The History of Secrets Cryptography and Privacy

1
The History of SecretsCryptography and Privacy

• Patrick Juola
• Duquesne University
• Department of Mathematics and Computer Science

2
Secret Writings

• Used to write to authorized people
• Good guys
• Business partners, lovers, fellow soldiers
• Bad guys
• Competitors, parents, enemies, foreign agents
• Secrets can be military, diplomatic, commercial,
  personal, et cetera.

3
An Early Example

• Write in foreign alphabet
• Works surprisingly well in era of mostly
  illiterate people

attack at dawn
attack at dawn
4
Caesar cypher (40 BCE)
YGYKNNCVVCEMQPVJGYGUVUKFGQHVJGECOR CVFCYPUVQRRNGCU
GDGTGCFAVQUQTVKGVQQW TCUUKUVCPEGLECGUCT
CVVC -- bATTAlion? inDEED? ATTAck?
cigarETTE/ bESSEmer converter? CUUKU
-- pOSSESsion? ASSIStance?
C -gt A U -gt S K -gt I
5
Caesar cypher (cont.)
WEWILLATTACKONTHEWESTSIDEOFTHECAMPAT DAWNSTOPPLEAS
EBEREADYTOSORTIETOOUR ASSISTANCEJCAESAR

• Caesar and his reader know something the enemy
  doesnt
• Can be as simple as replacing letters
• Termed the key to a cypher
• Easier to solve with key than without
• Ratio of without/with defines work factor

6
Nomenclators (1500 ACE)

• Systematic replacement of one letter by a single
  other symbol monoalphabet cypher
• Nomenclator monoalphabetic cypher with codebook
  extension for specific words
• Weakness every appearance of a given letter is
  encyphered identically

7
Polyalphabetics (16th-20th c.)

• Use multiple alphabets to disguise frequent
  letters
• Playfair cypher -- encrypt letters in groups, so
  TA and TE may have nothing in common
• Vigenere cypher -- vary Caesar key during
  encryption
• Considered le chiffre indechiffrable until
  early 20th century

8
Vigenere example
ATTACKATDAWN
NOSENOSENOSE
NHLEPYSXQOOR

• AT becomes both NH and SX in cyphertext
• O in cyphertext corresponds to both A, W
• Simple frequency analysis no longer works

9
Vigenere decryption

• Weakness key letters repeat
• If the key is 4 characters long
• 1st, 5th, 9th, etc. characters use same key
  letter
• 2nd, 6th, 10th, 14th, etc. likewise
• Frequency characteristic of monoalphabetic
  (Caesar) cypher
• Crack four different Caesar cyphers, and youre
  in!

10
What if the key doesnt repeat?

• A re-used key can give the same effect
• BUT
• If the key is sufficiently random
• Only used once
• And never repeats
• The resulting cypher is called the Vernam cypher
  (1917) and is provably unbreakable.
• Sometimes called One-Time Pad

11
Who kept the secrets?

• Development and use of cryptography to this point
  mostly military and diplomatic.
• Obviously required substantial talent to do,
  beyond what most people had
• Civilian cryptography -- secret notes to lovers,
  business codes -- still used monoalphabetic
  cyphers
• Methods of analysis becoming available in
  literature (The Gold Bug, The Dancing Men)

12
Whats a good cypher?

• Kirchoffs criteria (1883)
• Security should reside in the key
• System doesnt need to be kept secret
• System should be easy to use in the field
• Keys/apparatus should be easily changeable
• Impossible to meet all in practice
• Naval ships (submarines) can carry much more
  equipment than PFC Ryan

13
Enigma

• Machine cryptography developed in early 20th
  century requires bulky apparatus, but far too
  complex to crack by hand
• ENIGMA -- Main code system of Nazis
• Three (later four) rotating wheels like odometer
  of car. Each wheel position yields different
  key.
• 159,000,000,000.000,000,000 keys

14
The Computer Revolution

• Rejewski/Turing cracked Enigma, but had to invent
  the computer to do it.
• And were also scarily, scarily good
  mathematicians
• Early computers (bombes) could search entire
  keyspace in about five hours.

15
Viva la revolution!

• Enigma breakthrough classified MOST SECRET until
  1975(!) some of Turings papers are still
  classified. Computer encryption is just too
  dangerous.
• BUT, its also too useful, especially for
  civilian/industrial uses like financial transfers
• Enter Data Encryption System (DES)

16
DES

• Approved in 1975 by US govt. (NSA)
• Non-classified uses only
• 32,000,000,000,000,000 possible keys
• Created civilian cryptography
• Most analyzed system ever

17
Questions about DES

• Why so few keys (fewer than 30 year old Enigma,
  but better mathematical structure)?
• NSA approved IBMs initial design only after
  making a few changes. Why?
• Is there a secret back door? Is the government
  holding a master key?
• Is there a good replacement?

18
Replacing DES

• DES held out much longer than originally planned,
  but (as expected) had too few keys.
• Modern computers can crack DES very fast.
• but no one really had a good replacement
• 3DES used (late 90s) to extend keyspace
• Advanced Encryption System (Rijndahl) finally
  designed in 2001 as replacement.
• No secret governmental involvement

19
Public key encryption

• Problem with all cryptography, AES included -- a
  need for shared secret prior to communication
• How do I establish a shared secret with
  Amazon.com if I dont work there? Can we avoid
  this?
• Surprising answer Yes!
• Decryption key can be different than encryption
  key, allowing public keys!

20
Merkle Puzzles (1975)

• I publish a huge collection of puzzles. You
  pick one to solve, and send me the solution.
• I look up the solution, and recognize which
  puzzle you solved. Everyone else has to solve
  all of the puzzles to recognize the solution.
• Work factor is number of puzzles
• Avoids having to communicate beforehand

21
RSA Encryption

• Named for inventors Rivest, Shamir, and Adelman
  (Turing award winners, 2003)
• Uses a large product of two primes -- easy to
  multiply, but very hard to factor
• Two keys, d and e you encrypt with e, while
  only I know (and can decrypt with) d.
• Reversible! I encrypt with d, you decrypt with e
  and you know I encrypted it!. In other words,
  it can be used as a signature!
• Work factor can be arbitrarily large -- Its
  easier to break thumbs than it is to break RSA

22
Power to the People PGP

• Pretty Good Privacy
• Written c. 1990 by Phil Zimmermann.
  Military/diplomatic strength encryption, using
  private and public key cryptography.
• Believed unbreakable by anyone short of major
  governments, but freely available for
  personal/corporate use
• PGPfone -- similar technology for phones

23
Political issues

• Should people be permitted this kind of security
  technology?
• I can keep secrets from my competitors, but also
  from law enforcement/national security enforcers!
• ITAR -- cryptographic equipment regulated as
  munitions (like machine guns)
• Only govt-approved (breakable) encryption
  permitted.

24
More politics

• Clipper/Capstone chip -- secure phone with Law
  Enforcement Access Field to ensure wiretap
  capacity
• 40-bit (1,000,000,000,000 key) limit on
  commercially exported software
• Criminalization of cryptography per se (France,
  some other countries)
• USA/PATRIOT wiretap provisions
• FBI operation CARNIVORE

25
Discussion points

• The genie appears to be out of the bottle, in
  that the technology for secure encryption is
  widely available
• The roadblocks to widespread implementation are
  primarily social and political.
• Is civilian/personal cryptography a good thing or
  not?

26
Conclusions

• Secret writing has a long (2000 yr) history
• Military/diplomatic communications driving force
  for most of history personal/industrial privacy
  is secondary
• Modern cryptographic systems are both highly
  secure and widely available
• Omnipresent computers and Net forcing us to
  re-evaluate view on security and privacy