The Most Significant Result in Modern Cryptography
Pradeep Kumar Mishra, CISSP. Flint Energy Services Ltd, Fort MacMurray, AB, Canada.
Introduction Cryptography is the art of secret writing. It comes from two greek words: cryptos means secret and graphein, whose meaning is writing. Cryptography is used to communicate secretly. It has a long history. In ancient times, it was the science of statecraft. Only kings and emperors used cryptography to communicate with their generals fighting on the frontiers. History says, the great Roman emperor Julius Caesar had devised and used a classical cryptographic scheme, which is known as Shift Cipher or Caesar Cipher, named after him. We will describe the Shift Cipher later in this article. In this age of the Internet, when most of the people in advanced societies use the Internet for their day-to-day affairs (in banking, shopping, paying bills, booking travel and other services etc ) cryptography has become indispensable for all. All of us use a healthy dose of cryptography (mostly unknowingly) in our everyday lives. There are softwares called sniffers, which can be used to grab every piece of information entering and leaving a computer system connected to the Internet. While using the web-based services, if the personal and financial information of the user is sent in plain English, it is highly likely that they will fall in the hands of unscrupulous persons, which can be very detrimental to their financial status. The information superhighway (the Internet) is freefor-all. The information sent over an open channel like the Internet must be somehow garbled so that even if it falls in the hands of some unintended recipients, the real meaning of the message remains undisclosed. Confidentiality is a must in e-banking, e-commerce and services like that. Also, the intended recipient must be able to correctly decipher the meaning of the message. Cryptography is the art (or science) of garbling and ungarbling of messages. In cryptographic literature, an ungarbled message is called plaintext. The process of garbling is called encryption and the garbled message is called the ciphertext. The process of getting the plaintext from the cipphertext (opposite of encryption) is called decryption. The process of encryption is called a cryptographic scheme. A cryptographic scheme is said to be broken or compromised, if an unintended person can decrypt a ciphertext with practical amount of efforts. Cryptography uses keys. A cryptographic key in most cases is a number (not a metallic object like the keys used to open doors). Of course this is not a novelty. The number locks also use a secret combination of numbers to unlock them. In cryptography, the numeric keys are used to encrypt and decrypt messages. In Figure 1, we have explained how a sender encrypts the plaintext and the receiver decrypts it. The keys are secret. If the keys are disclosed or if an adversary can decrypt ciphertext messages even without the knowledge of the required cryptographic key then the cryptographic scheme is said to be broken. Breaking of cryptographic schemes is another challenging (and hence interesting) area of study, known 1
as Cryptanalysis. The classical cryptography is called secret key cryptography or symmetric key cryptography. That is because the cryptographic keys used for encryption and decryption is the same (so symmetric key). The Shift Cipher used by Julius Caesar is a symmetric key encryption scheme.
ROMEO LOVES JULIET
WTRJT QTAJX OZQNJS
Sender encrypts plaintext to get cyphertext.
WTRJT QTAJX OZQNJS
ROMEO LOVES JULIET
Receiver decrypts cipher text to plaintext. Figure 1: Encryption and Decryption processes 2
Classical Cryptography In this section we will describe the simple Shift Cipher as an example of symmetric key cipher. In English alphabet there are 26 letters. Let us write these letters on the circumference of a circle. We will call this circle the letter-wheel. Before sending a message the sender agrees upon a common key with the receiver. Suppose the key is 5 and the sender wishes to send the message “ROMEO LOVES JULIET” to the receiver. The sender uses the letterwheel. He takes one letter of the message at a time and starting from the letter's position on the letter-wheel moves five positions in the clockwise direction and picks up that letter. He replaces the the original letter in the message by the picked-up letter For example R goes to W, O goes to T, M goes to R, E goes to J and O goes to T. Thus the word ROMEO in plaintext becomes WTRJT in the ciphertext. LOVES becomes QTAJX and JULIET becomes OZQNJS. The encrypted message is thus: WTRJT QTAJX OZQNJS.
Figure 2: The letter wheel The ciphertext looks really funny and does not offer any clue to an unintended receiver about its real meaning. However, the receiver can easily decipher it. He knows the secret key, i.e. 5. He also uses the letter-wheel. He shifts every letter in the ciphertext 5 units in the counterclockwise direction in the letter-wheel, so that W goes to R, T goes O, R goes to M and so on. Thus WTRJT decrypts to ROMEO and thus the whole message can be deciphered. Even if someone intercepts the message, it is difficult for one to decipher it without the knowledge of the secret key, i.e. 5. There are many such schemes in classical cryptography. Also, some of them are broken nowa-days. Shift cipher in the modern times is not at all secure. Observe that, there are only 26 possible keys. One can try each one of them to find out the exact meaning of the cipher text. Such attacks are called Exhaustive Search Attacks in cryptographic literature. If the key space is small, exhaustive search can be very effective in breaking an encryption scheme. If one uses a computer, the shift cipher can be broken in the fraction of a second. This does not mean that all symmetric key ciphers are insecure. In the great wars, classical cryptographic schemes played very important roles. All the fighting powers had devised their own encryption schemes. Cryptanalysts of the warring nations burnt much midnight oil while trying to break the opponents' encryption schemes. Many interesting stories are there about the brain games played by the cryptographers of the time. Modern cryptography uses many 3
symmetric key schemes, which are designed using many sophisticated techniques of computer science and mathematics. They are not only secure, but also very fast in encryption and decryption functions. Many schemes can be implemented in hardware making them even faster. In fact many commercial cryptographic devices now use symmetric key cryptography. For example your phone and fax machines may be encrypting your messages before sending them over the cables. If the encryption and decryption processes used in phones are not very efficient then a smooth communication can not take place. However, description of modern symmetric key schemes is outside the scope of this article. Our intention is to describe, what in our opinion, is the most significant discovery in modern cryptography. One main disadvantage of symmetric key schemes is key exchange between the sender and the receiver. They must agree upon a common secret key for encryption and decryption and this must be sent by one party to the other very securely. This could be cumbersome and expensive and in most cases may not worth it. Also the classical cryptography believed in “security in obscurity”. That is confidentiality of the message can be maintained if the encryption scheme and the keys are kept secret. Gradually a new school of thought emerged, which thought otherwise. To them nothing but the keys should be confidential. If the encryption method is available in the public domain for scrutiny, its weaknesses can be explored in depth and insecure schemes can be put to rest. An obscure and insecure encryption scheme can provide a false sense of security, which could be very dangerous. The Most Significant Discovery of Modern Cryptography In the late seventies, two scientists put forward a very innovative scheme for key agreement. Two people communicating through a insecure channel like the Internet can securely communicate with each other to share a secret key. Even if their communication messages are intercepted by an adversary, the confidentiality of the key can be maintained. The scheme uses a simple law of powers: for any three numbers a, b and c, (ab)c = abc = (ac)b and Assumption 1 described below. These two people are Whitefield Diffie and Martin Hellman. They published their discovery in 1977, which is popularly known as Diffie-Hellman key exchange method. The aim of the present article is to present a glimpse of the novelty of the scheme without going into detailed mathematical rigor. All of us know that 21 = 2, 22 =4, 23=8 and so on. All of us know the small powers of 2. Also for a small number, it is easy to answer questions like what power of 2 is 64 or 256. But what power of 2 is 4294967296? The answer is 32, which is not very obvious. Of course if one uses a calculator, one can answer this question in a few minutes. Let us consider the 30 digit number 43517237482183718377817827882196. What power of 2 is 43517237482183718377817827882196? It is difficult to answer this question even with a calculator. With some tricky computer programming one can answer this question within a few hours. What if we consider a 300 digit number? If we are considering powers of 2, then the situation is simpler. What, if we consider 300 digit number powers of a 300 digit number? No wonder, even a supercomputer will take years to answer that. Of course, a computer’s memory does not allow use of arbitrarily large numbers. So it is not 4
possible to use arbitrarily large powers of arbitrarily large numbers. To trim these numbers into manageable size, cryptographer use so called modular arithmetic. Modular arithmetic can be explained by the use of a number-wheel. As this article is intended to present just a flavor, we don’t go into the mathematical details. Thus we have the following assumption: Assumption 1: There are large numbers a and x such that even if ax and a are known, it is extremely difficult to find the number x. Suppose two people wish to communicate between them confidentially. Cryptographers love to use 2 fictitious characters Alice and Bob. They are far apart and are connected by an insecure channel like the Internet. They wish to share a common key to encrypt and decrypt messages between them. They can do so as described below. 1. First of all they agree upon a large number a. We don’t mind if anybody intercepts the messages between them and comes to know about a. So they can communicate ‘a’ freely between them in plaintext. 2. Alice then arbitrarily chooses one number p and calculates ap and sends it to Bob. She keeps p secret. 3. Bob also selects a number q arbitrarily, calculates aq and sends it to Alice. Bob also does not disclose q. 4. After receiving aq from Bob, Alice raises this number to his secret number p. The number she gets is (aq)p = apq. 5. After receiving (ap) from Alice, Bob raises this number to the power q, his secret. He gets (ap)q = apq. And see, they both have the same number now, which they can use as their secret key to exchange messages using secret key cryptography!! If an adversary is intercepting their communications, can he find out the secret key apq? Certainly not. By intercepting Alice’s messages, he can come to know about a and ap, but he can not find out p due to Assumption 1. Similarly he can not get q. So it is extremely difficult for him to find apq. This elegant technique was discovered by Diffie and Hellman in 1977 and is popularly known as Diffie-Hellman key exchange algorithm. This led to the birth of an important branch of cryptography, called public key cryptography (PKC) or asymmetric key cryptography. In symmetric key cryptography, one secret key is used for both encryption and decryption. In PKC every user has 2 keys: a public key and a private key. A user's public key is available in the public domain like one's email address. Anybody can send an encrypted message to the user using the user's public key for encryption. User keeps the private key secret. He decrypts the message using his/her private key (like password in the email system, only the person knowing the password can access the message). If the private key is compromised, then the system breaks, no more able to provide confidentiality. One major advantage of PKC over 5
symmetric key cryptography is ensuring non-repudiation. Non-repudiation is: after sending a message one should not be able to deny one's action. In non-electronic communication this is ensured by signature. One can not deny a message that he has signed. In electronic communication, this is ensured using digital signatures. Public key cryptography makes it possible to implement digital signatures. Public key cryptography has played a major role in the success of the Internet. Diffie-Hellman Key Exchange led to birth of these schemes. That is the reason why we designate this as the most important result in modern cryptography.