Upload
david-baymiller
View
222
Download
0
Embed Size (px)
Citation preview
7/23/2019 Making and Breaking Codes
http://slidepdf.com/reader/full/making-and-breaking-codes 1/3
Making and Breaking Codes
There are two kinds of encryption in the world—one that will prevent your little nosy sister from peeking at your diaries—the other would prevent even the most powerful governments on earth.
The previous sentence is paraphrased from a comment by Bruce Schneier in his book on Applied
Cryptography. What makes these two types of encryption separate from each other is uitecounter!intuitive. The former kind consists of techniues that depend on secrecy. The second
kind depends on openness" full disclosure and peer review. The first kind should have become
e#tinct by now" yet it keeps popping up in many current products. The second kind is of course"
useful.
$ncryption is a method for taking a written document %plainte#t& and transforming it to a
unreadable document %cipherte#t& such that the original document is somehow recoverable fromthe cipherte#t. 'or e#ample" we can take this column and replace every occurrence of the letter
(e) with the letter (#). *ow the column would be hard to read" but in a few seconds a reader
would reali+e what was done" and be able to undo the replacements. ,f course" we could invent a better scheme. Suppose we replace (a) with (p)" (b) with (c) and so on. The complete list of
transpositions can be put into a table and used to encrypt %forward substitution& as well as
decrypt %backward substitution&. The table" is then known as they (key). Anyone who has thekey can decrypt a document if it is encrypted with the same key.
What if" Alice encrypts her diary using the above techniue and then puts the key in a very safe
place. Bob finds the encrypted diary" and wants to read it" but does not have the key. Can hemanage to do it- The answer is es.
Bob can use one of two techniues—brute force or cryptanalysis. The brute force techniueattempts to decrypt the message using all possible keys. /n the above e#ample" there are a total of
012"345"065"536"616"111"111"111"111 keys %36 factorial&. The brute force techniue tries all
possible keys and looks at the resulting decryption and checks whether it looks like $nglish. /f acomputer could test 511"111"111 keys a second %that would be faster than any computer invented
yet& then it would take this computer 537"883"882"055 years to find Alice9s real writings.
The above makes it apparent that the simple transposition cipher is a very (strong) cipher that is
very hard to (break). By breaking a cipher" we mean" getting the plainte#t from the cipherte#t
without having a key. :owever" the above e#ample is severely flawed" the transposition cipher is"
in reality" very weak.
There is no need to try a brute force on that transposition cipher—it takes a few minutes" or
maybe an hour of computer time to decipher the diary without a key. The techniue is to useletter statistics and letter positions %(e) is the most common letter" vowels are common" vowels
are located inside words" and so on&. ;any possible keys can be built and then tried" and the
original document can be recovered uite fast. This method %as well as many others& forms a
class of code breaking techniues called cryptanalysis.
What is a good cipher- There is only one known cipher that is provably unbreakable< it is called
the (one!time pad). /n this cipher" each letter is transposed to another letter a random distanceaway. The transposition distance for each letter is the key %the seuence of distances have to be
as long as the message" and cannot contain repetitions&. Since" the key is =ust as long as the
message" this method is not at all useful.
Anyone can build a cipher. But how do we know the strength of the cipher- *ormally the
strength of a cipher is often e#pressed as the key length—or the number of binary digits neededto store the key. /f a cipher has a strength of * bits" it means there are a total of 3* different
7/23/2019 Making and Breaking Codes
http://slidepdf.com/reader/full/making-and-breaking-codes 2/3
keys. Today" ciphers over 60 bits are considered somewhat strong. The />$A cipher" which is
heavily used on the /nternet" has 538 bit keys. *ote that the transposition cipher" we discussedearlier" has an 88!bit key that makes it apparently very strong" yet in reality it is a very weak
cipher. :ence key length does not uite tell the whole story" the actual working of the encryption
algorithm determines the strength of the cipher.
The uest for good ciphers has been the holy grail of cryptographers. ?ntil about 5471
cryptographic work was done in almost complete secrecy" mainly by secret organi+ations formed
by governments of powerful counties. /n the ?S" the organi+ation that has the most e#periencewith cryptography is the *ational Security Agency or *SA. /n fact" during the early days" the
*SA was so secret that *SA denied any e#istence of itself. @eople" who knew *SA e#isted" used
to call it (*o Such Agency).
Today *SA is entrusted with preserving the national security of the ?nited States" using
electronic surveillance. They eavesdrop on all communications %voice" data" satellite" cable&going in and out of the country. They figure out how to find (interesting) things in the huge
amount of electronic traffic that speed along the data and voice superhighways connecting the
?nited States to the rest of the world. /t is a daunting task—we know the *SA does it" but no oneknows how they do it. The *SA is also the world9s largest employer of high!caliber
mathematicians. They are the largest powerhouse of code!makers and code!breakers.
/n 5476 the *ational Bureau of Standards %*BS& published an encryption algorithm called the>igital $ncryption Standard %>$S&. >$S has a strength of 6 bits. The complete description of
>$S and how it works is freely available. >$S has roots in an algorithm by an /B; researcher"
and was subseuently scrutini+ed" modified and blessed by the *SA. >$S became the mostheavily used and studied cipher in the world. iven that the *SA had a hand in the creation of
>$S" many e#perts feel >$S is flawed" that is there is a backdoor techniue built into the
algorithm" such that it is possible to decrypt >$S encoded messages without knowing the key. ,f course" this backdoor is only known to the *SA.
Till today" this backdoor has not been discovered %even though the entire algorithm is open toscrutiny&. ;ore so" no one has been able to find a method of breaking >$S other than using brute
force. The brute force attacks on >$S have yielded some interesting results. An organi+ation
called $'' %$lectronic 'rontier 'oundation& built a custom computer—a machine built to do
brute force attacks on >$S and then showed that this machine" called the $'' Cracker" can break >$S in about 61 hours %uly 5448&. After that" another e#periment used the $'' Cracker and
511"111 computers to get a >$S breaking time of 33 hours.
:ence" we know today" that >$S is weak. %A strong cipher should not be breakable in anything
less than a few thousand years&. A variant of >$S called Triple!>$S where the plainte#t is
encrypted three times with three different keys is almost universally accepted as a very strong
encryption method.
Again" what is a strength of a cipher- >$S is 6 bits and lives up to it" it can only be broken by
brute force. The transposition cipher seems to have 88 bits" but it is weak. The />$A cipher %538 bits& is very likely very strong" as no one yet has found any weaknesses. The weaknesses are
often found by people who spend their lives inspecting ciphers to find a way to reverse engineer
them and find the plainte#t from the cipher without needing too many key test attempts.
,ver the years" one irrefutable fact has emerged—good ciphers are ones whose workings are
made public. /f / invent a cipher and publish all of its details" many of the cryptographers willtake a very close look at it and try to see if there are ways to analy+e" reverse engineer and break
7/23/2019 Making and Breaking Codes
http://slidepdf.com/reader/full/making-and-breaking-codes 3/3
the cipher %without the need for brute force&. /f for many years no one is able to break my cipher"
then it is likely to be a good cipher. /f" as in >$S" it is not broken in 3 years" then we can reallydepend on the cipher %>$S is broken by brute force" there is ample evidence that >$S has 6 bit
strength&.. /n reality" most ciphers are broken very easily. This makes life uite difficult for those
few misguided people who still think that a secure cipher is a secret cipher.
A lot of commercial products use secret %also called proprietary& ciphers. The mindset of these
weak!minded people is that if the internal workings of the cipher is kept secret it would be hard
to break. ,ver and over again" the cryptanalysts have proven them wrong and yet they keepcommitting the same costly folly. Two such idiocies in recent times are the large!scale adoptions
of the S; cipher and the >D> cipher.
The S; cellular phone has a little chip in it that does encryption. The algorithms used by the
S; cipher were kept secret before it was deployed. The S; industry did not publicly tell
anyone how it worked. /n 5448" Briceno" oldberg and Wagner of ?niversity of California atBerkeley discovered %reverse engineered& the algorithm used in S; authentication and found a
cracking techniue that takes 51 hours on a @C %easy&. Subseuent to that" in 5444" Biryukov and
Shamir of the Wei+mann /nstitute %/srael& showed how to crack the S; voice encoder in 3seconds. The secrecy at the design phase is now blamed for this screw up.
But the folly keeps on going. The movie industry wanted to put encryption on >D> disks %the
currently popular movie format& to prevent piracy. Some brilliant =okers invented a scheme insecrecy and convinced the >D> consortium %more tech illiterates& of its wonderful security
features. /n late 5446 this brew was accepted as a worldwide standard for >D> copy protection"
and soon" in 5448 the >D> players were rolling off of the assembly lines. /n 5444 >D>" thecode was cracked by two unrelated groups of underground hackers" one call themselves ;oE$
%;asters of Eeverse $ngineering& and the other calls themselves >o> %>rink or >ie&. The
software to unlock >D>9s %called >eCSS& is now available on hundreds of web sites all over theworld. The movie industry is fighting back with huge lawsuits to stop the distribution of the
>eCSS software. The genie is out of the bottle" and it is much too hard to put it back.
,f course" the S; people or the >D> people could have =ust used any of the hundreds of well!
known" publicly available ciphers—instead of building their own. They chose not to" for
unknown possibly lunatic reasons" and have proved to the world" once again" that code making is
a very comple# art. ,nly openness and disclosure of ciphers make them strong and provide highlevels of security.
Partha Dasgupta is on the faculty of the Computer Science and Engineering Department at Arizona State University in Tempe. His specializations are in the areas of !perating Systems"
Cryptography and #et$or%ing.