The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of...

The History of SecretsCryptography and PrivacyThe History of SecretsCryptography and Privacy

Patrick Juola

Duquesne University

Department of Mathematics and Computer Science

Secret WritingsSecret Writings

• Used to write to authorized people

• Good guys :• Business partners, lovers, fellow soldiers

• Bad guys :• Competitors, parents, enemies, foreign agents

• Secrets can be military, diplomatic, commercial, personal, et cetera.

An Early ExampleAn Early Example

• Write in foreign alphabet

• Works surprisingly well in era of mostly illiterate people

attack at dawn

Caesar cypher (40 BCE)Caesar cypher (40 BCE)

YGYKNNCVVCEMQPVJGYGUVUKFGQHVJGECORCVFCYPUVQRRNGCUGDGTGCFAVQUQTVKGVQQWTCUUKUVCPEGLECGUCT

CVVC -- “bATTAlion”? “inDEED”? “ATTAck”? “cigarETTE”/ “bESSEmer converter”?CUUKU -- “pOSSESsion”? “ASSIStance”?

C -> A U -> S K -> I

Caesar cypher (cont.)Caesar cypher (cont.)

WEWILLATTACKONTHEWESTSIDEOFTHECAMPATDAWNSTOPPLEASEBEREADYTOSORTIETOOURASSISTANCEJCAESAR

• Caesar and his reader know something the enemy doesn’t

• Can be as simple as replacing letters

• Termed the “key” to a cypher

• Easier to solve with key than without

• Ratio of without/with defines “work factor”

Nomenclators (1500 ACE)Nomenclators (1500 ACE)

• Systematic replacement of one letter by a single other symbol : monoalphabet cypher

• Nomenclator : monoalphabetic cypher with codebook extension for specific words

• Weakness : every appearance of a given letter is encyphered identically

Polyalphabetics (16th-20th c.)Polyalphabetics (16th-20th c.)

• Use multiple alphabets to disguise frequent letters• Playfair cypher -- encrypt letters in groups, so

TA and TE may have nothing in common• Vigenere cypher -- vary Caesar “key” during

encryption• Considered “le chiffre indechiffrable” until early

20th century

Vigenere exampleVigenere example

• AT becomes both NH and SX in cyphertext

• O in cyphertext corresponds to both A, W

• Simple frequency analysis no longer works

ATTACKATDAWNNOSENOSENOSENHLEPYSXQOOR

Vigenere decryptionVigenere decryption

• Weakness : key letters repeat

• If the key is 4 characters long• 1st, 5th, 9th, etc. characters use same key letter• 2nd, 6th, 10th, 14th, etc. likewise• Frequency characteristic of monoalphabetic

(Caesar) cypher

• Crack four different Caesar cyphers, and you’re in!

What if the key doesn’t repeat?What if the key doesn’t repeat?

• A re-used key can give the same effect• BUT

• If the key is sufficiently random• Only used once• And never repeats

• The resulting cypher is called the Vernam cypher (1917) and is provably unbreakable.

• Sometimes called One-Time Pad

Who kept the secrets?Who kept the secrets?

• Development and use of cryptography to this point mostly military and diplomatic.

• “Obviously” required substantial talent to do, beyond what most people had

• Civilian cryptography -- secret notes to lovers, business codes -- still used monoalphabetic cyphers

• Methods of analysis becoming available in literature (The Gold Bug, The Dancing Men)

What’s a good cypher?What’s a good cypher?

• Kirchoff’s criteria (1883)• Security should reside in the key• System doesn’t need to be kept secret• System should be easy to use in the field• Keys/apparatus should be easily changeable

• Impossible to meet all in practice• Naval ships (submarines) can carry much more

equipment than PFC Ryan

EnigmaEnigma

• Machine cryptography developed in early 20th century; requires bulky apparatus, but far too complex to crack by hand

• ENIGMA -- Main code system of Nazi’s

• Three (later four) rotating wheels like odometer of car. Each wheel position yields different key.

• 159,000,000,000.000,000,000 keys

The Computer RevolutionThe Computer Revolution

• Rejewski/Turing cracked Enigma, but had to invent the computer to do it.• And were also scarily, scarily good

mathematicians…

• Early computers (bombes) could search entire keyspace in about five hours.

Viva la revolution!Viva la revolution!

• Enigma breakthrough classified MOST SECRET until 1975(!); some of Turing’s papers are still classified. Computer encryption is just too dangerous.

• BUT, it’s also too useful, especially for civilian/industrial uses like financial transfers

• Enter Data Encryption System (DES)

DESDES

• Approved in 1975 by US govt. (NSA)

• Non-classified uses only

• 32,000,000,000,000,000 possible keys

• Created “civilian” cryptography

• Most analyzed system ever

Questions about DESQuestions about DES

• Why so few keys (fewer than 30 year old Enigma, but better mathematical structure)?

• NSA approved IBM’s initial design only after making a few changes. Why?

• Is there a secret “back door”? Is the government holding a master key?

• Is there a good replacement?

Replacing DESReplacing DES

• DES held out much longer than originally planned, but (as expected) had too few keys.

• Modern computers can crack DES very fast.

• … but no one really had a good replacement

• 3DES used (late 90s) to extend keyspace

• Advanced Encryption System (Rijndahl) finally designed in 2001 as replacement.

• No “secret” governmental involvement

Public key encryptionPublic key encryption

• Problem with all cryptography, AES included -- a need for shared secret prior to communication

• How do I establish a shared secret with Amazon.com if I don’t work there? Can we avoid this?

• Surprising answer : Yes!• Decryption key can be different than

encryption key, allowing “public” keys!

Merkle Puzzles (1975)Merkle Puzzles (1975)

• I publish a huge collection of “puzzles.” You pick one to solve, and send me the solution.

• I look up the solution, and recognize which puzzle you solved. Everyone else has to solve all of the puzzles to recognize the solution.

• Work factor is number of puzzles• Avoids having to communicate beforehand

RSA EncryptionRSA Encryption

• Named for inventors : Rivest, Shamir, and Adelman (Turing award winners, 2003)

• Uses a large product of two primes -- easy to multiply, but very hard to factor

• Two keys, d and e : you encrypt with e, while only I know (and can decrypt with) d.

• Reversible! I encrypt with d, you decrypt with e and you know I encrypted it!. In other words, it can be used as a signature!

• Work factor can be arbitrarily large -- “It’s easier to break thumbs than it is to break RSA”

Power to the People : PGPPower to the People : PGP

• Pretty Good Privacy

• Written c. 1990 by Phil Zimmermann. Military/diplomatic strength encryption, using private and public key cryptography.

• Believed unbreakable by anyone short of major governments, but “freely” available for personal/corporate use

• PGPfone -- similar technology for phones

Political issuesPolitical issues

• Should people be permitted this kind of security technology?

• I can keep secrets from my competitors, but also from law enforcement/national security enforcers!

• ITAR -- cryptographic equipment regulated as munitions (like machine guns)

• Only govt-approved (breakable) encryption permitted.

More politicsMore politics

• Clipper/Capstone chip -- “secure” phone with Law Enforcement Access Field to ensure wiretap capacity

• 40-bit (1,000,000,000,000 key) limit on commercially exported software

• Criminalization of cryptography per se (France, some other countries)

• USA/PATRIOT wiretap provisions• FBI operation CARNIVORE

Discussion pointsDiscussion points

• The genie appears to be out of the bottle, in that the technology for secure encryption is widely available

• The roadblocks to widespread implementation are primarily social and political.

• Is civilian/personal cryptography a good thing or not?

ConclusionsConclusions

• Secret writing has a long (2000 yr) history

• Military/diplomatic communications driving force for most of history; personal/industrial privacy is secondary

• Modern cryptographic systems are both highly secure and widely available

• Omnipresent computers and ‘Net forcing us to re-evaluate view on security and privacy