P. 1
A Cryptography Primer

# A Cryptography Primer

|Views: 11|Likes:
A high-level overview of what cryptography is, how it works, and what the major kinds are. "Crypto for dummies", essentially.
A high-level overview of what cryptography is, how it works, and what the major kinds are. "Crypto for dummies", essentially.

See more
See less

07/01/2014

pdf

text

original

# A Cryptography Primer The word Cryptography comes from the Greek words cryptos (hidden) and graphos (written

). Thus, even from the word itself we find a strong hint as to its meaning. A strict definition of the word as currently used would be “the science and study of making and using secret writing, such as codes and ciphers”. The intent of cryptography is simple – if you cannot trust that your messages will not be intercepted by a third party, then you mask the messages in such a way that others cannot easily read them. Early methods focused more on ciphers and codes – hidden alphabets and the like. One of the earliest known examples was the Caesar cipher. In order to communicate with his generals, Caesar had his messages encoded using a “shift” - i.e., each letter would be shifted down in the alphabet by a pre-arranged amount. So, for example, if the “shift” was pre-arranged to be 3, every letter “A” in the message would be replaced by a “D”, every “B” would be replaced by an “E”, and so on. In this sort of code, if you reach the end of the alphabet you simply wrap around to the beginning again. So, in our example above, “X” would become “A”, “Y” would become “B”, and “Z” would become “C”. This technique is still sometimes used today, most commonly as part of a larger encryption system such as the Vigenère cipher. Modern computer systems may also include a “ROT-13” function, which is basically a Caesar cipher with a shift of 13 (half the alphabet). On consideration, you should be able to spot the weakness in the Caesar cipher. Hint: what would be the maximum number of attempts that would be required to calculate all possible shifts of a given message? Secret alphabets have also been used in the past. This could either be a mapping of letters and digits to non-standard symbols, or a remapping of the letters and digits to other, random positions in the symbol set. So, for example, A could become X, B could become J, C could become 6, and so on. The easiest way to crack these (assuming a standard set of symbols mapping 1-to-1 to English letters and digits) is via frequency analysis. It is well known that certain letters in the English language are relatively common (such as S, T, E, and A), and others are very uncommon in normal written language (such as X, Q, and Z – i.e. the high-value Scrabble tiles). By counting up all occurrences of each symbol, and then using a bit of trial-and-error, it can be possible to crack the code without having to try every possible combination. This can be made even easier if the spaces between words in the original message are preserved – you then know that (for example) a single symbol by itself must be either an I or an A, and a two-symbol pair by itself can be one of only a handful of words (such as “is”, “as”, “or”, and “it”). Modern computers, which can perform millions of operations a second, would be able to crack such a code in minutes at worst. There is one application of secret alphabets which is still in common use today, and is widely considered to be impossible to break: the one-time pad. Basically, the one-time

Original message (“plaintext”)

Math

Encrypted message (“ciphertext”)

Math

Original message

Key

Key

Since the same key is used for both encryption and decryption, it should be obvious that if the bad guys have your key, they can read your mail. There’s another weakness in this form of system, which may not be immediately obvious – as computers get faster, “brute force” attacks (in which every possible key is tried until one works) become easier. And, once your key is compromised by a brute-force attack, you have to go and send a replacement key to everyone who’s supposed to have a copy, while making sure the new key is not intercepted by the bad guys. This is helped in part by longer keys, usually expressed as the number of “bits” in a binary representation of the key. Every bit doubles the number of possible keys, so that a 56-bit key (for example) has 28 (or 256) times as many possible values as a 48-bit key (since 56 is 8 more than 48). One well-known example of this form of encryption is DES, more formally known as the Data Encryption Standard, which was introduced as a US Government standard in 1976. DES only had a 56-bit key length, so as time went on (and computers became more powerful), it became easier and easier to break DES via brute force. A 56-bit key may have 72,057,594,037,927,936 (72 quadrillion) possible combinations, but when you can process billions of keys a second (as with modern parallel processing techniques), it doesn’t take long to break even that sort of number. In response, it was strengthened to “Triple DES” (or 3DES), which applies the encryption algorithm three times to each block in an encryption/decryption/encryption cycle. Since DES is a symmetric-key encryption technique, using the same keys for both the encryption and decryption portions of the 3DES cycle would mean that it would be essentially the same as DES (first encrypting, then decrypting, and then finally re-encrypting the message all with the same key). Instead, the strongest form of 3DES uses 3 different 56-bit keys, one to encrypt the message, the second to “decrypt” (which really just encrypts it more), and then finally a third key to re-encrypt the message again.

Most modern encryption research focuses instead on shared-key encryption. In this technique, each party generates a “key pair”. One key is your public key – this can be distributed to anyone, and is used (together with someone else’s private key) to encrypt messages to you. The other key is your private key, used together with another person’s public key to decrypt messages from them, and should never be disclosed to anyone at all (no, not even your mother). One of the big advantages of this form of cryptography is that transmitting the public key is trivial – even if the bad guys have it, it’s only half of the equation (so to speak), so you can send it by any channel, even one that you know they’re listening on.

Original message (“plaintext”)

Math

Encrypted message (“ciphertext”)

Math

Original message

Your Public Key + Sender’s Private Key

Your Private Key + Sender’s Public Key

Without getting deeply into the mathematics involved, this technique relies on a unique property of prime numbers – the product of two prime numbers is not divisible by any other number (besides itself and the number one, obviously). As a trivial example, the number 21 is the product of 3 and 7 – and there is no other set of numbers which, when multiplied together, also equals 21. This trick is used to generate a unique key using the product of two very large prime numbers, which is then split into public and private keys. In practice, if Alice wants to send a message to Bob without it being intercepted by Eve, she encrypts the message using a combination of Bob’s public key and her private key. When Bob receives the message, he decrypts it using a combination of Alice’s public key and his private key. Eve may know both public keys, but she still can’t combine them to help her decrypt the message, so she’s stuck having to try to brute-force the key. Modern keys vary from 256 to over 1000 bits, so it can take a LONG time to try all possible combinations, even with modern supercomputers. Note that quantum computing (if it ever becomes economically viable) would mean that methods of breaking codes that are currently impractical due to time limitations would become much more viable. For example, factoring the product of large prime numbers (as discussed above) is currently very computationally intensive and thus considered impractical – what good is it if you’ve cracked my credit card number a hundred years after I’m dead and gone?