CSI Communications | May 2013 | 7

Cryptology: An Overview
Exclusive Interview with Prof. Bimal Roy, Director, Indian Statistical Institute, Kolkata
Dr. Pinakpani Pal
Associate Professor, Electronics & Communication Sciences Unit, Indian Statistical Institute,
Kolkata and Secretary, CSI Kolkata Chapter
Cover
Story
Q. What is Cryptology? Historically
when did this start?
A. In one line, Cryptology is the “science
of hiding information”.
This may not be a
definition from the
book, but by and large
it has been accepted
in the community. You
may take apart the word
Cryptology to get CRYPTOS
plus LOGOS, where the Greek word
CRYPTOS means “hidden”, and the word
LOGOS means “a systematic study”, as
in the case of names like biology, zoology,
etc. Thus, etymologically, Cryptology
means “a systematic study of hiding
information”.
This study of hiding information
started way back, and there are evidences
from Greece as early as in 400BC. When
two kings exchanged messages, it was
a regular practice to send messengers.
But these messengers were vulnerable,
and the enemy could catch them to get
hold of the message. So they adopted a
procedure – before sending the messages
to another king, the sender would take
the messenger and shave his head.
Then he would write the information
on the top of the messenger’s skull, and
wait for a few weeks to let the hair grow
back. Now the sender king could freely
send the messenger to the other king. If
intercepted or caught, nobody could find
anything from the messenger. On the
other side of the procedure, the king who
received the messenger would shave
his head again to get the message. In
400BC, this was unthinkably ingenious
and fascinating.
Julius Caesar used a cryptographic
protocol that I will cite next. The
procedure is now well known as the
Caesar Cipher. He used to shift the
alphabet of the message, may be Greek
or Roman or anything else, by a fixed
number of letters. Say if the number of
shift is 9, and the language is English,
then the letter A will be shifted by 9
places to become J (A-B-C-D-E-F-G-
H-I-J). Similarly, B will be mapped to K,
and every message will be converted
to something else. This procedure first
introduced the notion of a KEY, in form
of the exact number of places to shift the
alphabet. The procedure or the algorithm
for Caesar Cipher takes as input the
message, but also needs this number of
shifts, or the Key.
The person who developed the basic
algorithm does not need to know the
number. Users of the algorithm, usually
the sender and the receiver, require
the Key as input at the time of actual
communication. This is a very strong
notion – the algorithm is publicly known,
and the only secret entity is the key that
the user chooses during communication.
In case of Caesar Cipher, the key is very
weak, as the possible number of distinct
shifts is limited in any language; only
twenty-five for English, say. The attacker,
if required, may try out all possible keys
(shifts), and obtain the meaningful
message in course of time. In technical
terms, an exhaustive search over all
possible Keys can break the algorithm.
The idea is to make the number of
possible keys as large as possible so that
the attacker cannot make an exhaustive
search and break the algorithm in a
reasonable amount of time.
Until quite recent times, the science
of Cryptology was used regularly, and
exclusively, by governments and defense
sectors during war, in order to protect
the privacy of classified communication.
One of the most important reasons
why the allied forces won World War
About Prof. Bimal Roy
Prof. Bimal Roy received his B.Stat. (Hons.) and M.Stat. degrees from Indian Statistical Institute, Kolkata
and his Ph.D. degree in Combinatorics from University of Waterloo, Canada. He has been a faculty member
at the Indian Statistical Institute, Kolkata for the past 27 years and currently holds the position of the
Director of the Institute since August 2010. He has held visiting positions at various institutions including
the University of Waterloo, the University of Ottawa, INRIA (France), Kyushu University (Japan), and
Deakin University (Australia). His research interests are in combinatorics and cryptology, in which he has
more than 50 journal publications, and has supervised 10 Ph.D. students (plus 5 continuing), and about
30 Master's dissertations. Prof. Roy is a NASI Fellow and the recipient of many awards including the
IBM Faculty Award. Prof. Roy is a pioneer in cryptology research and teaching in India, and he heads the
Cryptology research group at ISI Kolkata. He is the founder-secretary of Cryptology Research Society of
India (CRSI), which co-organizes the widely acclaimed International Conference on Cryptology in India,
Indocrypt, since 2000. It also conducts the National Workshop in Cryptology and the National Instructional Workshop in Cryptology every
year, for dissemination of knowledge in this niche area of specialization. More information is available at: www.isical.ac.in/~bimal
Prelude
Indian Statistical Institute, Kolkata has a renowned Cryptology Research Group (CRG), carrying out research in the areas of cryptography,
security, privacy, and all allied disciplines. The members of CRG study a wide variety of topics, ranging from designing cryptographic primitives
and protocols to the evaluation of their effectiveness and usability in deployed systems. Set up in 1998, the Cryptology Research Group at ISI
Kolkata brings together all researchers at the Institute interested in the areas of Cryptology, Data Security and related aspects of theory and
applications.
CSI Communications | May 2013 | 8 www.csi-india.org
II was a successful attack on the private
communication channel of the German
forces. The Germans were using two
cryptographic machines for a secured
communication. One was Enigma, used
for military communication, and quite
publicized later in popular literature. On
the other hand, the top level Generals,
including the Admiral General, used the
second machine, Lorenz, which is not so
popular in the literature. For both Enigma
and Lorenz, the algorithms were broken
by mathematicians – Enigma was broken
by a Polish mathematician Marian Adam
Rejewski, and Lorenz was broken by a
group led by William Thomas Tutte. In
fact, while at University of Waterloo,
I was a student of Prof. Tutte, the
mastermind from Cambridge behind the
Lorenz attack during WWII. Although the
allied forces won WWII with cryptology
as a major player in the game, one
did not call this a science. There was
no concept of scientific proofs. If you
proposed an algorithm, it was not clear at
that point what “breaking the algorithm”
meant, or what were the conditions
to make breaking impossible, or at
least “dif cult”. The formal complexity
notions of operation or of breaking a
cryptographic algorithm were not yet
studied systematically.
The whole notion came in 1975
through a paper by Dif e and Hellman,
who established a scheme for secure
information exchange, where they showed
that if anybody could break the algorithm,
they could have solved an underlying
dif cult computational problem in
mathematics – the discrete logarithm
problem (DLP). As of today, DLP is known
to be a computationally hard problem.
Although this is not proved to be NP-hard,
it is believed to be a hard problem to solve
in practice. As long as DLP remains hard
to the mathematics and computer science
community, breaking Dif e and Hellman’s
algorithm remains practically impossible.
The notion of impossibility, the notion
of security proofs, all started from that
seminal paper by Dif e and Hellman.
In our group at ISI, we often refer to
an incident from 2000 – Adi Shamir came
for the first International conference on
Cryptology in India, Indocrypt, and told that
the year 2000 marked the 25th anniversary
of cryptology as a science. Dif e and
Hellman’s seminal paper in 1975 gave birth
to modern cryptology as a proper scientific
discipline, and this changed the nature of
cryptology ever since.
Q. What is the relationship of
cryptography and security?
A. Security refers to a broader area
compared to Cryptology. In order to
secure our data, network and information
structure, we require cryptology as a tool
for attaining the required level of security.
I would say, cryptology is an indispensable
theoretical tool, while security is a broader
practical notion that uses cryptology in
various forms.
Q. People often use different terms
like privacy, authentication, public key,
symmetric key etc. Can you explain them?
A. These terms are dif cult to define.
When I say the term “non-repudiation”,
I mean a textual term, which is not
mathematically defined. But, I will state
what is really meant by privacy or secrecy.
Security is a broad domain, and we have
terms like privacy, secrecy, confidentiality,
non-repudiation, authentication etc.
Privacy refers to doing certain
operations that only you are authorized
to do, or which have been authorized
by you. The way of achieving privacy is
authentication – like digital signature.
In general domain, we put a physical
signature – if I may sign as Pinakpani
Pal, then those who do not know your
signature, will not know that you have
not actually signed. But who knows your
signature will know. Those who have not
seen your signature cannot verify my
signature as yours, nor can they deny.
Those who know your signature can
both verify or deny it. To attain privacy,
authentication is a tool. It is achieved by
the notion of digital signature.
Another notion is non-repudiation.
Suppose you send a mail to place an
order – for a supply of 500 tube lights,
say. However, you may deny this the next
day. When the supplier is ready with the
500 tube lights to deliver, you may say –
“Oh, I did not put this order”. The ordering
system should have such a mechanism
that you should be able to deny any
false orders made by your name, but you
cannot deny any order that you yourself
have made earlier. That is, there should
be a method of proving that yes, Pinak has
put this order, if you had actually done so.
This is called non-repudiation.
Secrecy is the main notion in
Cryptology. It ensures that, even if
someone gets to know the message in
communication over an insecure channel
(like emails, phone etc.), and assumes that
something is going on, he/she should not
be able to bring out the actual meaning
out of the message. We assume that the
world is vulnerable; you can send me a
message, I can store the information, but
everybody can still access that. Secrecy
means anybody can access the message
during communication or storage, but
the retrieval of the actual information is
dif cult. Note that I don’t say impossible,
but dif cult – dif cult in terms of
computational power of the attacker. This
is the idea of secrecy or confidentiality.
This is a physical notion and you have
tools in Cryptology to achieve it.
Q. So terms like digital rights, pay-per-
view, or ATM pin verification methods
are such tools?
A. These are basically authentication
tools. If I am trying to get money from an
ATM machine, the pin is
authenticating my card
to the central server,
through the ATM
machine. When we
insert the card in the
ATM machine, it should
connect to the main server, and the main
server must be assured that you are the
right person to use it. Even if somebody
has stolen the card from you, he/she
should not be able to authenticate him/
herself as you and withdraw the money.
The pin is used to authenticate that this
is Pinakpani Pal. When the machine is
sure (after verifying with the pin) that it is
Pinak, it will authorize the ATM machine
for the transaction.
In real life there are diferent ways
to achieve such a thing. This is called a
........ before sending the messages to another king, the sender would
take the messenger and shave his head. Then he would write the
information on the top of the messenger’s skull, and wait for a few
weeks to let the hair grow back.
CSI Communications | May 2013 | 9
“challenge-response” model. Suppose
that the Indian Government allows an
aircraft to fly over Indian sky, not that every
aircraft is given such permission. If given
permission, we have to have a challenge
response model. When one can see a
plane in the sky, the aviation authorities
will send a challenge, that is, they will
send the plane a message encrypted in
a particular way. The authorized aircraft
should decrypt it and send the proper
response back in a legitimate encrypted
format. The authorities will decrypt and
understand what the plane has sent
back – if this response is not proper,
the aviation authorities will know that
the aircraft is not authorized to fly over
the Indian sky. If only the response is
proper, that the aircraft is allowed to fly,
or otherwise it may be ordered to bring.
This model in cryptology is known as a
challenge response protocol.
This is used in any communication.
Say if the Chief Minister wants to talk with
the Prime Minister, then before answering
the phone, the Prime Minister would
like to know if he is really talking to the
Chief Minister or not. So they will make a
challenge response model with the Chief
Minister’s secretary and make a decision
based on that.
Let's take another example – asking
an additional question as a challenge. If I
call my credit card company and ask my
balance, they won’t tell. They will ask me
for other information, like my date of birth,
mother’s maiden name, dream personality
etc. They will ask you a set of questions,
and unless you answer properly, they will
not respond.
So for verification or authentication,
this challenge response model is a
standard protocol, accepted by the entire
community. There are lots of algorithms.
Response is a simple thing – it only stores
some information. But at the same time,
it is vulnerable. Suppose Pinak that I know
your date of birth, your mother’s maiden
name, your favorite Bollywood film star.
Then I can respond
properly and
impersonate you
while remotely
communi cat i ng
with your credit
card company,
or your bank. So
there is of course
something beyond the simple ideas that
you have to do. But the bottom-line is that
they have to be sure that you are Pinakpani
Pal, before they answer to you.
Q. What is the stand of Indian Government
on Cryptography?
A. Well, the Indian government is trying
to develop indigenous cryptographic
products by 2020. They are trying to
install some kind of certification procedure
even in non-defense domain. At this point,
all the cryptographic algorithms or the
equipments that the defense uses are
certified by the government agency. But
if you (non- government) want to use
something, or if a bank wants to have
some mechanism, no government agency
certifies the system. The government is
thinking of having a little more control
on any cryptographic product to be used,
by providing certification. For national
testing, they certify through their body.
They are also in the process of forming a
civil body for handling the non-defense
applications.
By 2020, it is expected that the
production of cryptographic utilities will
be indigenous. The government does not
want to buy these sensitive products from
others. They are never very sure whether
there may exist a trap door in those
products, and to find one is a huge task.
The dream is to develop our nationalized
technology, implementation, application
to such a level that we become completely
independent. I don’t know how it will be
realized, as 2020 is not very far, only seven
years from now. But that’s something the
government is trying to see that it’s done.
In India, we cannot use encryption
in mobile phone that you use, it could
be very much legal in other countries,
but here we need to have government
permission to use modes of encryption
given to people. It’s like holding a pistol;
you cannot put any extraneous encryption
algorithm in your mobile. Any personally
encrypted communication may be tracked
for potential threats or terrorist activities
against the nation.
Q. Please tell us about few cryptography
protocols or popular algorithms like SSL.
A. These are public domain algorithms.
SSL/TLS for example
uses the widely
popular stream cipher
RC4. But, according to
recent results in the
community, SSL/TLS
have undergone a major
attack, and may already be broken. They
still use RC4 for the actual communication.
Prof. Subhamoy Maitra of our group at ISI
is an expert in RC4. It has been accepted
that SSL/TLS mode of RC4 usage is not
very strong. But again, the cost of breaking
it will be so much that in our kind of simple
message communication, we feel that
nobody would invest that much of money
to break out our usual communication
framework. But still, SSL is not secure in
theory, as there are potent attacks on the
system.
Q. Please tell us about scope and future of
research and development in cryptology.
A. In Indian industry, I would say that
this is yet to be there. They are still not
working in the domain of cryptology
very seriously. I know that Microsoft
Research India does some R&D and that
TCS Innovation Lab, Infosys R&D have
also tried to do something, but again,
as far as my knowledge goes, it is not
very serious. I feel that the main reason
.... cryptology is an indispensable theoretical tool, while security is a
broader practical notion that uses cryptology in various forms.
Secrecy means anybody can access the message during communication
or storage, but the retrieval of the actual information is dif cult.
...according to recent results in the community, SSL/TLS have undergone
a major attack, and may already be broken.
CSI Communications | May 2013 | 10 www.csi-india.org
is that this kind of R&D needs some
considerable amount of investments for
some time, and this is not something
coming out of the market that you
invest today and get the results in six
months. It needs a long-term sustained
investment, which I believe; the Indian
industry is not very keen on pursuing.
But the Indian government is
very keen. If you want to pursue
cryptography R&D and you apply for a
grant from government organizations
like DIT, DRDO, or even DST, NBHM,
there is a fair chance that you will get
it. Our government is investing a lot
of money on this, though the Industry
is not. Government looks for long-
term investment. They don’t look for
something coming in five years’ time.
For example, when they gave me the first
grant at ISI, way back, they knew that it
might take 4-5 years to come out with
anything tangible. In fact, the fruit did
bear. They have been getting enormous
amount of support and service from the
ISI community – for defense, police etc.
But the government had believed in us,
and had invested initially at ISI, while I
don’t think we could give them anything
for the first five years. But they were
all very positive about it. I did apply to
the Industry as well, but hardly got any
response, except for having meetings,
lunches, or delivering lectures. ISI did
not get any substantial R&D support in
Cryptography from the industry, and I
doubt if anyone in India has got it so far.
Q. What are various disciplines in
Cryptography?
A. To start with cryptography, you need
a mathematical algorithm. This will
require basic mathematics, evolving
around algebra, algebraic geometry,
number theory, probability theory, and
some statistical inference. These are the
basic things to help in developing good
algorithms in Cryptology.
Next thing that is important is the
complexity of developed algorithms,
which normally mathematicians and
statisticians do not want to study. Unless
the complexity is well studied and you can
ensure that attacking this algorithm by
present day computing facility is beyond
our technical capability, nobody is going
to accept this algorithm. The complexity
analysis has to be done very carefully.
This is done in very hardcore theoretical
computer science, and forms the basis of
modern Cryptology.
Once the complexity and
security analysis is done and found
satisfactory, you need to get a software
implementation to study different
properties of practical security and
efficient implementation. You need to
have some software engineering skills
along with coding capability to have a
very efficient software implementation.
So far, the algorithm is only in a
mathematical form, and as long as
we cannot deliver it as a product, no
one is going to accept it. So software
implementation is a must.
Even after you have a good software
implementation; it may be difficult
to implement it on small devices like
this mobile. If you use on a standard
computer, that’s fine. I can use that,
after installing the software. But for
other communication devices like
mobile phone, tablets, etc., it is quite
inappropriate if you do not consider
hardware implementation. That means
you need to embed the algorithm in
FPGA or ASIC. I am not an expert in
hardware, but again, an efficient way
of doing this means you have to be
very good in electrical and electronics
engineering to be able to translate the
software algorithm efficiently on to the
hardware environment. Then the last
stage will be to fabricate the device,
after the hardware implementation is
well studied, which again requires the
knowledge of electronics.
I would say that the layers of
Cryptology are as follows – mathematics
to get hold of the algorithm, followed by
theoretical computer science, followed
by software engineering, followed
by hardware as electronics, and then
fabrication, another hardware engineering
level. All these would be needed to get one
cryptographic product out in the market.
In our group at ISI, we have been
succeeded because we have experts
in these areas. We did not have much
expertise in the last phase, but now
we have people like Ansuman Banerjee
and his team who can contribute in
hardware. You also have done some
implementations with Palash Sarkar,
right? The Algorithm is meaningless
until we can see through the whole
process. We at ISI are fine up to that. As
you can see, I take pride that our group
at ISI is a national leader in Cryptology.
We have internationally well acclaimed
figures like Rana Barua, Palash Sarkar,
Subhamay Maitra, Kishan Chand Gupta,
and Mridul Nandi, to constitute a very
strong team.
Q. Your message to younger generation,
please.
A. I think, the brighter minds of our
nation must study Cryptology and its
allied disciplines, as I mentioned earlier.
There is an enormous scope at the
government level. But, there is a little
catch here, because as we all know,
younger and brighter minds don’t want
to join the government sectors. But as I
know that there is plenty of opportunity
at the government level, I am hoping
that the Indian industry will also be
positive towards Cryptology R&D. And
when the Industry becomes positive,
the bright and young minds of India
are going to be attracted and properly
utilized. There is enough academic and
intellectual challenge in every aspect of
Cryptology to cater to the bright young
minds of our country, and anybody with
a mathematics, computer science, or
electrical, and electronics engineering
background can study and do well in this
area. n
(Photo courtesy: Reprography and Photography
Unit, ISI Kolkata)
....layers of Cryptology are as follows – mathematics to get hold of
the algorithm, followed by theoretical computer science, followed by
software engineering, followed by hardware as electronics, and then
fabrication, another hardware engineering level.