The Evolution
of
Cryptography
From Caesar To RSA:
Investigations in the Flaws and Advantages
Jeffrey Buttaccio
Sam Heald
CPS 182s: Final Project
Due 12/10/03
Abstract:
This paper examines the practical utility of RSA encryptio
n as a means of
securing data. Recent announcements over the past ten years concerning the breaking of
RSA encryption keys have raised doubts about the security of RSA encryption. After all,
the scientists who came up with RSA initially claimed that such k
eys would take millions
of years to break. Our analysis of this topic is divided into two large headings: the history
of Cryptography and RSA. The history of cryptography demonstrates the cryptography is
always improving as a result of pressure by cryptana
lyst techniques. Once a flaw in a
technique is uncovered, the cryptography changes to accommodate the flaw and make
itself more secure. RSA did not come from nothingness, but rather a series of
cryptographic exploits that have evolved into the cryptography
goliath that exists today.
In examining, the ways that other techniques have failed in the past, we are also
demonstrating the ways that RSA has improved upon those flaws. The second half of the
paper analyzes RSA cryptography in depth both its algorithm
and its implementations.
RSA can be subverted and there are alternate cryptographic techniques, but ultimately
RSA remains the most ideal form of cryptography to date and in the foreseeable future.
Thesis:
Throughout history, there has been a constant bat
tle between the cryptographers
that encrypt and the cryptanalyst that break the encryption. Recently, there have been a
series of findings concerning flaws and security leaks in implementations of RSA
encryption. Coupled with the latest news concerning the
breaking of a higher numbered
RSA encryption key, the credibility of RSA has been called into question. However, RSA
represents an extraordinarily secure encryption scheme that is not threatened by many
forms of subversion. With careful attention, RSA sti
ll represents a nearly unbreakable
cryptographic scheme that has come as a direct result centuries of cryptographic
evolution.
1. Introduction
Often, there is a need for two parties to send messages securely without having to
worry about a third party i
ntercepting the message in between. For instance, a military
campaign based upon surprise still needs to be able to coordinate its attack. The science
Cryptography was spawned out of a need to ensure that a message would remain secure
even if it were inter
cepted along the way. The field has a long and diverse history, and
the encryption schemes produced often speak to at hybrid nature of encryption that is
split between art and science. From the simple Caesarean shift algorithm, to the Enigma
machine, throu
gh RSA encryption, and to quantum cryptography, the field has progressed
in leaps and bounds to the ever present goal of an absolutely indecipherable encryption
scheme. While that goal may have been reached with quantum cryptography, the field is
not in da
nger of dying out. RSA is beyond contestation as a great, practically
indecipherable encryption system. The weaknesses in RSA boil down to three unique
factors: (1) the reliance on a private key, (2) the dependence on prime numbers being
very difficult to
factor, (3) the limitations of modern day computers. The latter two are
interrelated in that modern computers are limited in their ability to factor. As factoring
algorithms improve and computers become faster, RSA becomes less secure. The
reliance of a pr
ivate key represents the biggest crutch that RSA encryption which hackers
have attempted to exploited. However, with proper implementation, all three issues can
be avoided to a large degree. While the press may give attention to when poor
implementations e
xpose leaks in the encryption, RSA offers an undeniably superb
encryption scheme that will not be compromised in the near future.
2 History of Cryptography
Cryptography is the science of scrambling data in order to prevent unintended
parties from deciphe
ring and reading the content of that data. Cryptography can be
divided into two categories: transposition and substitution. Transposition involves the
systemic swapping of information within a data set. For example, a simple transposition
algorithm would c
ouple the characters of a text document into pairs. Each pair would
then swapped, “ABCD” becomes “BADC”. This sort of technique represents bad security
because once the encryption algorithm is known, any past and future encrypted text has
been irreconcilab
ly compromised. For this reason, transposition is not an effective
cryptographic technique. As the name implies, substitution involves the substitution of
encrypted data for the plain text. The effectiveness of the substitution depends on how
easily a thir
d party could determine the key with which the data was encrypted. A greater
number of combinations that must be checked results in a more secure algorithm. The
argument for substitution over transposition can be summed up by “Dutch linguist
Auguste Kercko
ffs von Neiuwenhof...: ‘Kerckoff’s principle: The security of a
cryptographic system must not depend on keeping secret the cryptoalgorithm. The
security depends only on keeping secret the key.”
i
Cryptanalysis is the science of
breaking cryptography. As cr
yptography as evolved, the methods have become more and
more advanced to counter cryptanalysis techniques.
2.1.1
Caesarean Shifts:
The Roman Empire implemented one of the earliest forms of a substitution
cipher. Named for the emperor, Julius Caesar, the
Caesarean Shift seems very basic by
modern standards. However, prior to the technological advances of the past century, the
Caesarean technique was practiced for nearly two millennia from the times of Caesar in
the second century A.D. to the American Civil
War
ii
. The technique involves shifting the
alphabet a specific number of times. For example, a shift of 3 would result in ‘A’ being
encrypted as ‘D’. The alphabet wraps around such that the letter after “Z” shifted once
would be “A”. In order to standardiz
e the text, every character is converted to uppercase
and all punctuation is removed. Suppose we wish to encrypt Caesar’s famous quotation,
“veni, vidi, vici” (translation: I came, I saw, I conquered) with a shift of Caesarean Shift
of three. The unencrypt
ed text, “VENI VIDI VICI,” would translate into “YHQL YLGL
YLFL.”
A simple implementation can be witnessed in the Alberti cipher disk, named for
its inventor, Leone Battista Alberti. Essentially, the alphabet is wrapped around a
stationary inner disk and
an outer free

moving disk, allowing the encryption and
decryption to take place easily by rotating the outer disk (see Appendix A). Our program
implementation treats each alphabet letter as an index and the shift as an increase in that
index. Therefore, th
e encrypted character lies a shifted amount higher than the actual
character. In java code:
private final String myAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
private int myShift;
public void doEncrypt(InputStream in, PrintStream out) {
while (reading in
word from in to word) {
//strip away punctuation and make uppercase
word = stripPunc(word.toUpperCase());
//iterate over the word
for (int k = 0; k < word.length(); k++) {
//get index of current char in alphabet
int i = word.charAt(k
)

'A';
//add the shift (mod 26 to wrap around)
i = (i + myShift) % 26;
//output the encrypted character
out.print(myAlphabet.charAt(i));
}
}
}
This simple encryption technique cannot be decrypted at a brief glace with the human e
ye
which is why was used for so long. However, given time and an Alberti cipher disk, one
merely has to try all twenty

five possible shifts before finding the right one. A computer
program (SimpleCaesarBreak) can run all possible shifts, look up the decryp
ted text
words in a dictionary, and figure out which cipher was used instantly. This brute force
technique renders the Caesarean shift completely worthless.
2.1.2 Random Substitution Ciphering:
The security of a single substitution cipher can be improvin
g dramatically by
casting off the reliance upon the order of the alphabet. Rather than shifting the alphabet,
one randomly equates letters to a cipher alphabet. For example, ‘A’ might encrypt to ‘R’,
and ‘B’ might encrypt to ‘D’. As a result of this random
ness, there are roughly 26!
factorial (or 4 x 10
26
) possible rearrangements. Even the faster computers of modern
times would take a very long time to try every possible cipher. “If an enemy agent were
to check one of the possible keys per second, it would
take roughly a billion times the
lifetime of the universe to check all of them and decipher the message.”
iii
2.1.3 Breaking Single Substitution Ciphers:
Cryptanalysis has been able to prove that deciphering a randomly

determined
cipher alphabet can take
much less time than the above estimate. First noticed by Arab
scientists of the tenth century, letter frequency is fairly predictable. Depending on which
language is being used, certain letters will occur more frequently than others. For
example, in Englis
h, the letter ‘E’ will occur much more frequently than the letter ‘Q’. A
complete table is available in Appendix B. Because each letter is only being substituted
with a single cipher value, the encrypted character will occur just a frequently as its
plaint
ext counterpart. The more frequently occurring plaintext characters will be the more
frequently occurring cipher characters. Small excerpts of text might vary from the
expected frequencies, but on larger encrypted texts, the frequencies will only vary with
in
a half percent of the norm. Using frequency analysis, a cryptanalysist can make educated
guesses and deduce the cipher alphabet being used.
We were able to demonstrate the effectiveness of this technique by encrypting a
section of Melville’s “The Noto
rious Jumping Frog of Calaveras County” with a
randomly generated cipher alphabet. First, the program counts the occurrences of each
cipher character in the file. Each cipher character’s frequency is then compared to the
expected frequencies of each charac
ter. Then, the program iterates over the file a second
time. For each word, the program will try the next five best matches for each of the
characters. Once a combination has found that matches a word in the dictionary, a portion
of the cipher alphabet has
been uncovered. The characters are identified as the “best
match”. If future words contradict the match, the cipher alphabet will update accordingly.
If no match occurs, the program assumes a misspelling or an odd character and will move
on. We were unabl
e to get the program working, but we could see the effectiveness of the
technique. No frequency within the text file varied more than one percent from the
expected frequency.
2.2 KeyText Substitution:
KeyText substitution is a more complicated single su
bstitution that avoids the
problems of having only one cipher alphabet. First, a source keytext is chosen, and the
first character of each word given a number based upon that word’s relative position
within the file. Therefore, each character in the availa
ble has a series of numbers to
choose from that it can encode itself as. To encode the message, every character of every
word is assigned one of its corresponding numbers in the text. For example, it the word
“the” was to be encoded and the source text was
“I hate to experiment with monkeys”.
First every first character would be assigned a number so “I
1
h
2
ate t
3
o e
4
xperiment w
5
ith
m
6
onkeys”. Then the letters of the alphabet are converted its corresponding number so
“the” is encoded into “3 2 4”.
While this
may seem to represent a very simple form of encryption, the Beale
letters are a testament to the strength of the cipher. In 1885, an anonymous author
published the Beale letters in a pamphlet. The pamphlet consisted of three encrypted
letters. The second
one had been decrypted using the Declaration of Independence as the
source text. In the deciphered letter, it delineated the contents of a fortune, over 20
million dollars with today’s bullion prices, that was supposedly buried by somewhere in
the hills of
Virginia. Despite over a hundred years and countless attempts to crack the
encryption, the contents of the first and third letters still remain a mystery
iv
. Without
knowing the keytext being used, this type of encryption is nearly impossible to break.
Furt
hermore, if the source text is something that has not been mass

produced, say from a
person’s diary, the chances of discovering the cipher become even more difficult. Despite
the potential reward of 20 million dollars to the person to successfully crack th
e cipher,
nobody has uncovered the Beale treasure and many people have dug in incorrect places
after fooling themselves into thinking that they had broken the encryption. Unfortunately,
this sort of encryption is completely impractical on a large scale, an
d it is completely
useless once a source test is known. Therefore, it only works in very personal,
individualized correspondences such as the Beale letters.
2.3 Vigenère Cipher:
Introduced to the world in 1856 by Blaise de Vigenère, the Vignere Cipher wa
s
pronounced Le Chiffre Indéchiffrable, the undecipherable cipher. While Vigenère simply
expanded the concept of the Cesarean shift, it ushered in a whole new era of encryption.
The reason Vigenère cipher was such a great improvement over the Caeesarean sh
ift was
that it helped to eliminate frequency analysis problems. The Vigenère cipher worked in
tandem with what was described as a Vigenère square. The Vigenère square is a matrix of
25 Caesarean shifts. The first row with a shift of one starts with the ch
aracter ‘B’ and
proceeds down the alphabet to ‘A’. After another Caesarean shift, the second row starts
with ‘C’ and ends with ‘B’ (See Appendix C). This goes through 26 iterations so that the
complete Vigenère square is a 25 row and column matrix.
To enco
de a message a codeword must be chosen. For the purposes of this essay,
the word ‘CAT’ will be the codeword. To encode the message “SUPER”, the first
character of the codeword is used to determine the cipher. The codeword denotes that the
first cipher will
be ‘C’ so using the Vigenère square from appendix C, if ‘C’ from the
horizontal axis is traced down until it meets up with the column that start with ‘S’, then
the first encoded letter is ‘U’. When this process is repeated with the second letter of the
co
deword and so on, it is seen that the encoded word turns out to be UUIGR.
Codeword: CATCA
Plaintext: SUPER
Ciphertext: UUIGR
The codeword loops until the message is fully encrypted. Because the keyword results in
different shifts being used on a per lette
r basis, one can encrypt the same letter as many
times as the length of the codeword without a pattern or repetition occurring. As seen in
the example above, both ‘S’ and ‘U’ became encrypted as ‘U’. This demonstrates that
frequency analysis on encrypted l
etters will be meaningless.
Unfortunately, this technique is not without its flaws. Using a combination of
pattern recognition and cribbing, a cryptanalyst can determine the keyword used to
encrypt a segment of text. The cipher will cycle based on the len
gth of the keyword. One
can assume that certain common words such as “the” and “and” will occur somewhere in
the larger encrypted text. The cryptanalyst places those words randomly within the
plaintext and deduces the keyword by reversing the process. Crib
bing is the process of
finding the pattern in a cryptographic text by guessing or finding single words or phrases
in plain text that have been encrypted. If one knows that “THE” was encrypted as
“VHR”, he can deduce a portion of the keyword to be “the”. Th
e technique of guessing
the content to break the encryption is employed frequently today.
2.4 Enigma:
The Enigma machine works with three scramblers discs, six plugs, and a reflector.
The scramblers worked by being imbedded with wires that would scramble
a signal. The
design was based upon the Alberti cipher disk, except the substitution of characters was
done in a random order as opposed to a Caesarean shift. If an ‘A’ was passed through a
scrambler, a different letter would be lighted on the other side.
In each position, the
scrambler will scramble a letter differently. Moreover, after a letter is encrypted, the discs
would rotate by 1/26th. The letter ‘A’ could be entered twice and two different encoded
letters would be returned. In fact, the letter ‘A’
could be typed 26
3
times in a row before a
pattern would emerge. To further complicate the scheme, two more discs were added as
well as a plugboard which could invert the relays of the scramblers. A third party would
have to know which scramblers were use
d, what their settings were, and how the plugs
were configured. The number of possible encryption schemes to roughly
10,000,000,000,000,000 possible encryptions. Another nice feature of the Enigma was a
reflector. The reflector enabled the receiver, if he
knew the correct settings, to type in the
encrypted message and receive the original massage back. A combination of engineering
and cryptanalyst genius was able to break the Enigma with a series of pattern recognition
and cribbing. Incidentally, Alan Turin
g of Turing Machine infamy is largely accredited
with accomplishing that momentous task. His mechanical bombes proved to be
invaluable in turning the tides of World War 2 toward the side of the Allied Nations.
3 The Present/RSA
RSA encryption, the credit
ed first public key cryptography, was designed by
Rivest, Shamir, and Adleman in 1977. Public

key cryptography utilizes an asymmetric
cryptography technique with two keys, one public and one private. The keys are derived
from the multiple of two large prim
e numbers. The private key can only be deduced from
the public key by factoring the large multiple. RSA’s security comes from the difficulty
in factoring very large numbers. Techniques for factoring numbers are improving, but the
speed of all depend on the
size of the number, which means they still take significant
time. “The advances in factoring technique, computing power and the decrease in the cost
of computing hardware. These things, especially the first one, work against the security
of RSA”
v
. While t
he possibility exists that one day there will be an extraordinary leap in
our ability to factor large numbers, it is unlikely and offers a minimal threat to RSA. The
second and third threats to RSA pose the more immediate threats and will be looked at
more
in depth in section 3.3.
3.1 How RSA Works:
As stated earlier, RSA is an asymmetric encryption scheme that uses two keys, a
public and a private key, to ensure encryption. RSA can be understood in six steps:
1.
Two giant prime numbers are chosen,
p
and
q
. T
he numbers should be enormous
and the larger the numbers, the safer the RSA encryption will be.
2.
The numbers
p
and
q
are multiplied together to get the number
N
. Another
number
e
is also chosen.
3.
In theory the numbers
N
and
e
can be published because they ar
e needed to
encrypt a message to the user. The number
e
could be universal for everyone;
however,
N
should be a different number for every user.
4.
To encrypt a message it must first be turned into a single number,
M
. To do this,
all the characters need to be
turned into the ASCII binary representations. After
the message is turned into a single number, the formula
C = M
e
(mod N)
.
C
represents the message in cipher text format.
5.
When the message is received in cipher text format, it can be deciphered because
the receiver knows
p
and
q
. With those two numbers, the decryption key
d
can be
determined using the formula
e * d =
1(mod (
p
–
1) * (
q
–
1)). While deciphering
d
is not exactly straight forward arithmetic, a technique known as Euclid’s
algorithm allows
d
to be found quickly and easily.
6.
Finally, with
d
known, the cipher text message can be deciphered into binary
using the formula
M = C
d
(mod
N).
vi
Essentially, the public key is given as N and E. The private key is given as N and D. One
cannot calculate D wi
thout factoring N. Ideally, p and q are destroyed once the two keys
are made. Therefore, nobody can recover a lost private key.
3.2 PGP
PGP encryption is an acronym for Pretty Good Privacy. PGP combines some of
the best features of both conventional and pu
blic key cryptography. PGP is a
hybrid
cryptosystem
.
When a user encrypts plaintext with PGP, PGP first compresses the
plaintext. Data compression saves modem transmission time and disk space and, more
importantly, strengthens cryptographic security. Most
cryptanalysis techniques exploit
patterns found in the plaintext to crack the cipher. Compression reduces these patterns in
the plaintext, thereby greatly enhancing resistance to cryptanalysis. (Files that are too
short to compress or which don't compress
well aren't compressed.)
PGP then creates a
session key
,
which is a one

time

only secret key. This key is a
random number generated from the random movements of your mouse and the
keystrokes you type. This session key works with a very secure, fast conven
tional
encryption algorithm to encrypt the plaintext; the result is cipher text. Once the data is
encrypted, the session key is then encrypted to the recipient's public key. This public key

encrypted session key is transmitted along with the cipher text to
the recipient.
Decryption works in the reverse. The recipient's copy of PGP uses his or her
private key to recover the temporary session key, which PGP then uses to decrypt the
conventionally

encrypted cipher text.
vii
3.3 Breaking RSA:
As mentioned previ
ously, there are three current risks to RSA encryption. These
are advances in factoring technique, increased computing power, and lowered price of
computer hardware. We will look at then threats posed by these scenarios and a few
others.
3.3.1 Brute Force/
Active Attacks:
Active attacks are designed to attack the actual encryption of RSA by decoding
the private key. These attacks rely on the factoring of very large numbers by employing
large amounts of computer power and the most advanced factoring algorith
ms. RSA
Securities posed challenges to the cryptanalyst community to break specific renditions of
its algorithm.
In 1994, in Redbank, New Jersey, Arjen Lenstra of Bellcore announced that RSA

129 had been broken. The name, RSA

129, comes from number of digi
ts, 129, in the
multiple
N
used by the RSA encryption. While they may not seem very large, the two
primes, p and q, were 64 and 65 digits long. Nonetheless, the task required six hundred
computers working in tandem for eight months. The breakthrough was ma
de possible by
a combination of a new, more efficient factoring algorithm and a ridiculous amount of
computer power working in parallel. When RSA was introduced to the world in 1977
viii
,
it was based on 129 digit key. The authors believed that such a key woul
d take millions
of years to break. Obviously, they were proven dramatically wrong. As such, this was the
first moment announced publicly where a legitimate RSA key had been broken.
ix
On December 5, 2003, a team from the Federal Bureau for Security in
Inform
ation Technology announced the factorization a 174

digit number. A new method
of factoring numbers called “lattice sieving” was employed to factor the number. This is
the largest known RSA key to be factored.
x
Both of the examples of RSA keys being broken
used a combination of new
factoring algorithms and a lot of computing power. There also seems to be a trend in the
field that points to an acceleration in the time interval between breaking keys. While
there is a five year interval between the breaking of
RSA

129 and RSA

140, there was
only a nine month difference between the breaking of RSA 160 and RSA

174. This
points to the success that brute force has had, and will continue to have as computers
become quicker and cheaper. Furthermore, increases in numbe
r theory which may lead to
increases in factoring tactics will only accelerate the breaking of higher numbered RSA
keys.
Despite the announcements of higher numbered RSA keys being broken the fact
remains that RSA is still safe. To break the RSA keys, the
teams employed distributed
processing and networks spanning hundreds of computers. The average RSA

129 or
RSA

174 key is still safe from all but the most dedicated hackers. Furthermore, RSA
keys can always chose higher and higher prime numbers for
p
and
q
.
Number theory
proves that there is an infinite amount of primes.
xi
As a result, the brute force method
does not offer any serious threat to RSA encryption and barring the discovery of a
method to factor numbers in constant time, RSA will be able to accommo
date advances
in computing power simply by choosing larger and larger prime numbers for the private
key.
3.3.1.1 Trojan Horses:
While Trojan horse attacks are very unlikely, it is possible. A malicious coder
could create a program, or modify an existing o
ne so that it looks, feels, and acts like a
legitimate program. PGP is particularly susceptible to this kind of attack because if its
nature as the number one used RSA client. However, this clandestine software could
store the password and private key to b
e uploaded to a database when the user signs onto
the Internet. With a user’s private key, any messages that they received could be decoded
as easily as the user could. While these attacks provide a security risk, they would be
fairly complicated to implem
ent. Furthermore, only incoming messages directed to the
user with the compromised private key would be able to be decrypted by a third party. In
order for outgoing messages to be decrypted, the recipient’s private key would need to be
known also. These at
tacks only pose a minimal risk to RSA security because of the
difficulty in writing this kind of software, and getting the program widely distributed
before any flags were raised
xii
.
3.3.2 Passive Attacks:
Passive attacks do not attempt to break RSA encrypt
ion but rather hopes to
subvert the encryption. Passive attacks provide a more realistic option at discovering the
contents of an RSA encrypted message, mostly be exposing a user’s key.
3.3.2.1 Keystroke Snooping:
Keystroke snooping works to crack RSA enc
ryption by the simple idea that if one
has access to a user’s private key then their messages can be decoded. Keystroke
snooping works with a program that can be installed on a computer unbeknownst to the
user. With some operating systems the keystroke sno
oping software can be installed over
a network. The Keystroke snooper records a user’s keystrokes, so any passwords that
grant access to a RSA client, such as PGP, could be compromised. After the passwords
were obtained, the infiltrator could either come r
emove the software and destroy any
evidence of it ever being installed or the program could connect to the Internet and
transfer the information to a database. With access to the RSA client, the infiltrator could
recover the user’s private key, or simply v
iew the decoded messages. The infiltrator
could then decrypt any messages sent to the user using the stolen private key.
Furthermore, with the password, the infiltrator could simply access the client and assume
the identity of the user. Keystroke snooping
appears to pose the biggest threat to RSA
security. The programs are relatively easy to write, take little time to install, and can work
unbeknownst to the user. While this form of attack does provide the biggest threat to
compromising RSA security, it is
still a reasonably small risk.
3.3.2.2 Tempest/Van Eck Snooping:
Van Eck snooping works under the same principle as Keystroke snooping, if a
user’s access password to their RSA client is determined then their security is
compromised. Van Eck snooping work
s with the understanding that all computer displays
emit an identifiable electronic signature. A small receiver operating in the 22MHz range
(pixel frequency) would detect the video signals minus the horizontal and vertical sync
signals. Since the device w
ould be inside the computer itself, the signal strength would be
more than adequate to provide a quality source. The little device would then retransmit
the collected data in real

time to a remote surveillance vehicle or site where the
video/keyboard data
was stored on a video or digital storage medium.
At a forensic laboratory, technicians would recreate the original screens and data
that were entered into the monitored computer. The technicians would add a vertical sync
signal of about 59.94 Hz, and a ho
rizontal sync signal of about 27KHz. This would
stabilize the roll of the picture. In addition, the captured data would be subject to
"cleansing"

meaning that the spurious noise in the signal would be stripped using Fast
Fourier Transform techniques in e
ither hardware or software
xiii
. Furthermore, their does
not necessarily need to be a receiver placed in the computer of the targeted person.
Conceivably, a receiver could be directed at the computer from a position outside of the
house. However, whenever the
distance is increased, there would also be an increase in
the amount of background interference. As a result, the farther away from the target that
the receiver is, there is more information lost and is harder to reconstruct the images.
With the ability t
o reconstruct all screen images, RSA would be compromised.
Not only would all access passwords be revealed, but the actual messages would be
available to be read in real time as the target opens their RSA client. This method of
attack requires a very high
degree of equipment and would most likely be employed by
governmental agencies such as the FBI. Since the costs involved make this form of attack
infeasible to the majority of people and organizations, it does not pose a serious threat to
RSA encryption.
3.4 Bad Implementations of RSA:
As demonstrated in section 3.3, RSA encryption provides the user with a very
strong method to encrypt their data. Furthermore, there is a minimal threat of the actual
private key being discovered through factoring the public
key. The threat posed to RSA
encryption is when the actual encryption is subverted and the attacker exposes the private
key through a method such as Keystroke snooping. The weak point of RSA is not the
encryption; rather it resides in the poor implementat
ion of a strong encryption.
3.4.1 SSL/TLS:
In March 2003, three programmers Vlastimil Klíma, Ondřej Pokorný, and Tomáš
Rosa, published a paper where they exposed a flaw in the implementation of RSA in
SSL/TLS via the Public Key Cryptography Standard (PKCS
) version 1.5 whereby the
premaster secret could be discovered. The premaster secret is the key by which the one
time session keys are generated for SSL/TLS use.
By sending a large number of chosen
ciphertexts (premaster secrets) and monitoring the applica
tions' responses, an attacker can
discover the correct premaster secret for a given SSL/TLS session. With the premaster
secret for a previously captured SSL/TLS session, the attacker can generate the correct
master secret and session keys and decrypt the c
aptured session.
“A widely accepted defense against the Bleichenbacher attack is for an
RSA/PKCS #1 application to discard a malformed premaster secret, replace it with a
random value, and proceed to generate a master secret and session keys. Since the
cl
ient and server use different values for the premaster secret, they will generate
different session keys, and the SSL/TLS session will fail.
The Klíma

Pokorný

Rosa attack exploits server responses to an incorrect or
unexpected SSL/TLS version number that i
s included as part of the premaster secret.
If a server decrypts a properly formatted PKCS #1 premaster secret and discovers
that the SSL/TLS version number is not what was expected, the server may
immediately send an error message. The authors term a serv
er that exhibits this
behavior a "bad version oracle (BVO)." Instead of using an error response to
improper PKCS #1 formatting, this new attack uses an error response to an incorrect
SSL/TLS version number”
xiv
In this instance, an attacker could exploit an e
rror in the implementation of RSA to
recover the session key. When the key is recovered, the message can be decrypted. Once
this error was discovered, a patch was released ending the risk of attack. Even though
there was a weakness in the RSA implementatio
n, it was corrected very soon after the
discovery of the weakness.
5. Conclusions
As can be seen in the history of cryptography and in the examples of RSA
implementation, most encryption schemes are broken because of their implementation
and not their encr
yption scheme. From the Enigma machine to current day RSA
encryption, weaknesses come about due to poor implementation. RSA offers the most
practical encryption for everyday users. From PGP to SSL/TLS, RSA allows for the
secure transfer of information acro
ss the Internet. Security in everything from business
transactions to encrypted messages are permitted because of RSA encryption. However,
future technology may render RSA encryption null.
5.1 Quantum Computing:
Quantum computing represents the absolute cu
tting edge in computing technology. By
exploiting the quantum property of superposition, quantum computing offers constant
time factoring of numbers. Constant time factoring of numbers renders RSA encryption
useless because it would mean that
N
could be fa
ctored instantly regardless of how large
N
is. In theory, a Quantum computer would utilize spinning particles instead of
transistors. Transistors have only two positions, on and off, represented by either a 1 or a
0. Spinning particles would also be repres
ented as either a 0 or 1, depending on the
direction of their spin, but by exploiting the laws of quantum mechanics, they can do
calculations as both states simultaneously. Until the spin of the particles is measured, it
can be considered to be in superpos
ition, meaning that it is in both states at once. As a
result, quantum computers can represent all possible combinations and permutations at
the same time. The state of superposition can be likened to a multiverse. An easier way to
think of this concept is
that the factorization of a number is happening in different
universes. So when the number 10 is factored, one universe would try to divide it by 2,
another by 3, another by 4, and another by 5. The numbers 2, and 5 would be returned as
the factors after
only one iteration. A quantum computer would onlybe limited by the
number of spinning particles in its processor, which would affect the size of the number
that could be represented. However, since the prime numbers used for RSA encryption
must exist at so
me level on a computer, there cannot be an
N
that is too large to be
factored
xv
.
5.2 Quantum cryptography
:
The most recent advances in cryptography have focused on what is being
described as a completely unbreakable encryption: quantum cryptography. Quantu
m
cryptography works because of the property that a photon’s polarization is easy to control
but difficult to detect. For this explanation we will assume that there are only three types
of polarizations, vertical, horizontal, and diagonal. If a vertical fi
lter is placed in front of
a stream of protons, the vertically polarized protons will pass through. Also, due to the
laws of quantum mechanics, half of the diagonally photons will also pass through, but
will then be oriented vertically. It is because of th
is property that the polarization of
photons is hard to determine. Half of the time a diagonally polarized photon will be read
as vertically polarized.
To send a message two schemes to represent 0 and 1 would be decided on before
the transmission. In the
first scheme, a vertically polarized photon would represent 0 and
a horizontally polarized photon would represent 1. In the second scheme, a diagonally
polarized photon pointed to the left would represent 0, and the one pointed to the right
would represent
1. So for both 0 and 1 there are two possible representations. The sender
would then send a random string of polarized photons, noting what filter was used and
how the photon was polarized. The receiver would then randomly use either a filter that
lets th
rough both horizontally and vertically polarized photons, or one that lets through
diagonally polarized photons. After a strong of photons was sent, the sender would call
the receiver on the telephone and for every photon sent, the sender would tell the re
ceiver
whether a vertical/horizontal filter or a diagonal filter was used, but not the specific
orientation. For every time the receiver guessed correctly and used the right filter, and
presumably the polarization was measured correctly, they would mark do
wn either a 0 or
1, depending on the orientation, and begin to assemble a one time use key. After the
assembled a large enough key, they would have a perfect one time, unbreakable key. This
scheme is undecipherable because of the nature of photon polarizat
ion. If an
eavesdropper was attempting to measure the photons, they would inevitably twist some
of the polarities. So the sender and receive could do a quick check to determine if anyone
was eavesdropping
xvi
. As great as this system is, it relies on the phot
ons being transmitted
without any interaction with anything else, which would effect its polarization. Due to
this, today its range is limited to roughly three miles. As a result, while a perfect form of
cryptography, its uses are extremely limited.
5.3 Co
nclusion:
As it stands today, RSA represents a strong, practically unbreakable cipher. While
quantum computing may spell the end of RSA, due to constant time factoring, but that
type of computer is not nearing completion in the foreseeable future. Quantum
cryptography offers an unbreakable cipher, yet its current limitations make it impractical
for widespread usage. In spite of recent announcements of the breaking of certain
renditions RSA, the brute force method is painfully slow and requires a huge inves
tment
in computational resources. Moreover, the brute force method can be constantly
circumvented by choosing larger prime numbers for
p
and
q
as computational power
increases. Keystroke snooping is the most effective method of subverting RSA
encryption, b
ut only offers a limited threat, which can be avoided with careful attention to
a user’s workstation and habits. Even though RSA encryption is less than perfect, it offers
an enormous amount of security. As it stands today, the benefits of RSA far outweigh
the
costs, and many of the threats posed to RSA do not seriously endanger its security to
large scale.
Appendices
Appendix A
xvii
Appendix B
xviii
Appendix C
xix
The Vigenère Square
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
S
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
T
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
U
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
V
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
W
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
X
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Y
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Copyright © 2000 Sullivan Entertainment Inc., All Rights Reserved
Bibliography:
Bennett, C.H., Brassard, C., and Ekert, A., “Quantum Cryptography,”
Scientific
American,
vol. 269 (October 1992), pp. 26

36.
Cipra, Barry. “
Elliptic Curve Cryptography
—
Good Enough for Government Work,”
SIAM News
, vol. 35 (October 2002),
<http://www.siam.org/siamnews/10

02/cryptography.pdf>
(Nov. 25, 2003)
Cipra,
Barry. “Safe Against Cycling Attacks: Researchers Confirm Invulnerability of
RSA,”
SIAM News
, vol. 34,
<
www.siam.org/siamnews/03

01/cycling.pdf>
(Nov. 25,
2003)
Diffie, Whitfield, and Hellman, Martin, “New Directions in Cryptography,”
IEEE
Transact
ions on Information Theory
, vol. IT

22 (Nov. 1976), pp. 644

655.
Gaines, Helen Fouché.
Cryptanalysis
. New York: Dover, 1956.
Gardner, Martin. “A new kind of cipher that would take millions of years to break,”
Scientific American
, vol. 237 (August 1977)
, pp. 120

124.
Garfinkel, Simson,
PGP: Pretty Good Privacy
, Sebastopol, CA: O’Reilly & Associates,
1995.
Hellman, M.E., “The mathematics of public

key cryptography,”
Scientific
American,
vol. 241 (August 1979), pp. 130

139.
Kahn, David.
The Codebrea
kers
. New York: Scribner: 1996.
Newton, David E.,
Encyclopedia of Cryptology
, Santa Barbara, CA: ABC

Clio, 1997.
Pope, Maurice. The Story of Decipherment, London: Thames & Hudson, 1975.
RSA Laboratories, RSA Laboratories' Frequently Asked Questions Abo
ut Today's
Cryptography, Version 4.1, RSA Security Inc., 2000.
<http://www.rsasecurity.com/rsalabs/faq>
Rivest, Ronald L.,
Factoring and Letters,
Science
, New Series, Vol. 242, No. 4885. (Dec.
16, 1988), p. 1493.
Singh, Simon.
The Code Book: The Scien
ce of Secrecy From Ancient Egypt to Quantum
Cryptography
. New York: Random House, Inc: 1999.
Singh, Simon.
The Science of Secrecy
:
The Secret History of Codes and Codebreaking.
London: Fourth Estate Ltd: 2000.
Taubes, Roger.
Small Army of Code

Breaker
s Conquers 129

Digit Giant
,
Science
, New
Series, Vol. 264, No. 5160. (May 6, 1994), pp. 776

777.
Zimmerman, Philip,
The Official PGP User’s Guide
, Cambridge, MA: MIT Press, 1996.
<http://www.pgp.com>
i
Singh, Simon.
The Code Book: The Science
of Secrecy from Ancient Egypt to Quantum Cryptography.
(New York, NY: Anchor Books: 1999) pg. 12
ii
Singh, pgs. 9

15, 124

126.
iii
Singh, pg. 12
iv
Singh, pg 84

98
v
< http://www.stack.nl/~galactus/remailers/attack

2.html> ( accessed: 12/10/2003)
vi
Singh 19
99: 387

389
vii
<http://www.pgpi.org/doc/pgpintro/#p10> (accessed: 12/10/2003)
viii
Gardner “A New Kind of Cipher That Would Take Millions of Years to Break”
ix
Taubes “A Small Army of Code

Breakers Conquers a 129

Digit Giant”
x
Weisstein “RSA

576 Factored”
xi
h
ttp://www.stack.nl/~galactus/remailers/attack

6.html (accessed: 12/10/2003)
xii
< http://www.stack.nl/~galactus/remailers/attack

5.html> (accessed: 12/10/2003)
xiii
http://www.stack.nl/~galactus/remailers/attack

5.html (accessed: 12/10/2003)
xiv
<http://www.kb.cer
t.org/vuls/id/888801> (accessed: 12/10/2003)
xv
Singh 318

331
xvi
Singh 331

350.
xvii
BletchleyPark.net, <http://www.bletchleypark.net/crypt/cipherdisk.html> (accessed: 12/10/2003)
xviii
GlyphWorks, < http://storm.prohosting.com/~glyph/crypto/freq

en.shtml> (accesse
d: 12/10/2003)
xix
< http://www.anne3.com/html/code/vigenere_square.html> (accessed: 12/11/03)
Σχόλια 0
Συνδεθείτε για να κοινοποιήσετε σχόλιο