3
7/23/2019 Making and Breaking Codes http://slidepdf.com/reader/full/making-and-breaking-codes 1/3 Making and Breaking Codes There are two kinds of encryption in the world—one that will prevent your little nosy sister from  peeking at your diaries—the other would prevent even the most powerful governments on earth. The previous sentence is paraphrased from a comment by Bruce Schneier in his book on Applied Cryptography. What makes these two types of encryption separate from each other is uite counter!intuitive. The former kind consists of techniues that depend on secrecy. The second kind depends on openness" full disclosure and peer review. The first kind should have become e#tinct by now" yet it keeps popping up in many current products. The second kind is of course" useful. $ncryption is a method for taking a written document %plainte#t& and transforming it to a unreadable document %cipherte#t& such that the original document is somehow recoverable from the cipherte#t. 'or e#ample" we can take this column and replace every occurrence of the letter (e) with the letter (#). *ow the column would be hard to read" but in a few seconds a reader would reali+e what was done" and be able to undo the replacements. ,f course" we could invent a  better scheme. Suppose we replace (a) with (p)" (b) with (c) and so on. The complete list of transpositions can be put into a table and used to encrypt %forward substitution& as well as decrypt %backward substitution&. The table" is then known as they (key). Anyone who has the key can decrypt a document if it is encrypted with the same key. What if" Alice encrypts her diary using the above techniue and then puts the key in a very safe  place. Bob finds the encrypted diary" and wants to read it" but does not have the key. Can he manage to do it- The answer is es. Bob can use one of two techniues—brute force or cryptanalysis. The brute force techniue attempts to decrypt the message using all possible keys. /n the above e#ample" there are a total of 012"345"065"536"616"111"111"111"111 keys %36 factorial&. The brute force techniue tries all  possible keys and looks at the resulting decryption and checks whether it looks like $nglish. /f a computer could test 511"111"111 keys a second %that would be faster than any computer invented yet& then it would take this computer 537"883"882"055 years to find Alice9s real writings. The above makes it apparent that the simple transposition cipher is a very (strong) cipher that is very hard to (break). By breaking a cipher" we mean" getting the plainte#t from the cipherte#t without having a key. :owever" the above e#ample is severely flawed" the transposition cipher is" in reality" very weak. There is no need to try a brute force on that transposition cipher—it takes a few minutes" or maybe an hour of computer time to decipher the diary without a key. The techniue is to use letter statistics and letter positions %(e) is the most common letter" vowels are common" vowels are located inside words" and so on&. ;any possible keys can be built and then tried" and the original document can be recovered uite fast. This method %as well as many others& forms a class of code breaking techniues called cryptanalysis. What is a good cipher- There is only one known cipher that is provably unbreakable< it is called the (one!time pad). /n this cipher" each letter is transposed to another letter a random distance away. The transposition distance for each letter is the key %the seuence of distances have to be as long as the message" and cannot contain repetitions&. Since" the key is =ust as long as the message" this method is not at all useful. Anyone can build a cipher. But how do we know the strength of the cipher- *ormally the strength of a cipher is often e#pressed as the key length—or the number of binary digits needed to store the key. /f a cipher has a strength of * bits" it means there are a total of 3* different

Making and Breaking Codes

Embed Size (px)

Citation preview

Page 1: Making and Breaking Codes

7/23/2019 Making and Breaking Codes

http://slidepdf.com/reader/full/making-and-breaking-codes 1/3

Making and Breaking Codes

There are two kinds of encryption in the world—one that will prevent your little nosy sister from peeking at your diaries—the other would prevent even the most powerful governments on earth.

The previous sentence is paraphrased from a comment by Bruce Schneier in his book on Applied

Cryptography. What makes these two types of encryption separate from each other is uitecounter!intuitive. The former kind consists of techniues that depend on secrecy. The second

kind depends on openness" full disclosure and peer review. The first kind should have become

e#tinct by now" yet it keeps popping up in many current products. The second kind is of course"

useful.

$ncryption is a method for taking a written document %plainte#t& and transforming it to a

unreadable document %cipherte#t& such that the original document is somehow recoverable fromthe cipherte#t. 'or e#ample" we can take this column and replace every occurrence of the letter

(e) with the letter (#). *ow the column would be hard to read" but in a few seconds a reader

would reali+e what was done" and be able to undo the replacements. ,f course" we could invent a better scheme. Suppose we replace (a) with (p)" (b) with (c) and so on. The complete list of

transpositions can be put into a table and used to encrypt %forward substitution& as well as

decrypt %backward substitution&. The table" is then known as they (key). Anyone who has thekey can decrypt a document if it is encrypted with the same key.

What if" Alice encrypts her diary using the above techniue and then puts the key in a very safe

 place. Bob finds the encrypted diary" and wants to read it" but does not have the key. Can hemanage to do it- The answer is es.

Bob can use one of two techniues—brute force or cryptanalysis. The brute force techniueattempts to decrypt the message using all possible keys. /n the above e#ample" there are a total of 

012"345"065"536"616"111"111"111"111 keys %36 factorial&. The brute force techniue tries all

 possible keys and looks at the resulting decryption and checks whether it looks like $nglish. /f acomputer could test 511"111"111 keys a second %that would be faster than any computer invented

yet& then it would take this computer 537"883"882"055 years to find Alice9s real writings.

The above makes it apparent that the simple transposition cipher is a very (strong) cipher that is

very hard to (break). By breaking a cipher" we mean" getting the plainte#t from the cipherte#t

without having a key. :owever" the above e#ample is severely flawed" the transposition cipher is"

in reality" very weak.

There is no need to try a brute force on that transposition cipher—it takes a few minutes" or

maybe an hour of computer time to decipher the diary without a key. The techniue is to useletter statistics and letter positions %(e) is the most common letter" vowels are common" vowels

are located inside words" and so on&. ;any possible keys can be built and then tried" and the

original document can be recovered uite fast. This method %as well as many others& forms a

class of code breaking techniues called cryptanalysis.

What is a good cipher- There is only one known cipher that is provably unbreakable< it is called

the (one!time pad). /n this cipher" each letter is transposed to another letter a random distanceaway. The transposition distance for each letter is the key %the seuence of distances have to be

as long as the message" and cannot contain repetitions&. Since" the key is =ust as long as the

message" this method is not at all useful.

Anyone can build a cipher. But how do we know the strength of the cipher- *ormally the

strength of a cipher is often e#pressed as the key length—or the number of binary digits neededto store the key. /f a cipher has a strength of * bits" it means there are a total of 3* different

Page 2: Making and Breaking Codes

7/23/2019 Making and Breaking Codes

http://slidepdf.com/reader/full/making-and-breaking-codes 2/3

keys. Today" ciphers over 60 bits are considered somewhat strong. The />$A cipher" which is

heavily used on the /nternet" has 538 bit keys. *ote that the transposition cipher" we discussedearlier" has an 88!bit key that makes it apparently very strong" yet in reality it is a very weak

cipher. :ence key length does not uite tell the whole story" the actual working of the encryption

algorithm determines the strength of the cipher.

The uest for good ciphers has been the holy grail of cryptographers. ?ntil about 5471

cryptographic work was done in almost complete secrecy" mainly by secret organi+ations formed

 by governments of powerful counties. /n the ?S" the organi+ation that has the most e#periencewith cryptography is the *ational Security Agency or *SA. /n fact" during the early days" the

 *SA was so secret that *SA denied any e#istence of itself. @eople" who knew *SA e#isted" used

to call it (*o Such Agency).

Today *SA is entrusted with preserving the national security of the ?nited States" using

electronic surveillance. They eavesdrop on all communications %voice" data" satellite" cable&going in and out of the country. They figure out how to find (interesting) things in the huge

amount of electronic traffic that speed along the data and voice superhighways connecting the

?nited States to the rest of the world. /t is a daunting task—we know the *SA does it" but no oneknows how they do it. The *SA is also the world9s largest employer of high!caliber

mathematicians. They are the largest powerhouse of code!makers and code!breakers.

/n 5476 the *ational Bureau of Standards %*BS& published an encryption algorithm called the>igital $ncryption Standard %>$S&. >$S has a strength of 6 bits. The complete description of

>$S and how it works is freely available. >$S has roots in an algorithm by an /B; researcher"

and was subseuently scrutini+ed" modified and blessed by the *SA. >$S became the mostheavily used and studied cipher in the world. iven that the *SA had a hand in the creation of

>$S" many e#perts feel >$S is flawed" that is there is a backdoor techniue built into the

algorithm" such that it is possible to decrypt >$S encoded messages without knowing the key. ,f course" this backdoor is only known to the *SA.

Till today" this backdoor has not been discovered %even though the entire algorithm is open toscrutiny&. ;ore so" no one has been able to find a method of breaking >$S other than using brute

force. The brute force attacks on >$S have yielded some interesting results. An organi+ation

called $'' %$lectronic 'rontier 'oundation& built a custom computer—a machine built to do

 brute force attacks on >$S and then showed that this machine" called the $'' Cracker" can break >$S in about 61 hours %uly 5448&. After that" another e#periment used the $'' Cracker and

511"111 computers to get a >$S breaking time of 33 hours.

:ence" we know today" that >$S is weak. %A strong cipher should not be breakable in anything

less than a few thousand years&. A variant of >$S called Triple!>$S where the plainte#t is

encrypted three times with three different keys is almost universally accepted as a very strong

encryption method.

Again" what is a strength of a cipher- >$S is 6 bits and lives up to it" it can only be broken by

 brute force. The transposition cipher seems to have 88 bits" but it is weak. The />$A cipher %538 bits& is very likely very strong" as no one yet has found any weaknesses. The weaknesses are

often found by people who spend their lives inspecting ciphers to find a way to reverse engineer

them and find the plainte#t from the cipher without needing too many key test attempts.

,ver the years" one irrefutable fact has emerged—good ciphers are ones whose workings are

made public. /f / invent a cipher and publish all of its details" many of the cryptographers willtake a very close look at it and try to see if there are ways to analy+e" reverse engineer and break

Page 3: Making and Breaking Codes

7/23/2019 Making and Breaking Codes

http://slidepdf.com/reader/full/making-and-breaking-codes 3/3

the cipher %without the need for brute force&. /f for many years no one is able to break my cipher"

then it is likely to be a good cipher. /f" as in >$S" it is not broken in 3 years" then we can reallydepend on the cipher %>$S is broken by brute force" there is ample evidence that >$S has 6 bit

strength&.. /n reality" most ciphers are broken very easily. This makes life uite difficult for those

few misguided people who still think that a secure cipher is a secret cipher.

A lot of commercial products use secret %also called proprietary& ciphers. The mindset of these

weak!minded people is that if the internal workings of the cipher is kept secret it would be hard

to break. ,ver and over again" the cryptanalysts have proven them wrong and yet they keepcommitting the same costly folly. Two such idiocies in recent times are the large!scale adoptions

of the S; cipher and the >D> cipher.

The S; cellular phone has a little chip in it that does encryption. The algorithms used by the

S; cipher were kept secret before it was deployed. The S; industry did not publicly tell

anyone how it worked. /n 5448" Briceno" oldberg and Wagner of ?niversity of California atBerkeley discovered %reverse engineered& the algorithm used in S; authentication and found a

cracking techniue that takes 51 hours on a @C %easy&. Subseuent to that" in 5444" Biryukov and

Shamir of the Wei+mann /nstitute %/srael& showed how to crack the S; voice encoder in 3seconds. The secrecy at the design phase is now blamed for this screw up.

But the folly keeps on going. The movie industry wanted to put encryption on >D> disks %the

currently popular movie format& to prevent piracy. Some brilliant =okers invented a scheme insecrecy and convinced the >D> consortium %more tech illiterates& of its wonderful security

features. /n late 5446 this brew was accepted as a worldwide standard for >D> copy protection"

and soon" in 5448 the >D> players were rolling off of the assembly lines. /n 5444 >D>" thecode was cracked by two unrelated groups of underground hackers" one call themselves ;oE$

%;asters of Eeverse $ngineering& and the other calls themselves >o> %>rink or >ie&. The

software to unlock >D>9s %called >eCSS& is now available on hundreds of web sites all over theworld. The movie industry is fighting back with huge lawsuits to stop the distribution of the

>eCSS software. The genie is out of the bottle" and it is much too hard to put it back.

,f course" the S; people or the >D> people could have =ust used any of the hundreds of well!

known" publicly available ciphers—instead of building their own. They chose not to" for

unknown possibly lunatic reasons" and have proved to the world" once again" that code making is

a very comple# art. ,nly openness and disclosure of ciphers make them strong and provide highlevels of security.

 Partha Dasgupta is on the faculty of the Computer Science and Engineering Department at Arizona State University in Tempe. His specializations are in the areas of !perating Systems"

Cryptography and #et$or%ing.

 


Making ASME Codes and Standards Smaller “Small Modular ... Meeting/Roberts... · Making ASME Codes and Standards Smaller “Small Modular Reactors and future ASME Codes” ... ASME

Making ASME Codes and Standards Smaller “Small Modular ... Meeting/Roberts... · Making ASME Codes and Standards Smaller “Small Modular Reactors and future ASME Codes” ... ASME

Documents
Codes and Code Breaking

Codes and Code Breaking

Documents
Making and Breaking the Grid Timothy Samara

Making and Breaking the Grid Timothy Samara

Documents
QR codes - Making and Creating

QR codes - Making and Creating

Marketing
Making lawyers moral? Ethical codes and moral character · PDF fileEthical codes and moral character ... morality, access to justice, ... Making lawyers moral? Ethical codes and moral

Making lawyers moral? Ethical codes and moral character · PDF fileEthical codes and moral character ... morality, access to justice, ... Making lawyers moral? Ethical codes and moral

Documents
Breaking Our Codes Presentation

Breaking Our Codes Presentation

Documents
Executive Challenge: Making or Breaking the Company

Executive Challenge: Making or Breaking the Company

Documents
Breaking Down The Wall Of Codes: Evaluating Non-Financial

Breaking Down The Wall Of Codes: Evaluating Non-Financial

Documents
Making or Breaking Nonviolent Discipline - Homepage | … · Making or Breaking Nonviolent Discipline ... Amber French DESIGNED BY: David Reinbold ... selection and presentation of

Making or Breaking Nonviolent Discipline - Homepage | … · Making or Breaking Nonviolent Discipline ... Amber French DESIGNED BY: David Reinbold ... selection and presentation of

Documents
Deals Making And Breaking Them (May 2011)

Deals Making And Breaking Them (May 2011)

Documents
Breaking Down Confidentiality and Decision-Making Barriers

Breaking Down Confidentiality and Decision-Making Barriers

Documents
Breaking RF Unlock Codes - Presented at TriKC 0x01 (November 2014)

Breaking RF Unlock Codes - Presented at TriKC 0x01 (November 2014)

Technology
Timothy Samara - Making and Breaking the Grid

Timothy Samara - Making and Breaking the Grid

Documents
Chapter 7 Making and Breaking of Bonds

Chapter 7 Making and Breaking of Bonds

Documents
Basic Grid Systems (making and breaking the grid)

Basic Grid Systems (making and breaking the grid)

Design
Part 1 Cryptography 1 Crypto Part 1 Cryptography 2 Crypto Cryptology The art and science of making and breaking “secret codes” Cryptography

Part 1 Cryptography 1 Crypto Part 1 Cryptography 2 Crypto Cryptology The art and science of making and breaking “secret codes” Cryptography

Documents
Making and Breaking Web Services with Ruby

Making and Breaking Web Services with Ruby

Business
Breaking Through the Tiers of Codes, Standards and Guidelines

Breaking Through the Tiers of Codes, Standards and Guidelines

Documents
BREAKING OPPONENTS' CODES

BREAKING OPPONENTS' CODES

Documents
Making and Breaking Habits

Making and Breaking Habits

Documents
Making Omelette without Breaking Eggs: Improving the

Making Omelette without Breaking Eggs: Improving the

Documents
Making and Breaking the Grid

Making and Breaking the Grid

Documents
Making Joomla Insecure - Explaining security by breaking it

Making Joomla Insecure - Explaining security by breaking it

Technology
GERMANY: MAKING OR BREAKING EUROPE? - …carnegieendowment.org/files/27_03_2012_germany_making_or...Ultimately, this debate boils down to one question; is Germany making or breaking

GERMANY: MAKING OR BREAKING EUROPE? - …carnegieendowment.org/files/27_03_2012_germany_making_or...Ultimately, this debate boils down to one question; is Germany making or breaking

Documents
Making and Breaking Tax Systems Geary Lecture 2012

Making and Breaking Tax Systems Geary Lecture 2012

Documents
Stroschein Making or Breaking Kosovo

Stroschein Making or Breaking Kosovo

Documents
PHUN WITH DIK AND JAYN BREAKING RSA CODES FOR FUN AND … RSA Codes... · PHUN WITH DIK AND JAYN BREAKING RSA CODES FOR FUN AND PROFIT A supplement to the text CALCULATE PRIMES By

PHUN WITH DIK AND JAYN BREAKING RSA CODES FOR FUN AND … RSA Codes... · PHUN WITH DIK AND JAYN BREAKING RSA CODES FOR FUN AND PROFIT A supplement to the text CALCULATE PRIMES By

Documents
BREAKING THE GLASS CEILING IN DECISION MAKING POSITIONS

BREAKING THE GLASS CEILING IN DECISION MAKING POSITIONS

Presentations & Public Speaking
Making, Breaking Codes Introduction to Cryptology

Making, Breaking Codes Introduction to Cryptology

Documents
Cryptology Making & Breaking Codes & Ciphers. AJ 1152 Cryptology Cryptography –Science of creating codes or ciphers Cryptanalysis –Science of breaking

Cryptology Making & Breaking Codes & Ciphers. AJ 1152 Cryptology Cryptography –Science of creating codes or ciphers Cryptanalysis –Science of breaking

Documents