1 Chapter 1: Introduction to Cryptology Cryptography is the art of transmitting information in a secret manner. Some Applications of Cryptography 1. Military and national security. Picture of the National Security Agency 2. Electronic money transactions, for example, credit cards. 3. Website authentication. 2 Some Important Historical Figures in Cryptography We next describe some basic terminology and concepts we will use in this textbook involving cryptography. Section 1.1: Basic Terminology In the field of information security, the terms cryptography, cryptanalysis, and cryptology have subtly different meanings. Cryptography - The process of developing a system for disguising information so that ideally it cannot be understood by anyone but the intended recipient of the information. A method designed to perform this process is called a cryptosystem or a cipher. Cryptanalysis - the process of an unintended recipient of disguised information attempting to remove the disguise and understand the information. Successful cryptanalysis is sometimes called breaking or cracking a cipher. Cryptology - is an all-inclusive term that includes cryptography, cryptanalysis, and the interaction between them. 3 Here are a few more important definitions we will use throughout this book. Plaintext – the undisguised message (usually an English message) that we want to send. Ciphertext – the secret disguised message that is transmitted. Encryption (encipherment) – the process of converting plaintext to ciphertext. Decryption (decipherment) – process of converting ciphertext back to plaintext. Key for a cipher - is information usually known only to the originator and intended recipient of a message, which the originator uses to encrypt the plaintext, and the recipient to decrypt the ciphertext. Note! In general, a code is not considered the same as cryptography. Unlike with cryptography, in which the concern is primarily concealing information, with codes the concern is usually transmitting information reliably and efficiently over a communications medium. For example, Morse code is not a cipher. However, sometimes ciphers are referred to as codes (the Navajo code, which we will study in Chapter 4, is an example). Section 1.2: Cryptology in Practice Fact: In practice, it is usually assumed that when a pair of correspondents implements a cipher to communicate a message confidentially, the type of cipher used is known by any adversaries wishing to discover the contents of the message. How well a cryptosystem works in disguising information is dependent on its security. The security of a cipher, which is simply a measure of how difficult it would be for an adversary to break the cipher, depends only on how difficult it would be for an adversary to find the key for the cipher. Types of Keys for Ciphers 1. Symmetric-key ciphers - where the originator and intended recipient of a message must keep the key secret from adversaries. These types of keys are sometimes called private-key ciphers. These types of ciphers were the only types used in the 1970’s and were used in what were termed as classical ciphers. Because of their speed in encrypting and decrypting messages, they have retained their usefulness even in modern times. We will focus on symmetric key ciphers in Chapters 2-7 and 10 in this book. 4 2. Public-key ciphers - use a pair of keys, one for encryption and one for decryption. When using a public-key cipher, the intended recipient of a message creates both the encryption and decryption keys, publicizes the encryption key so that anyone can know it, but keeps the decryption key secret. That way, the originator of the message can know the encryption key, which he or she needs to encrypt the plaintext, but only the recipient knows the decryption key. It usually is not realistically possible to find decryption keys from the knowledge of encryption keys. These types of ciphers were first invented in the 1970’s and are in wide used today. We will study them in Chapters 8 and 9 and present some ways to overcome some obstacles they have in Chapter 11. Cryptanalysis The goal in cryptanalysis is often to determine the key for a cipher. Methods for finding a key with cryptanalysis 1. Brute force attack - involves testing every possible key until one is found that works. However, secure cryptosystems have so many keys to test that this is not realistic. 2. Frequency analysis – uses facts about the language used for the plaintext to relate highly occurring ciphertext letters to the most highly occurring letters that occur in the language used. 3. Known plaintext - when adversaries who know a small part of the plaintext, called a crib, and use it to help determine the key and break the cipher. Message Authentication Involves ways of verifying that a ciphertext received electronically was really sent by the person claiming to have sent it, and that keys identified electronically really belong to the person claiming to own them. Two ways to guarantee a message is authentic. 1. Digital Signatures – gives a way of the message sender to electronically the message. 2. Public-key Infrastructures – gives ways of binding public-keys to particular users. 5 1.3 Why Study Cryptology? Hopefully, if you don’t already, this book will help you realize that cryptography is a fascinating subject to understand and learn more about. Reasons for Studying Cryptology 1. Cryptology is used in everyday life. 2. Cryptology is also a multidisciplinary science. History: Mary Queen of Scots and Babington Plot History and Culture: Navajo code 6 Linguistics 3. Mathematics plays and integral part in cryptology Engineering and Supercomputing 7 4. Learning about cryptology can be fun and entertaining.