1 / 26

The History of Secrets Cryptography and Privacy

The History of Secrets Cryptography and Privacy. Patrick Juola Duquesne University Department of Mathematics and Computer Science. Secret Writings. Used to write to authorized people Good guys : Business partners, lovers, fellow soldiers Bad guys :

hawa
Download Presentation

The History of Secrets Cryptography and Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The History of SecretsCryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science

  2. Secret Writings • Used to write to authorized people • Good guys : • Business partners, lovers, fellow soldiers • Bad guys : • Competitors, parents, enemies, foreign agents • Secrets can be military, diplomatic, commercial, personal, et cetera.

  3. An Early Example • Write in foreign alphabet • Works surprisingly well in era of mostly illiterate people attack at dawn attack at dawn

  4. Caesar cypher (40 BCE) YGYKNNCVVCEMQPVJGYGUVUKFGQHVJGECOR CVFCYPUVQRRNGCUGDGTGCFAVQUQTVKGVQQW TCUUKUVCPEGLECGUCT CVVC -- “bATTAlion”? “inDEED”? “ATTAck”? “cigarETTE”/ “bESSEmer converter”? CUUKU -- “pOSSESsion”? “ASSIStance”? C -> A U -> S K -> I

  5. Caesar cypher (cont.) • Caesar and his reader know something the enemy doesn’t • Can be as simple as replacing letters • Termed the “key” to a cypher • Easier to solve with key than without • Ratio of without/with defines “work factor” WEWILLATTACKONTHEWESTSIDEOFTHECAMPAT DAWNSTOPPLEASEBEREADYTOSORTIETOOUR ASSISTANCEJCAESAR

  6. Nomenclators (1500 ACE) • Systematic replacement of one letter by a single other symbol : monoalphabet cypher • Nomenclator : monoalphabetic cypher with codebook extension for specific words • Weakness : every appearance of a given letter is encyphered identically

  7. Polyalphabetics (16th-20th c.) • Use multiple alphabets to disguise frequent letters • Playfair cypher -- encrypt letters in groups, so TA and TE may have nothing in common • Vigenere cypher -- vary Caesar “key” during encryption • Considered “le chiffre indechiffrable” until early 20th century

  8. Vigenere example • AT becomes both NH and SX in cyphertext • O in cyphertext corresponds to both A, W • Simple frequency analysis no longer works ATTACKATDAWN NOSENOSENOSE NHLEPYSXQOOR

  9. Vigenere decryption • Weakness : key letters repeat • If the key is 4 characters long • 1st, 5th, 9th, etc. characters use same key letter • 2nd, 6th, 10th, 14th, etc. likewise • Frequency characteristic of monoalphabetic (Caesar) cypher • Crack four different Caesar cyphers, and you’re in!

  10. What if the key doesn’t repeat? • A re-used key can give the same effect • BUT • If the key is sufficiently random • Only used once • And never repeats • The resulting cypher is called the Vernam cypher (1917) and is provably unbreakable. • Sometimes called One-Time Pad

  11. Who kept the secrets? • Development and use of cryptography to this point mostly military and diplomatic. • “Obviously” required substantial talent to do, beyond what most people had • Civilian cryptography -- secret notes to lovers, business codes -- still used monoalphabetic cyphers • Methods of analysis becoming available in literature (The Gold Bug, The Dancing Men)

  12. What’s a good cypher? • Kirchoff’s criteria (1883) • Security should reside in the key • System doesn’t need to be kept secret • System should be easy to use in the field • Keys/apparatus should be easily changeable • Impossible to meet all in practice • Naval ships (submarines) can carry much more equipment than PFC Ryan

  13. Enigma • Machine cryptography developed in early 20th century; requires bulky apparatus, but far too complex to crack by hand • ENIGMA -- Main code system of Nazi’s • Three (later four) rotating wheels like odometer of car. Each wheel position yields different key. • 159,000,000,000.000,000,000 keys

  14. The Computer Revolution • Rejewski/Turing cracked Enigma, but had to invent the computer to do it. • And were also scarily, scarily good mathematicians… • Early computers (bombes) could search entire keyspace in about five hours.

  15. Viva la revolution! • Enigma breakthrough classified MOST SECRET until 1975(!); some of Turing’s papers are still classified. Computer encryption is just too dangerous. • BUT, it’s also too useful, especially for civilian/industrial uses like financial transfers • Enter Data Encryption System (DES)

  16. DES • Approved in 1975 by US govt. (NSA) • Non-classified uses only • 32,000,000,000,000,000 possible keys • Created “civilian” cryptography • Most analyzed system ever

  17. Questions about DES • Why so few keys (fewer than 30 year old Enigma, but better mathematical structure)? • NSA approved IBM’s initial design only after making a few changes. Why? • Is there a secret “back door”? Is the government holding a master key? • Is there a good replacement?

  18. Replacing DES • DES held out much longer than originally planned, but (as expected) had too few keys. • Modern computers can crack DES very fast. • … but no one really had a good replacement • 3DES used (late 90s) to extend keyspace • Advanced Encryption System (Rijndahl) finally designed in 2001 as replacement. • No “secret” governmental involvement

  19. Public key encryption • Problem with all cryptography, AES included -- a need for shared secret prior to communication • How do I establish a shared secret with Amazon.com if I don’t work there? Can we avoid this? • Surprising answer : Yes! • Decryption key can be different than encryption key, allowing “public” keys!

  20. Merkle Puzzles (1975) • I publish a huge collection of “puzzles.” You pick one to solve, and send me the solution. • I look up the solution, and recognize which puzzle you solved. Everyone else has to solve all of the puzzles to recognize the solution. • Work factor is number of puzzles • Avoids having to communicate beforehand

  21. RSA Encryption • Named for inventors : Rivest, Shamir, and Adelman (Turing award winners, 2003) • Uses a large product of two primes -- easy to multiply, but very hard to factor • Two keys, d and e : you encrypt with e, while only I know (and can decrypt with) d. • Reversible! I encrypt with d, you decrypt with e and you know I encrypted it!. In other words, it can be used as a signature! • Work factor can be arbitrarily large -- “It’s easier to break thumbs than it is to break RSA”

  22. Power to the People : PGP • Pretty Good Privacy • Written c. 1990 by Phil Zimmermann. Military/diplomatic strength encryption, using private and public key cryptography. • Believed unbreakable by anyone short of major governments, but “freely” available for personal/corporate use • PGPfone -- similar technology for phones

  23. Political issues • Should people be permitted this kind of security technology? • I can keep secrets from my competitors, but also from law enforcement/national security enforcers! • ITAR -- cryptographic equipment regulated as munitions (like machine guns) • Only govt-approved (breakable) encryption permitted.

  24. More politics • Clipper/Capstone chip -- “secure” phone with Law Enforcement Access Field to ensure wiretap capacity • 40-bit (1,000,000,000,000 key) limit on commercially exported software • Criminalization of cryptography per se (France, some other countries) • USA/PATRIOT wiretap provisions • FBI operation CARNIVORE

  25. Discussion points • The genie appears to be out of the bottle, in that the technology for secure encryption is widely available • The roadblocks to widespread implementation are primarily social and political. • Is civilian/personal cryptography a good thing or not?

  26. Conclusions • Secret writing has a long (2000 yr) history • Military/diplomatic communications driving force for most of history; personal/industrial privacy is secondary • Modern cryptographic systems are both highly secure and widely available • Omnipresent computers and ‘Net forcing us to re-evaluate view on security and privacy

More Related