would encrypt the entire message and share the decrypt key with the Soviets and any other third party. All parties could decipher the data as it was transmitted. Simmons' group at Sandia uses the Rivest-Shamir-Adleman algorithm where the encrypting party bases its key on a pair of prime numbers P and Q that are kept secret and are so large that factoring N = PQ is beyond all projected capabilities of computers. The U.S. would be confident that the data were genuine because it would be practically impossible, even with supercomputers, to determine the encryption key in time to alter the data.

But under that scheme, the party doing the encryption could send a forgery. Because of that ability, the Soviets could disavow any incriminating message, telling the United Nations, for example, that U.S. data indicating a trainload of illegal SS-20 missiles was a fabrication. So in 1980, Simmons' group devised a method whereby the U.S. and USSR would collaborate in the encryption.

But several years ago, it was realized that unilateral action of either party -- saying its secret encryption key had been compromised, for instance -- would circumvent the system. So Simmons, in his fourth iteration, proposed that a third party do on-site encryption using the public-key technique. With at least three parties contributing to the message-scrambling, the system was immune to impeachment by unilateral actions.

"Each time you solve one problem and peel off that layer of difficulty," says Simmons, "you find a more subtle one inside." But for now at least, he thinks the problem is finally solved. If the Soviets do not agree on his first-generation system, there are many alternatives.