The History of Secrets

sunflowerplateΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

56 εμφανίσεις

The History of Secrets

Cryptography and Privacy

Patrick Juola

Duquesne University

Department of Mathematics and
Computer Science

Secret Writings


Used to write to
authorized

people


Good guys :


Business partners, lovers, fellow soldiers


Bad guys :


Competitors, parents, enemies, foreign agents


Secrets can be military, diplomatic,
commercial, personal,
et cetera.

An Early Example


Write in foreign alphabet




Works surprisingly well in era of mostly
illiterate people

attack at dawn

attack at dawn

Caesar cypher (40 BCE)

YGYKNN
CVVC
EMQPVJGYGUVUKFGQHVJGECOR

CVFCYPUVQRRNGCUGDGTGCFAVQUQTVKGVQQW

T
CUUK
U
VCPEGLECGUCT

CVVC
--

“bATTAlion”? “inDEED”? “ATTAck”?


“cigarETTE”/ “bESSEmer converter”?

CUUKU
--

“pOSSESsion”? “ASSIStance”?

C
-
> A U
-
> S K
-
> I

Caesar cypher (cont.)

WEWILL
ATTA
CKONTHEWESTSIDEOFTHECAMPAT

DAWNSTOPPLEASEBEREADYTOSORTIETOOUR

ASSIS
TANCEJCAESAR


Caesar and his reader know something the
enemy doesn’t


Can be as simple as replacing letters


Termed the “key” to a cypher


Easier to solve
with

key than
without


Ratio of without/with defines “work factor”

Nomenclators (1500 ACE)


Systematic replacement of one letter by a
single other symbol :
monoalphabet

cypher


Nomenclator
: monoalphabetic cypher with
codebook extension for specific words



Weakness : every appearance of a given
letter is encyphered identically


Polyalphabetics (16th
-
20th c.)


Use multiple alphabets to disguise frequent
letters


Playfair cypher
--

encrypt letters in groups, so
TA and TE may have nothing in common


Vigenere cypher
--

vary Caesar “key” during
encryption


Considered “le chiffre indechiffrable” until early
20th century


Vigenere example


AT becomes both NH and SX in cyphertext


O in cyphertext corresponds to both A, W


Simple frequency analysis no longer works

ATTACKATDAWN

NOSENOSENOSE

NHLEPYSXQOOR

Vigenere decryption


Weakness : key letters repeat


If the key is 4 characters long


1st, 5th, 9th,
etc.
characters use same key letter


2nd, 6th, 10th, 14th,
etc.

likewise


Frequency characteristic of monoalphabetic
(Caesar) cypher


Crack four different Caesar cyphers, and
you’re in!

What if the key doesn’t repeat?


A re
-
used key can give the same effect


BUT


If the key is sufficiently random


Only used once


And never repeats


The resulting cypher is called the Vernam
cypher (1917) and is
provably

unbreakable.


Sometimes called One
-
Time Pad


Who kept the secrets?


Development and use of cryptography to this point
mostly military and diplomatic.


“Obviously” required substantial talent to do,
beyond what most people had


Civilian cryptography
--

secret notes to lovers,
business codes
--

still used monoalphabetic
cyphers


Methods of analysis becoming available in
literature (
The Gold Bug, The Dancing Men)

What’s a good cypher?


Kirchoff’s criteria (1883)


Security should reside in the key


System doesn’t need to be kept secret


System should be easy to use in the field


Keys/apparatus should be easily changeable


Impossible to meet all in practice


Naval ships (submarines) can carry much more
equipment than PFC Ryan

Enigma


Machine cryptography developed in early
20th century; requires bulky apparatus, but
far too complex to crack by hand


ENIGMA

--

Main code system of Nazi’s


Three (later four) rotating wheels like
odometer of car. Each wheel position
yields different key.


159,000,000,000.000,000,000 keys

The Computer Revolution


Rejewski/Turing cracked Enigma, but had
to invent the computer to do it.


And were also scarily, scarily good
mathematicians…



Early computers (bombes) could search
entire keyspace in about five hours.

Viva la revolution!


Enigma breakthrough classified MOST
SECRET until 1975(!); some of Turing’s
papers are
still

classified. Computer
encryption is just too dangerous.


BUT, it’s also too useful, especially for
civilian/industrial uses like financial
transfers


Enter Data Encryption System (DES)

DES


Approved in 1975 by US govt. (NSA)


Non
-
classified uses only


32,000,000,000,000,000 possible keys


Created “civilian” cryptography


Most analyzed system ever

Questions about DES


Why so few keys (fewer than 30 year old
Enigma, but better mathematical structure)?


NSA approved IBM’s initial design only
after making a few changes. Why?


Is there a secret “back door”? Is the
government holding a master key?


Is there a good replacement?

Replacing DES


DES held out much longer than originally
planned, but (as expected) had too few keys.


Modern computers can crack DES very fast.


… but no one really had a good replacement


3DES used (late 90s) to extend keyspace


Advanced Encryption System (Rijndahl)
finally designed in 2001 as replacement.


No “secret” governmental involvement

Public key encryption


Problem with all cryptography, AES
included
--

a need for shared secret
prior

to
communication


How do I establish a shared secret with
Amazon.com if I don’t work there? Can we
avoid this?


Surprising answer : Yes!


Decryption key can be different than
encryption key, allowing “public” keys!

Merkle Puzzles (1975)


I publish a huge collection of “puzzles.”
You pick one to solve, and send me the
solution.


I look up the solution, and recognize which
puzzle you solved. Everyone else has to
solve all of the puzzles to recognize the
solution.


Work factor is number of puzzles


Avoids having to communicate beforehand

RSA Encryption


Named for inventors : Rivest, Shamir, and
Adelman (Turing award winners, 2003)


Uses a large product of two primes
--

easy to
multiply, but very hard to factor


Two keys, d and e : you encrypt with e, while
only I know (and can decrypt with) d.


Reversible! I encrypt with d, you decrypt with e
and you know I encrypted it!.

In other words, it
can be used as a signature!


Work factor can be arbitrarily large
--

“It’s easier
to break thumbs than it is to break RSA”

Power to the People : PGP


Pretty Good Privacy


Written c. 1990 by Phil Zimmermann.
Military/diplomatic strength encryption,
using private and public key cryptography.


Believed unbreakable by anyone short of
major governments, but “freely” available
for personal/corporate use


PGPfone
--

similar technology for phones

Political issues


Should
people be permitted this kind of
security technology?


I can keep secrets from my competitors, but
also from law enforcement/national security
enforcers!


ITAR
--

cryptographic equipment regulated
as munitions (like machine guns)


Only govt
-
approved (breakable) encryption
permitted.

More politics


Clipper/Capstone chip
--

“secure” phone
with Law Enforcement Access Field to
ensure wiretap capacity


40
-
bit (1,000,000,000,000 key) limit on
commercially exported software


Criminalization of cryptography
per se

(France, some other countries)


USA/PATRIOT wiretap provisions


FBI operation CARNIVORE

Discussion points


The genie appears to be out of the bottle, in
that the technology for secure encryption is
widely available


The roadblocks to widespread
implementation are primarily social and
political.


Is civilian/personal cryptography a good
thing or not?

Conclusions


Secret writing has a long (2000 yr) history


Military/diplomatic communications
driving force for most of history;
personal/industrial privacy is secondary


Modern cryptographic systems are both
highly secure and widely available


Omnipresent computers and ‘Net forcing us
to re
-
evaluate view on security and privacy