Cryptography 1 “Cryptography: A History and Explanation” Information Security K. Crum February 2008 Brian J. Harman Cryptography 2 When we are young we are told that secrets don’t make friends and friends don’t make secrets. This statement works well in the logic of all humans however there are certain circumstances where it would be mutually beneficial for a bit of information to not be heard by a certain individual or individuals. Take this scenario: If there are three kids, say Bobby, Susie, and Patty, and both Patty and Susie like Bobby and Bobby ended up kissing Susie one could say that if Patty found out she might cause harm to either Susie, Bobby, or both. In this case it would be beneficial for Bobby and Susie to not allow Patty to find out. There are other such scenarios that have much greater weight and are most notably found in times of war. War in-fact has been the most influential breeding ground for keeping secrets, though, not always for the benefit of all parties involved. Some of the greatest discoveries in the art of secrets, and secret-keeping have been on the account of wartime strategy. One prime example is the famous Enigma machine from World War II. The problem, though, with keeping these secrets is that it is extraordinarily hard to make sure that the secret is kept. Looking back at the above example we can put a fairly high probability on the event that Patty will find out about the kiss; with the way people talk and through mutual friends it is almost inevitable that Patty will find out about Susie’s kiss with Bobby. Also, in this example no lives would likely be lost over the secret’s discovery but, as it turns out, there are many examples where there would be bloodshed if the secret were to be heard by the wrong party. Since a lot of secrets are kept from enemies during times of war it would be inevitable for lives to be lost if a secret were to be revealed. One of the first, and a Cryptography 3 prime example of this took place around 480 B.C. at the time Xerxes was planning to invade Greece. The Beginnings of Cryptography Persia was rapidly expanding and when Xerxes sought to add Greece to the Persian Empire he was not welcomed by the Greeks and so he began to form an extensive army to take Greece by force. A man by the name of Demaratus witnessed the Persian military being compiled and still holding his loyalty to Greece, even after being exiled, he decided to warn them against the coming invasion. The problem that Demaratus faced was how send a message to the Greeks without the Persians finding the message and destroying it. His solution was to scrape the wax off a wooden writing tablet and write the Persian’s intent on the wood itself, then covering the message back up with wax. This way the guards along the road would see only the apparently blank tablets and not confiscate them, thus allowing the message to be sent to Greece. Upon receiving the tablets the king of Sparta did nothing with them, it was his wife who actually noticed the writing underneath the wax and notified him of the hidden message. And, with this information the king prepared an army to combat the Persians and when they arrived the Spartans were able to greatly weaken the Persian army. Without the information from Demaratus the Greeks would have been slaughtered. This type of “hidden message” is referred to as steganography. Another form of steganography that arrived about two centuries later was the scytale which involved words Cryptography 4 written on a strap of leather that was wrapped around a piece of wood of a certain diameter. People could use the leather strap as a belt and even if the strap was found to contain a message it would be unreadable by anyone who didn’t have the appropriate diameter scytale to wrap the leather around. Another way people hid messages was to write them on a messenger’s head after it had been shaved and then allowed to grow back to conceal the message. Once the messenger made it to the intended recipient he would shave his head allowing the message to be read. The Growth of Crypto-Systems These types of secret keeping are all good ways of hiding messages but like in the example of the shaved head they require a lot of patience on the part of the recipient and once the method of hiding is found they can no-longer be used. This problem was conquered mid-first-century B.C. by Julius Caesar when he created what we now call the Caesar-Cipher. The cipher involves using two alphabets, the plain alphabet and the cipher alphabet. The cipher alphabet he used was the same as the regular alphabet with each letter moved up three, thus Ca=Pa+3(mod 26), therefore the word “CAT” would have each character substituted using the cipher alphabet to become “FCW”. Cryptography 5 This was the first instance of what we now call a substitution cipher or in more exact terms a monoalphabetic substitution cipher. It is an extremely formidable cipher because there are so many different ways to form the cipher alphabet. Not only can the cipher alphabet be a shifted form of the regular alphabet it can also have letters swapped out at random, in-fact, being that there are 4.0E26 different ways to rearrange the alphabet it was once conceived that this form of cipher could never be broken, and, for years to come this was the case. It was not until around 800 A.D. that the first signs of a solution to the monoalphabetic cipher came about – nearly a millennia had gone by. It was the Arabs during the enormously prosperous period that followed Muhammad’s meeting with the archangel Gabriel that the threads of the monoalphabetic cipher began to fray. What they discovered was that one did not have to go through every rearrangement of the alphabet to come up with what is commonly refered to as the plain-text message, but, rather use a system of analyzing the frequency of letters and comparing them with the natural relative frequencies. By using this technique one can decrypt a message that would have taken centuries in the time it takes to do a crossword puzzle. It would not suffice to just say this. The technique is really quite genius. If there is a message that is a few sentences long you can start by jotting down the Cryptography 6 frequencies of the encrypted letters. From there you cannot simply assume that the frequency matches exactly to the graph above but there will be a few two and three-letter words that can be used to figure out what the letters E,T,A,O,I,N,S,R, and H represent in the ciphertext. After these are plugged in the next step is to see if any sense can be made of other words in the text, for example the word “aQQ” (where the capital letters are from the ciphertext and the lowercase letters are from the decrypted text) would be the word “all”, and the word “eneKL” would most likely be “enemy”. The rest is just piecing together the remaining letters using context and logic. From this, the cracking of the monoalphabetic cipher, history was forced to come up with other measures to make the transportation of confidential messages secure. Two things happened to bring about stronger encryption. One was the introduction of null characters (meaningless characters entered into a text to fool people trying to break the encryption) into the ciphertext and another strategy was the use of codes. Codes are a different type of strategy altogether but in the famous example of Mary Queen of Scotts secret messages to overthrow Queen Elizabeth it was a conjunction of the two that she thought would void her chance of being caught. The problem was that her messages were not only being intercepted but the art of decryption was becoming a very fashionable thing at the time and Mary’s messages didn’t have a chance against the English cryptographers. After she was found and tried she was beheaded for the attempted assassination of the queen. Cryptography 7 It was to her disadvantage that the next big breakthrough in cryptography was just being developed. A man by the name of Vigenere had come up with a new way to encrypt messages that still used the technique of the cipher alphabet but it used more than one. It is referred to as a polyalphabetic cipher and it consists of a codeword and a “vigenere square”. The codeword is used to pick what line of the square to use for each letter of the plaintext. Now, back to our “cat” example… If we had the codeword “dog” and the plaintext “cat” what we would do is replace the “c” in cat with whatever “c” represents in the row of “d”, so “c” would be changed to “F”. Next we would take the letter “a” and put it though with the line that corresponds to the next letter in the codeword, “o”. So “a” would be changed to “O”. Last we would take the next letter “t” and filter it using the “g” line to get “Z”. So the word “cat” has now been encrypted to read “FOZ”. What this does is make it so a frequency analysis will not show what common letters represent because the letters are constantly switching. This type of cipher is monumentally stronger that the monoalphabetic cipher that was broken many years prior. Also, just like the Cryptography 8 way monoalphabetic ciphers can use a random arrangement of the letters so can the square used to do the encryption. As long as both parties know the code and both parties use the same square it requires an enormous amount of work to break the encryption, and again, it was thought to be an impossible feat. The polyalphabetic cipher came about around 1600 and the world of cryptography at that time was expanding quickly. After about 100 years we started to see “Black Chambers” where there would be rooms of people all working to decrypt a message. Although some of the available cryptography at the time was unbreakable most messages didn’t use it and the men in these black chambers would be given a message and as quickly as they could get it decrypted they would send it out. It wasn’t until about 150 years later, around 1850 that the Vigenere cipher was cracked by an eccentric man by the name of Charles Babbage. He broke the cipher by realizing that although there is an alphabet-switch every letter there is a codeword of limited length, therefore making the decryption possible by finding the codeword length and then using logic to determine letters of the codeword. Once that step has been accomplished the remainder of the problem is just plugging in the letters and if the square had been changed it still will only take the use of frequency analysis to do the rest. Modern Cryptography From this point on in history there was a change in the way we utilized encryption techniques. The telegraph saw its first signs around 1844 and shortly after its invention came Morse code and then after that came Marconi and his wireless telegraphy in the early 1900s. Cryptography 9 With these great technologies came the need for new forms of encryption and also as history has taught us the breaking of these forms of encryption. During World War I an ambitious man by the name of Arthur Zimmerman devised a way to send communications securely via a collaboration of codebooks. For each codebook there was an answer-key that sorted the codes numerically. Because there was no use of cryptography and there were only two codebooks it was thought that this would be a sure way to eliminate any possibility of breaking the codes. Again, the thought was not warranted. It did not take long for messages to be decoded. The problem that was found to be wrong with the use of codes and codebooks was that they took so long to create and distribute that they were used for extended periods of time – so much time that the interceptors of the messages could piece together their own codebooks. Also, since the codebooks were used for such a long period, the pieced-together codebook would work for months before a new one had to be made. The Second World War the Germans came up with a much better plan, albeit one that still didn’t pan out. Arthur Scherbius created a machine that would encrypt a message using a team of three rotors and electronic signals. It was the famous Enigma machine and the way it worked was via a group of three rotors and electronic signals it would take a typed letter and display the cipher text. It was an elaborated version of the Vigenere cipher in that it would change based on each letter typed. The machine was genius because of the way it was set. The three rotors were set daily based on tables that only lasted for two weeks. This way if an enemy captured the list of tables it would only do them good for a short time. Cryptography 10 The main problem that the Enigma had was that it had a few flaws including that it never encrypted the same letter as the plaintext letter, but more importantly was that it was up against one of the greatest men in the history of cryptography, Alan Turing. At his post in Bletchley Park, Britain’s black chamber of the 1900s Alan Turing devised ways of utilizing the weaknesses of the Enigma machine to his advantage and created a machine called a “bombe” to run through the settings that matched his constraints within a couple of hours. With the “bomb” breaking the Enigma the Second World War was shortened by nearly three years (Singh), and saved hundreds of lives. Alan’s life was one with great promise that ended in great tragedy. The best representation I have seen is from Simon Singh’s “The Science of Secrecy”: Alan Turing was another cryptanalyst who did not live long enough to receive any public recognition [Babage was the other]. Before the war Turing had shown himself to be a mathematical genius, publishing work that laid down the ground rules for computers and computing. At Bletchley Park he turned his mind to cracking Enigma, arguably making the single most important contribution to finding the flaws in the German cipher machine. After the war, instead of being acclaimed a hero, he was persecuted for his homosexuality. In 1952, while reporting a burglary to the police, he naively revealed that he was having a homosexual relationship. The police felt they had no option but to arrest and charge him with ‘Gross Indecency contrary to Section 11 of the Criminal Law Amendment Act 1885’. The newspapers reported the subsequent trial and conviction, and Turing was publicly humiliated. Turing’s secret had been exposed, and his sexuality was now public knowledge. The British Government withdrew his security clearance. He was forbidden to work on research projects relating to the development of the computer. He was forced to consult a psychiatrist and to undergo hormone treatment, chich made him impotent and obese. Over the next two years he became severely depressed, and on 7 June 1954 he went to his bedroom, carrying with him a jar of cyanide solution and an apple. He dipped the apple in the cyanide and took several bites. At the age of just forty-two, one of the true geniuses of cryptanalysis committed suicide.” Cryptography 11 Cryptography Today The last few breakthroughs in cryptography involve a different methodology. Computers came into play along with ARPANET and what is now the internet. Using the computer we can use a different type of encryption that involves codewords (or keys as they are referred to now) that are of an exceedingly long length. The computer can use these to produce an encrypted message that would take such a long time to figure out that it would span the life of the universe or as Steve Gibson put it on his podcast “Security Now” there are “more possible keys than atoms in the known universe.” The problem that was solved most recently was the problem of getting the key to the recipient without having to personally give it to them and it was solved by Whitfield Diffie and Ralph Merkle. What they discovered was the idea of “public key” cryptography. It is a way of allowing a message to be encrypted by one person but in such a way that it cannot be unencrypted in the same way it was decrypted. The trio that are credited for the discovery of how to create such a function are Rivest, Shamir, and Adleman (RSA), although there were actually two men back in Britain working for the Government Communications Headquarters (formed from the reminisce of Bletchley Park) who made the discovery about ten years earlier, James Ellis and Clifford Cocks. The way that it works is by taking two exceedingly large prime numbers, multiplying them together you have the public key. When a person sends you a message using your key and the encryption method because of the use of modulus to encrypt the message there is no Cryptography 12 way to undo the encryption – unless you have the two numbers that were multiplied together to get the key. This way the message cannot be decrypted by anyone and the person receiving the message does not have to find a way to meet up to be told the key. All a person needs to do is create their public key and put it out for people to use. Cryptography in the Future The forms of encryption in use today are extremely strong and nobody in the world of academia has been able to find a way to quickly find prime factors of really large numbers in such a way that would make it worthwhile to use brute force to decrypt a message, but because history has always proven us wrong when we think we have something unbreakable there is now a new type of cryptography on the horizon. Quantum cryptography is the next wave of cryptological methodologies and as of now it is still in early stages of development but it involves using the distortion of how we perceive things to encrypt messages. The mathematics involved make it quite difficult to understand and will therefore have to be explained by someone with a greater understanding than myself.