the history of secrets cryptography and privacy patrick juola duquesne university department of...
TRANSCRIPT
![Page 1: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/1.jpg)
The History of SecretsCryptography and PrivacyThe History of SecretsCryptography and Privacy
Patrick Juola
Duquesne University
Department of Mathematics and Computer Science
![Page 2: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/2.jpg)
Secret WritingsSecret Writings
• Used to write to authorized people
• Good guys :• Business partners, lovers, fellow soldiers
• Bad guys :• Competitors, parents, enemies, foreign agents
• Secrets can be military, diplomatic, commercial, personal, et cetera.
![Page 3: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/3.jpg)
An Early ExampleAn Early Example
• Write in foreign alphabet
• Works surprisingly well in era of mostly illiterate people
attack at dawn
![Page 4: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/4.jpg)
Caesar cypher (40 BCE)Caesar cypher (40 BCE)
YGYKNNCVVCEMQPVJGYGUVUKFGQHVJGECORCVFCYPUVQRRNGCUGDGTGCFAVQUQTVKGVQQWTCUUKUVCPEGLECGUCT
CVVC -- “bATTAlion”? “inDEED”? “ATTAck”? “cigarETTE”/ “bESSEmer converter”?CUUKU -- “pOSSESsion”? “ASSIStance”?
C -> A U -> S K -> I
![Page 5: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/5.jpg)
Caesar cypher (cont.)Caesar cypher (cont.)
WEWILLATTACKONTHEWESTSIDEOFTHECAMPATDAWNSTOPPLEASEBEREADYTOSORTIETOOURASSISTANCEJCAESAR
• Caesar and his reader know something the enemy doesn’t
• Can be as simple as replacing letters
• Termed the “key” to a cypher
• Easier to solve with key than without
• Ratio of without/with defines “work factor”
![Page 6: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/6.jpg)
Nomenclators (1500 ACE)Nomenclators (1500 ACE)
• Systematic replacement of one letter by a single other symbol : monoalphabet cypher
• Nomenclator : monoalphabetic cypher with codebook extension for specific words
• Weakness : every appearance of a given letter is encyphered identically
![Page 7: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/7.jpg)
Polyalphabetics (16th-20th c.)Polyalphabetics (16th-20th c.)
• Use multiple alphabets to disguise frequent letters• Playfair cypher -- encrypt letters in groups, so
TA and TE may have nothing in common• Vigenere cypher -- vary Caesar “key” during
encryption• Considered “le chiffre indechiffrable” until early
20th century
![Page 8: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/8.jpg)
Vigenere exampleVigenere example
• AT becomes both NH and SX in cyphertext
• O in cyphertext corresponds to both A, W
• Simple frequency analysis no longer works
ATTACKATDAWNNOSENOSENOSENHLEPYSXQOOR
![Page 9: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/9.jpg)
Vigenere decryptionVigenere decryption
• Weakness : key letters repeat
• If the key is 4 characters long• 1st, 5th, 9th, etc. characters use same key letter• 2nd, 6th, 10th, 14th, etc. likewise• Frequency characteristic of monoalphabetic
(Caesar) cypher
• Crack four different Caesar cyphers, and you’re in!
![Page 10: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/10.jpg)
What if the key doesn’t repeat?What if the key doesn’t repeat?
• A re-used key can give the same effect• BUT
• If the key is sufficiently random• Only used once• And never repeats
• The resulting cypher is called the Vernam cypher (1917) and is provably unbreakable.
• Sometimes called One-Time Pad
![Page 11: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/11.jpg)
Who kept the secrets?Who kept the secrets?
• Development and use of cryptography to this point mostly military and diplomatic.
• “Obviously” required substantial talent to do, beyond what most people had
• Civilian cryptography -- secret notes to lovers, business codes -- still used monoalphabetic cyphers
• Methods of analysis becoming available in literature (The Gold Bug, The Dancing Men)
![Page 12: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/12.jpg)
What’s a good cypher?What’s a good cypher?
• Kirchoff’s criteria (1883)• Security should reside in the key• System doesn’t need to be kept secret• System should be easy to use in the field• Keys/apparatus should be easily changeable
• Impossible to meet all in practice• Naval ships (submarines) can carry much more
equipment than PFC Ryan
![Page 13: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/13.jpg)
EnigmaEnigma
• Machine cryptography developed in early 20th century; requires bulky apparatus, but far too complex to crack by hand
• ENIGMA -- Main code system of Nazi’s
• Three (later four) rotating wheels like odometer of car. Each wheel position yields different key.
• 159,000,000,000.000,000,000 keys
![Page 14: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/14.jpg)
The Computer RevolutionThe Computer Revolution
• Rejewski/Turing cracked Enigma, but had to invent the computer to do it.• And were also scarily, scarily good
mathematicians…
• Early computers (bombes) could search entire keyspace in about five hours.
![Page 15: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/15.jpg)
Viva la revolution!Viva la revolution!
• Enigma breakthrough classified MOST SECRET until 1975(!); some of Turing’s papers are still classified. Computer encryption is just too dangerous.
• BUT, it’s also too useful, especially for civilian/industrial uses like financial transfers
• Enter Data Encryption System (DES)
![Page 16: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/16.jpg)
DESDES
• Approved in 1975 by US govt. (NSA)
• Non-classified uses only
• 32,000,000,000,000,000 possible keys
• Created “civilian” cryptography
• Most analyzed system ever
![Page 17: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/17.jpg)
Questions about DESQuestions about DES
• Why so few keys (fewer than 30 year old Enigma, but better mathematical structure)?
• NSA approved IBM’s initial design only after making a few changes. Why?
• Is there a secret “back door”? Is the government holding a master key?
• Is there a good replacement?
![Page 18: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/18.jpg)
Replacing DESReplacing DES
• DES held out much longer than originally planned, but (as expected) had too few keys.
• Modern computers can crack DES very fast.
• … but no one really had a good replacement
• 3DES used (late 90s) to extend keyspace
• Advanced Encryption System (Rijndahl) finally designed in 2001 as replacement.
• No “secret” governmental involvement
![Page 19: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/19.jpg)
Public key encryptionPublic key encryption
• Problem with all cryptography, AES included -- a need for shared secret prior to communication
• How do I establish a shared secret with Amazon.com if I don’t work there? Can we avoid this?
• Surprising answer : Yes!• Decryption key can be different than
encryption key, allowing “public” keys!
![Page 20: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/20.jpg)
Merkle Puzzles (1975)Merkle Puzzles (1975)
• I publish a huge collection of “puzzles.” You pick one to solve, and send me the solution.
• I look up the solution, and recognize which puzzle you solved. Everyone else has to solve all of the puzzles to recognize the solution.
• Work factor is number of puzzles• Avoids having to communicate beforehand
![Page 21: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/21.jpg)
RSA EncryptionRSA Encryption
• Named for inventors : Rivest, Shamir, and Adelman (Turing award winners, 2003)
• Uses a large product of two primes -- easy to multiply, but very hard to factor
• Two keys, d and e : you encrypt with e, while only I know (and can decrypt with) d.
• Reversible! I encrypt with d, you decrypt with e and you know I encrypted it!. In other words, it can be used as a signature!
• Work factor can be arbitrarily large -- “It’s easier to break thumbs than it is to break RSA”
![Page 22: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/22.jpg)
Power to the People : PGPPower to the People : PGP
• Pretty Good Privacy
• Written c. 1990 by Phil Zimmermann. Military/diplomatic strength encryption, using private and public key cryptography.
• Believed unbreakable by anyone short of major governments, but “freely” available for personal/corporate use
• PGPfone -- similar technology for phones
![Page 23: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/23.jpg)
Political issuesPolitical issues
• Should people be permitted this kind of security technology?
• I can keep secrets from my competitors, but also from law enforcement/national security enforcers!
• ITAR -- cryptographic equipment regulated as munitions (like machine guns)
• Only govt-approved (breakable) encryption permitted.
![Page 24: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/24.jpg)
More politicsMore politics
• Clipper/Capstone chip -- “secure” phone with Law Enforcement Access Field to ensure wiretap capacity
• 40-bit (1,000,000,000,000 key) limit on commercially exported software
• Criminalization of cryptography per se (France, some other countries)
• USA/PATRIOT wiretap provisions• FBI operation CARNIVORE
![Page 25: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/25.jpg)
Discussion pointsDiscussion points
• The genie appears to be out of the bottle, in that the technology for secure encryption is widely available
• The roadblocks to widespread implementation are primarily social and political.
• Is civilian/personal cryptography a good thing or not?
![Page 26: The History of Secrets Cryptography and Privacy Patrick Juola Duquesne University Department of Mathematics and Computer Science](https://reader036.vdocuments.net/reader036/viewer/2022062308/56649e695503460f94b66b3d/html5/thumbnails/26.jpg)
ConclusionsConclusions
• Secret writing has a long (2000 yr) history
• Military/diplomatic communications driving force for most of history; personal/industrial privacy is secondary
• Modern cryptographic systems are both highly secure and widely available
• Omnipresent computers and ‘Net forcing us to re-evaluate view on security and privacy