section 1: motivation
TRANSCRIPT
Cryptography for Business Bryan Reagan, Ph.D.
Saint Leo University [email protected]
Section 1: Motivation
Businesses rely more and more upon the use of computer technology in general, and the use of
networks and databases in particular. An enterprises data assets are both central to the organization’s
operations, and through the increased connectivity of computer networks, these data assets are
becoming increasingly vulnerable. Hackers, financial identity theft, denial of service attacks, viruses, and
other forms of electronic vandalism are now well known parts of the Information Technology landscape.
While they are less covered in the press, but equally threatening, the actions of the organization’s own
personnel may undermine security policies and expose the organization’s data assets or create a liability
exposure through revealing privileged information. It is unlikely that many businesses are going to
disconnect themselves from the Internet in order to eliminate these threats, so proper precautions must
be taken (Schneier, 2004).
Consider the following. You are an administrator of a large hospital in an urban center. You have
received a telephone message in which the speaker reveals information only someone privy to the
patient medical information in your operational database would know. She then informs you that critical
patient care information, such as blood type and medications, have been changed in the database, and
you will only be informed which ones have been modified if you make arrangements to transfer funds to
an offshore account.
Consider the following. An employee with access to confidential engineering data has been hurt in a
traffic accident during his lunch hour and has been rushed to the hospital. Software monitoring the
office network notes a high volume of network traffic on the workstation at his desk, even though the
employee is currently incapacitated and absent.
Consider the following. A senior partner in a prestigious law firm has his laptop snatched by a thief in an
airport security check point. Contained on the computer’s hard drive are documents containing
confidential information crucial to the arguments in several high profile lawsuits. The opposing parties in
some of these law suits are known to have ties to organized crime.
Consider the following. An office manager maintains an accounting firm’s web site as part of her duties.
She finds that she can post spreadsheet files in directories on web server and then access them from
home. Some of these spreadsheets contain privileged financial information about the firm’s clients.
All of these situations represent problems in the areas confidentiality (keeping unauthorized users from
accessing data) and integrity (protecting the data from corruption) (Lehtinen, Russell, & Gangemi,
2006). Cryptography addresses both of these areas. As more and more information is stored in
computers, and those computers are increasingly interconnected, the greater the need becomes for
cryptographic protection (Meyer & Matyas, 2005)
Section 2: Classic Cryptography
Before we can discuss Cryptography in an Information Technology or Business context, we need to look
at the evolution of cryptography in general. The use of codes and ciphers in communication goes back to
antiquity (Poe, 1841, p. 33).
The use of shared, non-private communication channels requires provisions to keep sensitive
information secret. This predates the Internet. During the Napoleonic Wars, ships in sea battles
communicated using combinations of signal flags, which were visible both to allies and enemies, that
represented secret numeric codes for conditions and orders (Cragon, 2005). In Victorian England, it was
stylish for young lovers to exchange messages encrypted with keyword ciphers in the “agony column”
ads of newspapers in order to escape the censorship of their parents (Singh, 1999, p. 77).
The term Cryptography is Greek for “hidden writing”, and refers to the study of secret codes and ciphers
(Smith, 1943, p. 16). The purpose of cryptography is to convert a message or file, called plaintext, into a
form which obfuscates its meaning, but which allows recovery of the plaintext by someone knowing the
proper method and possibly a secret, such as a keyword (Gardner, 1972, p. 11), (Kahn, 1996, p. xv). The
transformed message is called the ciphertext (Cormen, Leiserson, & Rivest, 1990, p. 832), (Katz, 2004, p.
9.21). Under normal circumstances, this is done to prevent unauthorized persons from learning or
modifying the contents of the message. Hence cryptography is central to the field of information
security. Ideally an encrypted message or computer file should be safe forever. Realistically, it is
adequate to make it too labor intensive for an unintended person to discover the plaintext within a time
frame for that discovery to have significant consequences.
The terms code and cipher are often confused in the common usage. A code uses a table or codebook to
translate whole words, phrases, or even sentences between plaintext and code (Callery, 2008, p. 57),
(Janeczko, 2004, p. 5), (Kahn, 1996, p. xvi). A cipher performs operations on individual letters or symbols
to transform them between plaintext and ciphertext (Callery, 2008, p. 57), (Kahn, 1996, p. xvi), (Singh,
1999, p. 30). Ciphers were developed to a high level by Arabic scholars in the middle ages, and the term
cipher comes from the Arabic word “sifr”, which translates as “nothing” (Wrixen, 1998, p. 21).
Superencipherment, a technique currently favored by several branches of the United States Military,
first translates plaintext into a code and then enciphers the coded message, creating a coded cipher
(Callery, 2008, p. 57), (Kahn, 1996, p. xvii).
In order to be effective, a code requires a very large number of entries in the codebook, which makes
the use of codes less effective than ciphers in a data processing environment (Meyer & Matyas, 2005, p.
196). While the large databases needed to implement effective codes are now easy to create and
distribute, the IT industry has favored the use of ciphers to this point.
Pre-computer ciphers, and many computer ciphers, are based on three basic principles: nulls,
substitution, and transposition. Nulls are additional symbols or groups of symbols added to a message
to increase the size of the message to a fixed block size, through off frequency counts of symbols, or
simply obscure the message (Callery, 2008, pp. 66, 184), (Gardner, 1972, p. 12), (Janeczko, 2004, p. 82),
(Kahn, 1996, p. xvi), (Singh, 1999, p. 29), (Smith, 1943, p. 44), (Wrixen, 1998, p. 133). Substitutions are
systematic replacements of symbols or group of symbols with alternatives, but in which their positions
remain unchanged (Callery, 2008, p. 70), (Gardner, 1972, p. 21), (Janeczko, 2004, p. 25), (Kahn, 1996, p.
xv), (Patterson, 1987, p. 8), (Singh, 1999, p. 9), (Smith, 1943, p. 57), (Wrixen, 1998, p. 132).
Transpositions are re-orderings of the original symbols within sections of the message or the entire
message (Callery, 2008, p. 56), (Gardner, 1972, p. 11), (Janeczko, 2004, p. 25), (Kahn, 1996, p. xv), (Singh,
1999, p. 7), (Smith, 1943, p. 29), (Wrixen, 1998, pp. 131-132).
Nulls appear to be underrated as a cryptographic device, some authors even failing to mention the
existence of null ciphers. A null cipher adds symbols to the plaintext in order to obfuscate the contents
(Callery, 2008, p. 48), (Gleason, 1981, p. 53), (Janeczko, 2004, p. 82), (Wrixen, 1998, pp. 492-496). Due to
their method of operation, null ciphers are also known as concealment ciphers in some references
(Gaines, 1956, p. 1). Perhaps the most well know null cipher is contained in Edgar Allan Poe’s poem,
“Valentine”, which conceals his paramour’s name, in the first letter on the first line, second letter on the
second line, through to the finish. Consider a simple null cipher in which the letters of the plaintext are
bracketed by randomly generated nulls. Following the military convention of removing spaces from the
plaintext, we will encode the text “SAINTLEO” with nulls. A possible ciphertext would be
“OSLATIONITILSEAOE”.
The Cardano grill is a very successful null cipher, which incorporates transposition, developed by
sixteenth century Italian mathematician Girolomo Cardano, which used a paper or metal template,
possibly with labels indicating symbol order, to select plaintext letters from a larger document (Gaines,
1956, p. 26), (Gardner, 1972, p. 62), (Janeczko, 2004, p. 87), (Kahn, 1996, p. 144), (Wrixen, 1998, p. 488).
This principle was then used very successfully by the Soviets during the cold war (Belfield, 2007).
Consider a message of one hundred letters was hidden in a radio telegraph transmission of a thousand
letters. The first letter of the message has 1,000 possible positions; the second has 999 possible
positions; and so on, for a number of combinations greater than five followed by three hundred zeros.
While it is considered inelegant, it is clearly effective.
When nulls are generated they must have values consistent with the values in the plaintext. For
example, a null cipher intended to conceal standard English text should not consist exclusively of the
letters ‘X’ and ‘Q’, but instead should contain all letters in the alphabet, randomly selected with
frequencies matching the frequency distribution of the letters in English (Smith, 1943, p. 46). If nulls are
being used with mono-alphabetic substitution ciphers, then their values may be selected to undermine
cryptanalysis by flattening out the frequency distribution.
Substitution ciphers fall under two broad categories: mono-alphabetic substitution ciphers and poly-
alphabetic substitution ciphers. In mono-alphabetic substitution ciphers a one to one correspondence
is set up between the symbols on the plaintext alphabet and the symbols in the ciphertext alphabet
(Callery, 2008, pp. 70, 184), (Gardner, 1972, p. 21), (Singh, 1999, pp. 15, 393), (Wrixen, 1998, pp. 168,
678). In poly-alphabetic substitution ciphers each symbol in the plaintext alphabet is associated with
one or more symbols in the ciphertext alphabet, and each symbol in the ciphertext alphabet may be
associated with multiple symbols in the plaintext alphabet (Callery, 2008, pp. 70, 88, 184), (Gardner,
1972, p. 43), (Singh, 1999, pp. 52, 393), (Smith, 1943), (Wrixen, 1998, pp. 201-202, 678).
Mono-alphabetic substitution ciphers are essentially the creation of alternative alphabets, and these
techniques have been known since ancient times (Poe, 1841, p. 33). The ancient Hebrews used the
atbash cipher around 600-500 B.C., in which the alphabet is mapped into the alphabet in reverse order
(Callery, 2008, pp. 74, 158, 174), (Kahn, 1996, p. 77), (Singh, 1999, p. 26). English variants of the atbash
cipher are often independently developed by school children who create a code in which ‘A’ becomes
‘Z’, ‘B’ becomes ‘Y’ while ‘Y’ becomes ‘B’ and ‘Z’ becomes ‘A’. Please see this cipher alphabet in the
Atbash row of the Table 1. Under such a scheme, the plaintext “LIONS” would encipher to “ORLMH”.
Plaintext A B C D E F G H I J K L M
Atbash Z Y X W V U T S R Q P O N
Ceaser-3 D E F G H I J K L M N O P
Plaintext N O P Q R S T U V W X Y Z
Atbash M L K J I H G F E D C B A
Ceaser-3 Q R S T U V W X Y Z A B C
Table 1: English Alphabets for Two Substitution Ciphers
Around 50 B.C., Gaius Julius Caesar, the first Roman Emperor, invented the Caesarian Shift, in which a
ciphertext alphabet is created by circularly shifting the alphabet some fixed number of spaces (Callery,
2008, pp. 70, 174), (Gardner, 1972, p. 23), (Gleason, 1981, p. 1), (Janeczko, 2004, p. 27), (Kahn, 1996, p.
84), (Patterson, 1987, p. 1), (Singh, 1999, pp. 9-11), (Smith, 1943, pp. 18, 60), (Wrixen, 1998, pp. 22-23,
169-170). The Caesarian shift is a basic operation of cryptography and is crucial to later developments,
including the Vigenère cipher and the Vernam cipher (Patterson, 1987, pp. 1, 8), (Callery, 2008, p. 70).
See the row labeled Ceaser-3 in Table 1 for an example of a Caesarian shifted alphabet using a forward
shift of three, in which ‘A’ would become ‘D’, ‘B’ would become ‘E’, ‘W’ would become ‘Z’, and ‘Z’ would
become ‘C’. Under this scheme, the ciphertext “COMMUNITY” would encipher to “FRPPXQLWB”. Please
not how the pair of Ms is visible as a pair of Ps. Patterns such as these are a vulnerability of mono-
alphabetic substitution ciphers.
A keyword cipher uses a pre-agreed upon keyword or key to generate a cipher alphabet, using the
unique letters of the keyword to shift the remaining letters forward in the ciphertext alphabet, (Callery,
2008, p. 72), (Gardner, 1972, p. 26), (Gleason, 1981, p. 13), (Poe, 1841, p. 37), (Singh, 1999, p. 13),
(Smith, 1943, p. 62), (Wrixen, 1998, pp. 171-172). Consider for example the keyword “Zephyr Hills”.
Removing duplicate letters and spaces we have the text “ZEPHYRILS”. This is then inserted in a cipher
table under the beginning of the alphabet, and the remaining letters are inserted into the table. Table 2
is generated. Using the alphabet in Table 2, the plaintext “RESPECT” enciphers as “MYNJYPO”.
Plaintext A B C D E F G H I J K L M
Ciphertext Z E P H Y R I L S A B C D
Plaintext N O P Q R S T U V W X Y Z
Ciphertext F G J K M N O Q T U V W X
Table 2: Keyword Cipher for “Zephyr Hills”
The ancient Spartans used the Polybius square (also Polybius checkerboard or Greek square), which was
developed by the Greek historian Polybius and the philosopher Democritus (Wrixen, 1998, p. 22). In the
Polybius square, a square grid with rows and columns numbered with single digit numbers was filled
with the letters from the plaintext alphabet, and the ciphertext consisted of the row and column
numbers of the cell containing the plaintext letter (Callery, 2008, pp. 75-76, 104), (Gardner, 1972, p. 28),
(Janeczko, 2004, pp. 48-49), (Kahn, 1996, p. 83), (Wrixen, 1998, pp. 190-191). Techniques like this which
represent each plaintext symbol by a pair of ciphertext symbols are called fractional ciphers (Shannon,
1949, p. 669). In fact, this scheme was used by the Spartans for long range communications by using two
groups of torches, the numbers of which would represent the two digits, and it also adapted for use
with knocks on cell walls by American POWs in Vietnam (Callery, 2008, pp. 75-76). Similarly, a technique
based on Polybius square, known of as the Russian prisoners’ cipher, or also known as the knock cipher,
was used in the Czar’s penal system and became instrumental in the development of the Anarchists’
Cipher and the Vernam cipher (Wrixen, 1998, p. 192). Please see Table 2 for a sample Polybius square
for the English alphabet. Using the specific square in Table 3, the plaintext “INTEGRITY” would be
enciphered as “46 63 21 15 26 41 46 21 35”.
1 2 3 4 5 6
1 A B C D E F
2 T U V W X G
3 S 6 7 8 Y H
4 R 5 0 9 Z I
5 Q 4 3 2 1 J
6 P O N M L K
Table 2: Polybius Square and Russian Prisoners’ Cipher
All mono-alphabetic substitution ciphers are vulnerable since they preserve patterns which exist in the
plaintext. Eighth century Arabic scholars realized that since each symbol in the plaintext alphabet is
represented by exactly one symbol in the ciphertext alphabet, and they developed frequency analysis,
in which the frequencies of the ciphertext symbols and compare them against known frequencies in the
plaintext alphabet (Callery, 2008, pp. 82-85), (Gardner, 1972, pp. 35-42), (Singh, 1999, pp. 17-25),
(Smith, 1943, pp. 91-96). For example, in English text, the most frequently occurring letters a ‘E’, ’T’, ‘A’,
‘O’, and ‘N’ in that order, so given a large enough sample of text enciphered with a mono-alphabetic
substation cipher, we know that the most frequent symbol must correspond the letter ‘E’ (Callery, 2008,
p. 82), (Gardner, 1972, p. 35), (Janeczko, 2004, p. 62), (Singh, 1999, p. 17) (Smith, 1943, p. 91).
Furthermore, in natural languages like English, there exist certain patterns in symbols called pattern
words, which correspond to a limited number of plaintext words (Gleason, 1981, pp. 85-93). For
example, a ciphertext pattern of “ABCB” can represent the words “HERE” or “WERE”, while the pattern
“ABCDEFDGH” may only correspond to the English word “BREAKFAST” (Gleason, 1981, pp. 85-93). These
limitations drove the development of poly-alphabetic substitution ciphers as early as the 15th century
(Wrixen, 1998, p. 202).
During the prelude to the Russian revolution in the 1850s and 1860s, the Anarchists had a written
version of the Russian prisoner’s cipher, and were aware that the authorities knew how the cipher
worked (Wrixen, 1998, p. 198). In order to protect their messages, they developed the Anarchists’
cipher, (or Nihilist’s substitution cipher,) which encoded a keyword, the ciphertext of which was then
cyclically added to the encoded plaintext in order conceal the patterns in the plaintext (Kahn, 1996, p.
620), (Wrixen, 1998, pp. 198-200). Consider the keyword “LION” which would be encoded as “65-46-62-
63” using the Table 2. The plaintext “DEVELOPMENT” would similarly be encoded as “14-15-23-15-65-
62-61-64-15-63-21”. Cyclically adding the coded keyword to the plaintext we get the ciphertext “79-61-
85-78-130-108-123-127-80-109-83”. Please see this processes illustrated in Figure 1 below. Please note
that the plaintext letter “E” is represented by the ciphertext values “61”, “78”, and “80”, and each of
these numbers may represent other letters if the message is long enough. Consider how difficult this
would be to break of you did not even know the length of the keyword. This is the power of poly-
alphabetic substitution ciphers.
Plaintext D E V E L O P M E N T 14 15 23 15 65 62 61 64 15 63 21 Key L I O N L I O N L I O 65 46 62 63 65 46 62 63 65 46 62
Ciphertext 79 61 85 78 130 108 123 127 80 109 83
Figure 1: Sample Anarchists’ Cipher
The Vigenère cipher was a poly-alphabetic substitution cipher used by the French government for
military and diplomatic correspondence during the 19th century, and due to its invulnerability to
frequency analysis, the French bragged that it was “Le Chiffre indéchiffrable” (Callery, 2008, p. 101),
(Singh, 1999, p. 63). It was secretly broken by British statesman, professor, inventor, and mechanical
computer pioneer, Charles Babbage around 1854 (Callery, 2008, p. 101), (Singh, 1999, p. 78). The
Vigenère used a keyword to select a series of Caesarean shifts applied cyclically to the plaintext (Callery,
2008, p. 101), (Gardner, 1972, pp. 49-52), (Gleason, 1981, pp. 97-98), (Smith, 1943, pp. 71-72), (Singh,
1999, pp. 48-49), (Wrixen, 1998, pp. 207-209). Essentially, a shifted alphabet is created for each letter of
the keyword, and each letter of the plaintext is then encoded by alternating cyclically through the
ciphertext alphabets (Callery, 2008, p. 100), (Gardner, 1972, pp. 49-52), (Gleason, 1981, pp. 97-98),
(Smith, 1943, pp. 71-72), (Singh, 1999, p. 49), (Wrixen, 1998, pp. 207-209). Consider Table 3 which
contains the ciphertext alphabets for the Vigenère cipher using the keyword “LOVE”. Encoding the
plaintext “EXCELLENCE” cycling through the alphabets would produce the ciphertext “PLXIWZZRNS”.
Please note that the plaintext symbol “E” has been represented by the ciphertext symbols “P”, “I”, “Z”,
and “S”. Also see that the ciphertext letter “Z” has been used to represent both the plaintext symbols
“L” and “E”.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
Table 3: Vigenère Table for the Keyword “LOVE”
Transposition ciphers systematically reorder the symbols of the plaintext, without changing their values
(Callery, 2008, p. 56), (Gardner, 1972, p. 11), (Janeczko, 2004, p. 25), (Singh, 1999, pp. 7, 394), (Smith,
1943, p. 29), (Wrixen, 1998, pp. 134-135). While this may initially sound infective, consider if the letters
in this paper were cut out as individual squares and then mixed and poured out on a table. Someone
who has never seen this paper is then given the scrambled letters and asked to recovering the original
text. Given a ciphertext of N letters, there are N! ways to decode them (Smith, 1943, p. 32). These
means given ten symbols, there are 10! = 3,628,800 potential anagrams. Given 15 letters, the number of
permutations is over 1 trillion. Consider a simple cipher that takes groups of three symbols and reverses
them, ignoring any final groups of two or fewer symbols. Under such a scheme, the plaintext
“STEWARDSHIP” would encipher as “ETSRAWHSDIP”.
Modern Cryptography
While the Anarchist’s cipher and the Vigenère cipher are significantly more powerful than mono-
alphabetic substitution ciphers, they still are vulnerable to cryptanalysis. Since the keywords have a
finite length, they themselves have a pattern and cycle. Claude Shannon proved in his famous 1949
paper that in order to have perfect security, a cipher must have a keyword as long or longer than the
plaintext (Shannon, 1949, p. 682). For example, consider using the text of a large novel as the key in an
Anarchists’ or Vigenère cipher. The Vernam cipher, considered the only unbreakable cipher, satisfies this
criterion, and is currently in use by the United States Department of State (Shannon, 1949, p. 682),
(Callery, 2008, p. 103).
The Vernam cipher, also known as the one-time pad, was developed in 1918 for use in secure telegraph
communications, and uses a very long key, the entries of which are used once and then discarded
(Callery, 2008, p. 103), (Shannon, 1949, p. 682), (Vernam, 1926). In most current implementations of the
Vernam cipher, the bitwise exclusive or (XOR) operation is used instead of using addition or a Caesarian
shift. This has two advantages. Firstly, bitwise exclusive or is self inverting and the same operation can
be used with the same key for both enciphering and deciphering (Burd, 2006, p. 120), (Leese, 2004, p.
16.3). Symbolically, if C = A XOR B, then A = C XOR B (Leese, 2004, p. 16.3). Secondly, the result of a
bitwise exclusive or requires the same number of bits (binary digits) as the operands, so the ciphertext is
the same size as the plaintext (Burd, 2006, p. 120), (Leese, 2004, p. 16.3). Clearly the Vernam cipher is
the ultimate substitution cipher.
Feistel ciphers operate on blocks of digital data, and perform a series of transpositions and
substitutions, called rounds, based on a key (Buchmann, 2000, p. 127). The now defunct Data
Encryption Standard (D.E.S.), approved by the United States Department of Commerce, enciphered data
in 64 bit blocks using a 56 bit key to encode all blocks using the same sequence of operations (Federal
Information Processing Standards Publications, 1993), (Lehtinen, Russell, & Gangemi, 2006, p. 154).
Since 56 bits can now be broken by brute trial and error, 3DES or triple D.E.S. uses three separate keys
to encrypt each block three times (Lehtinen, Russell, & Gangemi, 2006, p. 156). The United States
Commerce Department’s current replacement cipher, Advanced Encryption Standard (A.E.S.),
enciphers 128 bits data blocks and uses keys of 128, 192, or 256 bits (Federal Information Processing
Standards Publications, 2001). Note that these ciphers rely on substitution and transposition, both of
which have been know since antiquity.
Public key cryptography uses two distinct keys, a public key to encipher data and a separate private key
to decipher (Belfield, 2007, pp. 18-19), (Buchmann, 2000, p. 164), (Callery, 2008, p. 141), (Cormen,
Leiserson, & Rivest, 1990, p. 831), (Diffe & Hellman, 1976), (Lehtinen, Russell, & Gangemi, 2006, p. 165),
(Patterson, 1987, p. 34), (Singh, 1999, p. 269), (Wrixen, 1998, p. 127). If designed properly, the public
key may be widely and freely distributed, since the private key cannot be deduced from the public key,
and is required to decipher any ciphertext enciphered with the public key (Callery, 2008, p. 141),
(Cormen, Leiserson, & Rivest, 1990, p. 831), (Diffe & Hellman, 1976), (Singh, 1999, p. 269), (Wrixen,
1998, p. 127). You occasionally find public keys posted on websites, business cards, and e-mail
signatures of individuals who wish to allow others to privately communicate with them. The Internet,
particularly e-commerce, depends on the use of public key cryptography. Vendors require customers to
send them financial information, such as their credit cards numbers, without previous arrangements for
private key distribution. Public key cryptography is perfect for this situation since it allows a vendor’s
site to supply a public key to the client so that the encrypted data may be sent without prior
arrangements.
The principle is best illustrated with a simple but unrealistic example. Consider if I am going to carry a
phone number in the notepad which I carry on my person, and I wish to keep it secret in case the
notepad is misplaced or stolen. For purposes of discussion, let the plaintext be the phone number “555-
1446”. I would probably remove the dash, but this leaves “5551446” and a seven digit number will often
be assumed to be a phone number. Now consider that I could encrypt the number by multiplying by 5,
which produces “27,757,230”, which does not look like a phone number. To retrieve the original
number, I can use my pocket calculator to multiply my ciphertext, “27,757,230” by the value 0.2, which
produces the original plaintext, “5551446”. This works because the product of 5 and 0.2 equals 1. In this
case, the keys are 5 and 0.2 and the operation is multiplication.
In an online environment, keys this easy to manipulate would provide only the most superficial veneer
of privacy, since most eavesdroppers could divide by a small number like 5 if it was used as a public key.
Instead, real keys used in public key cryptography are hundreds of digits long (du Sautoy, 2003, p. 236).
In order to understand contemporary public key cryptography, we need to visit two topics from Number
Theory: modular arithmetic and Fermat’s little theorem.
Modular arithmetic was first developed by Carl Friedrich Gauss, and is a crucial component of computer
arithmetic (du Sautoy, 2003, p. 20). Essentially, two numbers X and Y are said to be congruent modulo
divisor D, denoted X ≡ Y mod D, if their difference, (X-Y), is divisible by D (Buchmann, 2000, p. 29),
(Cormen, Leiserson, & Rivest, 1990, p. 803), (Darling, 2007, p. 210). For example, 4 ≡ 1 mod 3. We can
also think of the modulus of a number as the remainder of that number divided by the divisor D, in
which case we can think of the modulus as an operator, so we might write (4 mod 3) = 1 (Cormen,
Leiserson, & Rivest, 1990, p. 804), (Patterson, 1987, pp. 180-187) .Note that for a given divisor D, all
integers are congruent to an integer in the range [0, (D-1)], so each value in [0, (D-1)] defines a
congruence class modulo D, and the results of operations (e.g. addition and multiplication) are also
mapped back into values in the range [0, (D-1 (Buchmann, 2000, p. 30), (Cormen, Leiserson, & Rivest,
1990, p. 804), (Patterson, 1987, p. 172). By convention, the integers modulo D are denoted ZD (Cormen,
Leiserson, & Rivest, 1990, p. 804), (Patterson, 1987, p. 172). Imagine a clock in which the 12:00 is labeled
0:00, in honor of the military tradition. If we add 4 hours to 11:00, we get 3:00, because 11 + 4 = 15 and
(15 mod 12) = 3.
A popular statement of Fermat’s little theorem states that given a prime number P, and a positive
integer X less than P, X raised to the power (P-1) must be congruent to 1 modulo P (Buchmann, 2000, p.
44), (Darling, 2007, p. 115), (du Sautoy, 2003, p. 233), (Patterson, 1987, p. 182) The is demonstrated for
values from 1 to 6 for the modulus P=7 in Table 4. We can clearly see that the entire column for X6, all
entries are congruent to 1 mod 7. So, for any value X in [1, 6], we can create pairs of factors Xn and X6-n
which multiply to X6 , which is congruent to 1 mod 7. These two factors can be used as a private and a
public key.
X X2 X
3 X
4 X
5 X
6 X
7
1 ≡ 1 mod 7 1 ≡ 1 mod 7 1 ≡ 1 mod 7 1 ≡ 1 mod 7 1 ≡ 1 mod 7 1 ≡ 1 mod 7 1 ≡ 1 mod 7
2 ≡ 2 mod 7 4 ≡ 4 mod 7 8 ≡ 1 mod 7 16 ≡ 2 mod 7 32 ≡ 4 mod 7 64 ≡ 1 mod 7 128 ≡ 2 mod 7
3 ≡ 3 mod 7 9 ≡ 2 mod 7 27 ≡ 6 mod 7 81 ≡ 4 mod 7 243 ≡ 5 mod 7 729 ≡ 1 mod 7 2,187 ≡ 3 mod 7
4 ≡ 4 mod 7 16 ≡ 2 mod 7 64 ≡ 1 mod 7 256 ≡ 4 mod 7 1,024 ≡ 2 mod 7 4,096 ≡ 1 mod 7 16,384 ≡ 4 mod 7
5 ≡ 5 mod 7 25 ≡ 4 mod 7 125 ≡ 6 mod 7 625 ≡ 2 mod 7 3,125 ≡ 3 mod 7 15,625 ≡ 1 mod 7 78,125 ≡ 5 mod 7
6 ≡ 6 mod 7 36 ≡ 1 mod 7 216 ≡ 6 mod 7 1,296 ≡ 1 mod 7 7,776 ≡ 6 mod 7 46,656 ≡ 1 mod 7 279,936 ≡ 6 mod 7
Table 4: Fermat’s Little Theorem for P=7
Just as 5 and 0.2 worked as keys in the previous example, for P=7, 54 = 625 will be the public key, and
52=25 will be the private key. We can confirm: 54 × 52 = 625 × 25 = 15,625 Ξ 1 mod 7. Consider if our goal
is to send the plaintext number “3” as a message. The sender multiplies by 3 × 54 = 3 ×625 = 1,875. The
sender then sends the ciphertext “1,875”, which bears little resemblance to “3”. The receiver records
the transmitted ciphertext “1,875”, and multiplies by his private key, 52 = 25. So the final decoding is
1,875 ×25 = 46,875 Ξ 3 mod 7, which yields the plaintext of “3”.
While this is better than the first example, most people have the ability to divide by a public key like
625. Furthermore, this scheme can only encode values less than seven, which would seriously limit
network transmission rates. Real public key schemes use keys which have hundreds of digits, which are
products of multiple numbers raised to large exponents, which can literally take longer than the life
expectancy of the universe to factor (du Sautoy, 2003). In order for this to work, very large prime
numbers must be used for P, which is one of the main reasons why computer scientists are so interested
in large prime numbers (du Sautoy, 2003).
The RSA cryptosystem is the current state of the art public key cryptosystem, which uses the product of
two primes with at least a hundred digits to generate the keys which are currently in the 154 to 512 bit
range (Buchmann, 2000, p. 167), (Callery, 2008, p. 143), (Cormen, Leiserson, & Rivest, 1990, pp. 831-
837), (du Sautoy, 2003, p. 230), (Lehtinen, Russell, & Gangemi, 2006, pp. 165-166), (Patterson, 1987, p.
43), (Singh, 1999, p. 274), (Wrixen, 1998, pp. 285-286). If a fast method of factoring of large numbers is
developed, then RSA will become useless (Buchmann, 2000, p. 174), (Singh, 1999, p. 277).
In 1991, Phil Zimmermann released the PGP cryptosystem on the Internet, which essentially allows
normal people to encrypt their data quickly and to a level of security requiring millions of years to break
(Callery, 2008, p. 176), (Singh, 1999, p. 298). PGP uses RSA to securely encrypt a key, which is then used
in a Feistel cipher to encrypt the data (Callery, 2008, p. 144). Because he released it on the Internet, he
was subjected to a three year investigation by the FBI and a grand jury, since the United States
government so fears use of strong encryption by private individuals that they treat cryptographic
software as a military ordinance (Belfield, 2007, pp. 19-21). MIT press also published the PGP algorithm
in a book, so prosecuting him would also require prosecuting MIT, so the Justice Department decided to
cut their losses and drop the case in 1996 (Singh, 1999, p. 315). The latest version of PGP is available for
download at his website http://www.philzimmermann.com (Zimmermann).
Section 4: Applications
Now let us reconsider each of the hypothetical situations from the beginning of this paper.
Consider the case of blackmail with modified medical records. If the records are encrypted, then it is
unlikely that an outside intruder into the network would be able to access the data, let alone modify it in
such a way to appear consistent. Furthermore, if a transactional database management system is used
as a front end to access and store the records, then any updates will be logged and will be able to be
rolled back. In this case, encryption of the database files is used to prevent back door snooping and
tampering.
In the case of the absent engineer, if the data files are strongly encrypted, then even if an outside
person is able to copy them through the network, the cost of breaking the encryption will probably
exceed to the cost of the research and development time to independently create the data in the files.
In the case of the stolen laptop, strongly encrypted files will prevent data from falling into the wrong
hands, and appropriate backup procedures will prevent loss of too much information.
In the case of the careless office manager using the web server as a thumb drive, strong encryption of
the files would prevent unauthorized people from opening the files. In addition, this employee should
be re-trained about client confidentiality and handling privileged information.
In all of these cases, encryption will mitigate much of the risk. However, the human behavioral
component remains an issue.
Section 5: Conclusions
Cryptography can protect against a number of threats. Communications and files can be encrypted to
prevent or at least seriously delay unauthorized access or modification. While we cannot guarantee that
information will never be accessed, we can make it so resource intensive to access the data that it will
become infeasible to break the ciphers. Currently, RSA public key cryptography and 3DES provide
reasonably secure communications and file storage, although cryptography remains an open field for
further work.
Works Cited Belfield, R. (2007). The Six Unsolved Ciphers. Berkley, CA: Ulysses Press.
Buchmann, J. A. (2000). Introduction to Cryptography. New York: Springer.
Burd, S. D. (2006). Systems Architecture (5th ed.). Boston, Massahusetts: Course Technology.
Callery, S. (2008). Codes and Ciphers. New York: Harper Collins Publishers.
Cormen, T. H., Leiserson, C. E., & Rivest, R. L. (1990). Introduction to Algorithms. Cambridge,
Massachusetts: MIT Press.
Cragon, H. G. (2005). Royal Navy Codes and Ciphers in the Napoleonic Wars. Dallas Texas: Cragon Books.
Darling, D. (2007). Universal Book of Mathematics. Edison, New Jersey: Castle Books.
Diffe, W., & Hellman, M. E. (1976). New Directions in Cryptography. IEEE Transactions on Information
Theory , 644-654.
du Sautoy, M. (2003). The Music of the Primes. New York: Harper Collins Publishers.
Federal Information Processing Standards Publications. (2001, November 26). Advanced Encryption
Standard (AES). Retrieved October 6, 2009, from National Institute of Standards and Technology:
csrc.nist.gov/publications/fips/fips197/fips-197.pdf
Federal Information Processing Standards Publications. (1993, December 30). Data Encryption Standard
(DES) . Retrieved September 25, 2009, from National Institute of Standards and Technology:
http://www.itl.nist.gov/fipspubs/fip46-2.htm
Gaines, H. F. (1956). Cryptoanalysis: a Study of Ciphers and Their Solution. New York: Dover Publications
Inc.
Gardner, M. (1972). Code, Ciphers, and Secret Writing. New York: Dover Publications Inc.
Gleason, N. (1981). Cryptograms and Spygrams. New York: Dover Publications, Inc.
Janeczko, P. B. (2004). Top Secret: A Handbook of Codes, Ciphers, and Secret Writing. Cambridge,
Massachusetts: Candlewick Press.
Kahn, D. (1996). The Code Breakers (2nd ed.). New York: Schribner.
Katz, J. (2004). Cryptography. In A. B. Tucker, Computer Science Handbook (p. 9.1 to 9.23). Boca Raton,
FL: Chapman and Hall/CRC.
Leese, M. (2004). Digital Logic. In A. B. Tucker, Computer Science Handbook (pp. 16.1-16.38). Boca
Raton, FL: Chapman and Hall/CRC.
Lehtinen, R., Russell, D., & Gangemi, G. T. (2006). Computer Security Basics. Sabastopol, CA: O'Reilly
Media Inc.
Meyer, C. H., & Matyas, S. M. (2005). Cryptography. In M. D. Licker, E. Geller, & J. Weil (Eds.), McGraw-
Hill Concise Encyclopedia of Engineering (pp. 196-198). New York: McGraw-Hill.
Patterson, W. (1987). Mathematical Crytpography for Computer Scientists and Mathematicians. Totowa,
New Jersey: Rowman and Littlefield, Publishers.
Poe, E. A. (1841, July). A Few Words on Secret Writing. Graham's Magazine , pp. 33-38.
Schneier, B. (2004). Secrets and Lies: Digital Security in a Networked World. Indianapolis, IN.: Wiley
Publishing, Inc.
Shannon, C. E. (1949). Communication Theory of Secrecy Systems. Bell System Technical Journal , 656-
715.
Singh, S. (1999). The Code Book. New York: Random House, Inc.
Smith, L. D. (1943). Cryptography: The Science of Secret Writing. New York: Dover Publications, Inc.
Vernam, G. S. (1926). Cipher Printing Telegraph Systems. Journal of the American Institute of Electrical
Engineers , XLV, 109-115.
Wrixen, F. B. (1998). Codes, Ciphers and Other Cryptic and Clandestine Communication. New York:
Barnes and Noble Books.
Zimmermann, P. (n.d.). http://www.philzimmermann.com/. Retrieved October 7, 2009, from
http://www.philzimmermann.com/