secrets

The History of Secrets

Cryptography and Privacy







Patrick Juola

Duquesne University

Department of Mathematics and

Computer Science

Secret Writings



• Used to write to authorized people

• Good guys :

• Business partners, lovers, fellow soldiers

• Bad guys :

• Competitors, parents, enemies, foreign agents

• Secrets can be military, diplomatic,

commercial, personal, et cetera.

An Early Example



• Write in foreign alphabet



attack at dawn

attack at dawn



• Works surprisingly well in era of mostly

illiterate people

Caesar cypher (40 BCE)



YGYKNNCVVCEMQPVJGYGUVUKFGQHVJGECOR

CVFCYPUVQRRNGCUGDGTGCFAVQUQTVKGVQQW

TCUUKUVCPEGLECGUCT





CVVC -- “bATTAlion”? “inDEED”? “ATTAck”?

“cigarETTE”/ “bESSEmer converter”?

CUUKU -- “pOSSESsion”? “ASSIStance”?





C -> A U -> S K -> I

Caesar cypher (cont.)



WEWILLATTACKONTHEWESTSIDEOFTHECAMPAT

DAWNSTOPPLEASEBEREADYTOSORTIETOOUR

ASSISTANCEJCAESAR





• Caesar and his reader know something the

enemy doesn‟t

• Can be as simple as replacing letters

• Termed the “key” to a cypher

• Easier to solve with key than without

• Ratio of without/with defines “work factor”

Nomenclators (1500 ACE)



• Systematic replacement of one letter by a

single other symbol : monoalphabet cypher

• Nomenclator : monoalphabetic cypher with

codebook extension for specific words



• Weakness : every appearance of a given

letter is encyphered identically

Polyalphabetics (16th-20th c.)



• Use multiple alphabets to disguise frequent

letters

• Playfair cypher -- encrypt letters in groups, so

TA and TE may have nothing in common

• Vigenere cypher -- vary Caesar “key” during

encryption

• Considered “le chiffre indechiffrable” until early

20th century

Vigenere example



ATTACKATDAWN

NOSENOSENOSE

NHLEPYSXQOOR







• AT becomes both NH and SX in cyphertext

• O in cyphertext corresponds to both A, W

• Simple frequency analysis no longer works

Vigenere decryption



• Weakness : key letters repeat

• If the key is 4 characters long

• 1st, 5th, 9th, etc. characters use same key letter

• 2nd, 6th, 10th, 14th, etc. likewise

• Frequency characteristic of monoalphabetic

(Caesar) cypher

• Crack four different Caesar cyphers, and

you‟re in!

What if the key doesn’t repeat?



• A re-used key can give the same effect

• BUT

• If the key is sufficiently random

• Only used once

• And never repeats

• The resulting cypher is called the Vernam

cypher (1917) and is provably unbreakable.

• Sometimes called One-Time Pad

Who kept the secrets?



• Development and use of cryptography to this point

mostly military and diplomatic.

• “Obviously” required substantial talent to do,

beyond what most people had

• Civilian cryptography -- secret notes to lovers,

business codes -- still used monoalphabetic

cyphers

• Methods of analysis becoming available in

literature (The Gold Bug, The Dancing Men)

What’s a good cypher?



• Kirchoff‟s criteria (1883)

• Security should reside in the key

• System doesn‟t need to be kept secret

• System should be easy to use in the field

• Keys/apparatus should be easily changeable

• Impossible to meet all in practice

• Naval ships (submarines) can carry much more

equipment than PFC Ryan

Enigma



• Machine cryptography developed in early

20th century; requires bulky apparatus, but

far too complex to crack by hand

• ENIGMA -- Main code system of Nazi‟s

• Three (later four) rotating wheels like

odometer of car. Each wheel position

yields different key.

• 159,000,000,000.000,000,000 keys

The Computer Revolution



• Rejewski/Turing cracked Enigma, but had

to invent the computer to do it.

• And were also scarily, scarily good

mathematicians…





• Early computers (bombes) could search

entire keyspace in about five hours.

Viva la revolution!



• Enigma breakthrough classified MOST

SECRET until 1975(!); some of Turing‟s

papers are still classified. Computer

encryption is just too dangerous.

• BUT, it‟s also too useful, especially for

civilian/industrial uses like financial

transfers

• Enter Data Encryption System (DES)

DES



• Approved in 1975 by US govt. (NSA)

• Non-classified uses only

• 32,000,000,000,000,000 possible keys

• Created “civilian” cryptography

• Most analyzed system ever

Questions about DES



• Why so few keys (fewer than 30 year old

Enigma, but better mathematical structure)?

• NSA approved IBM‟s initial design only

after making a few changes. Why?

• Is there a secret “back door”? Is the

government holding a master key?

• Is there a good replacement?

Replacing DES



• DES held out much longer than originally

planned, but (as expected) had too few keys.

• Modern computers can crack DES very fast.

• … but no one really had a good replacement

• 3DES used (late 90s) to extend keyspace

• Advanced Encryption System (Rijndahl)

finally designed in 2001 as replacement.

• No “secret” governmental involvement

Public key encryption



• Problem with all cryptography, AES

included -- a need for shared secret prior to

communication

• How do I establish a shared secret with

Amazon.com if I don‟t work there? Can we

avoid this?

• Surprising answer : Yes!

• Decryption key can be different than

encryption key, allowing “public” keys!

Merkle Puzzles (1975)



• I publish a huge collection of “puzzles.”

You pick one to solve, and send me the

solution.

• I look up the solution, and recognize which

puzzle you solved. Everyone else has to

solve all of the puzzles to recognize the

solution.

• Work factor is number of puzzles

• Avoids having to communicate beforehand

RSA Encryption

• Named for inventors : Rivest, Shamir, and

Adelman (Turing award winners, 2003)

• Uses a large product of two primes -- easy to

multiply, but very hard to factor

• Two keys, d and e : you encrypt with e, while

only I know (and can decrypt with) d.

• Reversible! I encrypt with d, you decrypt with e

and you know I encrypted it!. In other words, it

can be used as a signature!

• Work factor can be arbitrarily large -- “It‟s easier

to break thumbs than it is to break RSA”

Power to the People : PGP



• Pretty Good Privacy

• Written c. 1990 by Phil Zimmermann.

Military/diplomatic strength encryption,

using private and public key cryptography.

• Believed unbreakable by anyone short of

major governments, but “freely” available

for personal/corporate use

• PGPfone -- similar technology for phones

Political issues



• Should people be permitted this kind of

security technology?

• I can keep secrets from my competitors, but

also from law enforcement/national security

enforcers!

• ITAR -- cryptographic equipment regulated

as munitions (like machine guns)

• Only govt-approved (breakable) encryption

permitted.

More politics



• Clipper/Capstone chip -- “secure” phone

with Law Enforcement Access Field to

ensure wiretap capacity

• 40-bit (1,000,000,000,000 key) limit on

commercially exported software

• Criminalization of cryptography per se

(France, some other countries)

• USA/PATRIOT wiretap provisions

• FBI operation CARNIVORE

Discussion points



• The genie appears to be out of the bottle, in

that the technology for secure encryption is

widely available

• The roadblocks to widespread

implementation are primarily social and

political.

• Is civilian/personal cryptography a good

thing or not?

Conclusions



• Secret writing has a long (2000 yr) history

• Military/diplomatic communications

driving force for most of history;

personal/industrial privacy is secondary

• Modern cryptographic systems are both

highly secure and widely available

• Omnipresent computers and „Net forcing us

to re-evaluate view on security and privacy