Copyright 2000 by Neal R. Wagner.
Cryptography
The words ``cryptography'' and ``encryption'' refer to methods of scrambling a message so that its content and its meaning are hidden if it is intercepted. The intended recipient of the message knows the method of unscrambling (the ``key'' for ``decrypting'') and is able to recover the original message.
People have used cryptography for thousands of years. For example, the Caesar Cipher, which was used during the time of Julius Caesar, wraps the alphabet from A to Z into a circle. Encryption employs a fixed shift, say of 3, to transform A to D, B to E, and so on until W to Z, X to A, Y to B, and Z to C. Thus a message ``ATTACK'' becomes ``DWWDFN'' and appears incomprehensible to someone intercepting the message. At the other end, one can reverse the transformation by stepping 3 letters in the opposite direction to change ``DWWDFN'' back to ``ATTACK.''
This example illustrates many concepts from cryptography. The basic method used, moving a fixed distance around the circle of letters, is the ``encryption algorithm.'' The specific distance moved, 3 in this case, is the ``key'' for this algorithm. Often the basic algorithm is not kept secret, but only the specific key. The idea is to reduce the problem of keeping an entire message secure to the problem of keeping a single short key secure. For this simple algorithm there are only 26 possible keys: the shift distances of 0, 1, 2, etc. up to 25, although 0 leaves the message unchanged, so a key equal to 0 is not going to keep many secrets. If an interceptor of this message suspects the nature of the algorithm used, it is easy to try each of the 25 keys (leaving out 0) to see if any meaningful message results -- a method of breaking a code known as ``exhaustive search.'' In this case the search is easy.
Attempts to break a code, to decipher an encryption algorithm, are called ``cryptanalysis'' and are usually a difficult enterprise carried out by professionals. In this century, more sophisticated encryption algorithms were devised, mostly by those involved in warfare. During World War II the Germans used a complex algorithm called the ``Enigma'' code, implemented with a machine like an old-fashioned mechanical calculator. British intelligence, with the help of others, carried out the difficult cryptanalysis of this code and knew many of Germany's secret messages during the war, knowledge of critical importance to the war effort and perhaps to shortening the war. Much of the story reads like a lurid tabloid story considering that a principal architect of the successful cryptanalysis, the brilliant young computer pioneer Alan Turing, committed suicide after the war because of British persecution of him as a homosexual.
From 1945 to the present, enormous increases in computer capabilities have allowed use of ever more sophisticated encryption algorithms. Cryptanalysis capabilities have increased correspondingly. It is remarkable that, just as the vast expansion of data communications calls for new security methods, similar hardware improvements enable new approaches to cryptography which provide the needed security.
A standard fallacy in this area, popularized by movies like WarGames, has to do with the ability of teen-aged hackers to break into computer systems. Such hackers, clever though they are, rely on security holes in systems and on their own patience. The public thinks that these same hackers would be able to break the security of modern cryptographic codes. While such cracking of an encryption method is a logical possibility, in practice, skilled researchers must try to break these cryptographic systems for years before they are considered secure. The difference with breaking into a computer system is that such a system is extremely complex and constantly changing, continually leaving places for security holes.
Another fallacy comes from people enamored with cryptography and its use. These individuals expect complete and perfect security (called unconditional security in the literature) if they just use a strong cryptographic algorithm. (The word ``strong'' refers to an efficient method that is hard to break.) Even with strong systems, the cryptographic key must be kept secret, and this key becomes a point of weakness, a point for opponents to concentrate on. In the complete cryptographic process, distribution and maintenance of keys is the most difficult part of the use of cryptography, subject to endless errors and bugs and security holes.
Now for a subtle point. There exist ``perfect'' encryption methods with a mathematical proof that cryptanalysis is impossible. The simplest of these methods is called the ``one-time pad.'' A later section discusses this area further and explains why these perfect methods are not practical to use in modern communications. For the practical methods, there is always the possibility that a clever researcher or even a clever hacker could break the method. Also cryptanalysts can break these other methods using brute-force exhaustive searches. The only issue is how long it takes to break them. With current strong cryptographic algorithms, the chances are that there are no short-cut ways to break the systems, and current cryptanalysis requires decades or millennia or longer to break the algorithms by exhaustive search. (The time to break depends on various factors including especially the length of the cryptographic key.) To summarize, with these methods there is no absolute guarantee of security, but experts expect them to remain unbroken.
A scenario at this point may help clarify matters. A user could maintain a diary or other secret text on a personal computer in encrypted form. He could enter a secret password to gain access to the information, both to read or change old entries and to add new material. One could set this up using today's technology so that the security would be proof against any anticipated method of breaking the code for the next twenty years, say, or longer if desired. Thus if the person dies and his equipment is taken into custody, no manipulations with supercomputers or by the smartest cryptographers in the world would allow decryption. Without the secret password the data remains inaccessible. One could try all possible passwords, but that would only work if the user had not chosen a long enough password, or if he chose a common word or phrase for his password. Software is available to keep unbreakable secrets. Nothing on earth will keep individuals from availing themselves of this capability.
In addition to the ability to keep secret diaries and other secret data, cryptography allows one to transmit data in secret. This includes all data transmission, from phones and cellular phones and pagers to television and internet traffic. In fact, computer scientists often do not distinguish between data transmission and data storage, since the latter is regarded as a transmission from ``now'' to ``then.''
Public-Key Cryptography
Cryptography gives other very useful capabilities. One can affix the electronic version of a signature onto a document in a way that detects any change in the document and that authenticates the entire document as originating with the signer. It is as if an ordinary signature were scrawled across the entire document, preventing any changes. It is not feasible for a person to fake a digital signature. These near-perfect signatures make the digital realm much safer than the non-digital. For example, one can sign and authenticate anything that can be represented digitally: music, pictures, and videos, as well as transmitted text.
One can provide both signature and secrecy for a message, so that only the intended recipient can read the message, and only the designated originator can have sent the message. Encrypting for secrecy, adding a signature, and later authenticating the sender, all have been automated with software to provide convenient practical systems for users who need not know how these systems work.
There are also the capabilities of public key cryptography. In such systems each user creates a pair of keys: a secret key for decryption and a separate public key -- available in a public directory just as a phone number is available in a phone book -- for encryption by the person sending the message. In order to sign a message, the user employs his secret key, normally used for decryption. Secrecy and authentication systems now available on the Internet are based on one of several standard public key cryptosystems, and again users need not know how they work to employ them.
For example, suppose Alice and Bob wish to communicate using public key cryptography. (In the literature on these matters, the involved parties are always named Alice and Bob. During the cold war the bad guy who pretends to be Bob was called Boris.) Both Alice and Bob create pairs of public/private keys, and they each make their public keys available to everyone in some public key file. If Alice wants to send a signed secret message for Bob alone, she first fetches Bob's public key from the public key file. Alice uses Bob's public key to encrypt a message that only Bob can decrypt with his private key. If Alice only wanted secrecy, she could send this message as it is. Since she also wants to prove she is the sender of the message, she uses her own secret key to further scramble the already encrypted message for the purpose of adding her signature for authentication. Alice tells Bob to expect this message from her (without worrying about the secrecy of this latter message), so at the other end Bob fetches Alice's public key to carry out the first stage of message retrieval. Then he uses his own secret key to come up with the original message Alice sent him. Because of the signature (decryption with Alice's secret key), only Alice can have originated the message, and because of the encryption with Bob's public key, only Bob can decrypt and read the message. There are additional subtle problems, but modern systems handle these without worrying the user. In practice, these systems use a hybrid of public- and private-key cryptography for efficiency. Alice and Bob can communicate securely and secretly in this way using software without understanding public key cryptography at all.
In the discussion above, Alice received Bob's public key from a public file on a server computer. This computer must authenticate its message using public key cryptography also, so that Alice can be sure she's really getting Bob's key. There is a clever way to do this using a signature of the computer supplying the key. If Alice has already registered with this computer, she can verify the signature directly. Otherwise, this signature will in turn be signed using the public key of yet another computer. In this way a sequence of signatures is created, called a certificate, and the certificate terminates in a signature that Alice can verify from having directly visited the given computer. This may sound confusing, but it works, and users need not understand how.
Perfect Cryptography
This section discusses an interesting subtle technical point about cryptography.
Consider the Caesar cipher of the previous section, and associate the numbers 0 through 25 with the letters ``A'' through ``Z,'' that is, ``A'' is associated with 0, ``B'' with 1, ``C'' with 2, and so on until ``Z'' with 25. One can represent the previous shift of 3 in the example by the letter ``D,'' so that each letter specifies a shift. A special encryption method called the ``Beale cipher'' starts with a standard text like the U.S. constitution (``We the people . . .'') and with the message to encrypt, say ``ATTACK.'' Write down the letters of the standard text on one line, followed by the letters of the message on the next line. In each column, the upper letter is interpreted as a shift to use in a Caesar cipher on the letter in the second row. Thus below in the second column, the ``E'' in the first row means a shift of 4 is applied to the letter ``T'' in the second row, to get the letter ``X.''
Standard text: WETHEP
Message: ATTACK
Encrypted message: WXMHGZ
The person receiving the encrypted message must know what the standard
text is. Then this receiver can reverse the above encryption by
applying the shifts in the opposite direction
to get the original message back. This method will handle a
message of any length by just using more of the standard text.
Notice that in this example the two ``T''s came out as different
letters in the encrypted message.
For more security, one should not use a standard text as well known
as the one in this example. Instead the sender and receiver could
agree on a page of a book they both have with them as the start
of their standard text. All the security of this system resides
with the secrecy of the standard text. There are a number of other
subtle pitfalls with this method, as with most of cryptography,
but these details are not helpful in this discussion.A variation on this method, known as the ``one-time pad,'' starts with a random sequence of letters for the standard text. Suppose for example one uses ``RQBOPS'' as the standard text, with the same message. Then encryption takes the form:
Standard text (random): RQBOPS
Message: ATTACK
Encrypted message: RJUORC
The receiver must have the same random string of letters ``RQBOPS''
around for decryption. As the important part of this discussion,
I want to show that this method is perfect as long as the
random standard text letters are kept secret. Suppose the message
is ``GIVEUP'' instead of ``ATTACK.'' If one had started with random
letters ``LBYKXN'' as the standard text,
then the encryption would have taken the form:
Standard text (random): LBYKXN
Message: GIVEUP
Encrypted message: RJUORC
The encrypted message is the same as before, even though the
message is completely different. An opponent who intercepts
the encrypted message but knows nothing about the random standard
text gets no information about the original message, whether
it might be ``ATTACK'' or ``GIVEUP'' or any other six-letter
message. It is in this sense that the one-time pad is perfect.In this century spies have often used one-time pads. The only requirement is text (the pad) of random letters to use for encryption or decryption. The party communicating with the spy must have exactly the same text of random letters. This method requires the secure exchange of pad characters: as many such characters as in the original message. In a sense the pad behaves like the encryption key, except that here the key must be as long as the message. But such a long key defeats a goal of cryptography: to reduce the secrecy of a long message to the secrecy of a short key. If storage and transmission costs keep dropping, the one-time pad might again become an attractive alternative.