luke crouch
October 22, 2019
250

# Cryptography: 500 BC to Quantum Computing

Have you always wanted to learn more about cryptography? This high-level survey of crypto takes the audience all the way from Scytales and Caesar ciphers in ancient Greece, to Vigenere Square, to Enigma in World War II, to TLS, and even Post-Quantum Cryptography!

October 22, 2019

## Transcript

1. Cryptography:
500 BC - Quantum Computing

I’m not a crypto engineer
I’m a web developer
who got into
Security Engineering
I’ve always been scared
and fascinated by crypto

2700 years in 40 minutes
Don’t take notes
speakerdeck.com/groovecoder

4. 2 “stories” of
cryptography

5. technology

6. code-makers
vs.
code-breakers

7. Thru-out this talk, I’m going
to track this with a timeline …

8. “Ages”
“Code-making”
“Code-breaking”

9. “Ages” of technology
Ancient: 7m
Renaissance: 5m
Industrial: 7m
Computing: 12m
Quantum: 5m

10. Ancient Code-making

11. T
ranspositional/Permutation
Ciphers
Anagrams: move letters around

12. Permutation Cipher
For example, consider this short sentence
35 letters
50,000,000,000,000,000,000,000,000,000,000
(50 trillion trillion) permutations

13. “Strength” of encryption systems:
How “easy” or “hard” are they?

14. Time Complexity

15. Permutation Cipher
EXPERIMENTATIONS FRESH CHORD LOSS
50,000,000,000,000,000,000,000,000,000,000
(50 trillion trillion) permutations
1 check/second =
1,500,000,000,000,000,000,000,000 years
(1 trillion billion years)

16. Drawbacks of
random permutation cipher
Impossible for intended recipient too
False positives: which anagram is right?
Do Not Attack at Midnight
Attack at Mind: do T
onight

17. We need a
deterministic
way to encrypt & decrypt

18. Algorithms & Keys

19. Rail fence cipher
http://crypto.interactive-maths.com/rail-fence-cipher.html

20. Rail fence cipher
key = 4
http://crypto.interactive-maths.com/rail-fence-cipher.html
they are attacking from the north

21. Rail fence cipher; k=4
http://crypto.interactive-maths.com/rail-fence-cipher.html
they are attacking from the north

22. Rail fence cipher; k=4
http://crypto.interactive-maths.com/rail-fence-cipher.html
they are attacking from the north
TEKOOHRACIRMNREATANFTETYTGHH

23. Rail fence cipher; k=4
http://crypto.interactive-maths.com/rail-fence-cipher.html
they are attacking from the north
TEKOOHRACIRMNREATANFTETYTGHH
they are attacking from the north

24. Machines for
cryptography

25. Scytale, ~700 BCE - 120 AD
Algorithm
Wrap message around a
cylinder
Key
Diameter of cylinder

26. Ancient
Scytale
~700 BC

27. Cryptanalysis
Breaking encrypted messages

28. Breaking rail fence cipher
http://crypto.interactive-maths.com/rail-fence-cipher.html
“Naive Brute Force”
key search:
T
ry a bunch of numbers of
rows by hand

29. Breaking rail fence cipher
DELEHELFTAAEDSWNT
2 rows: daealeedhsewlnftt
3 rows: deslefwtlanaeetdh
4 rows: detwaheeanellfdts
5 rows: defend the east wall

30. So, the ﬁrst cryptanalysis is
simply “naive brute force”
key searching

31. “Key space”
How many possible keys are there?

32. Breaking a Scytale
“Naive Brute Force”
key search:
T
ry a bunch of cylinders

33. Ancient
Scytale
~700 BC
Brute Force
Key Search

34. Substitutional Cipher
Change letters into other letters

35. Caesar Cipher, 49 - 44 BC
Algorithm
Replace each letter with
another letter
Key
K positions down the
alphabet

36. Caesar (Shift) Cipher
Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: DEFGHIJKLMNOPQRSTUVWXZYABC

37. Ancient
Steganography,
Scytale
~700 BC
Brute Force
Key Search
Caesar Cipher
~50 BC

38. Breaking a Caesar Cipher
“Naive Brute Force”
key search:
26 possible shifts

39. Can we give ourselves a really
large key space?

So it would take an attacker a
long time to search them all?

40. Non-shifted Random
Substitution
Algorithm
Replace each letter with another letter
Key
Any Cipher Alphabet
(An anagram of the alphabet! such meta!)

41. Non-shifted Substitutional Cipher
26 letters to re-arrange
Key space: 403,291,461,000,000,000,000,000,000
(403 trillion trillion or ~288)
possible re-arrangements (English)
120,000,000,000,000,000,000
(120 billion billion)
years at 1 check/s

42. Most crypto-systems
don’t try to offer
“perfect” encryption …

43. … most crypto systems try to
force attackers into
key searches that take too
long to complete

44. Non-shifted Substitutional Cipher
26 letters to re-arrange
Key space: 403,291,461,000,000,000,000,000,000
(403 trillion trillion or ~288)
possible re-arrangements (English)
120,000,000,000,000,000,000
(120 billion billion)
years at 1 check/s

45. Key:
XZAVOIDBYGERSPCFHJKLMNQTUW

46. Can we create a
“pseudo-random”
key that is easy to memorize?

47. Easy to memorize key
JULIUS CAESAR
JULISCAER

48. Easy to memorize key
Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
JULIUS CAESAR
JULISCAER

49. Easy to memorize key
Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
JULIUS CAESAR
JULISCAER
Note: smaller key space

50. “key derivation function”
Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
JULIUS CAESAR

51. Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
Defend the East wall
ISCSYI HES SJGH NJWW

52. Ancient
Steganography,
Scytale
~700 BC
Brute Force
Key Search
Caesar Cipher
~50 BC
Non-shifted
Substitution
Cipher

53. So, we’ve got a simple crypto-
for hundreds of thousands of
computers to break!

54. npm install
keyed-substitution-cipher
git commit -m
“lulz crypto”

55. Non-shifted Substitution Cipher
considered un-breakable
for ~800 years, until …

56. ةامعملا بتكلا جارختسا يف ةلاسر
(On Decrypting Encrypted Correspondence)
يدنكلا حاّبصلا قاحسإ نب بوقعي فسوي وبأ
(Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī)
Al-Kindi

57. Frequency Analysis
Attack

58. “PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV
ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO
LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV
OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV
EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD:
“DJOXL EYPD, ICJ X LBCMKXPV XPV CPO
PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM
LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK
CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC
AJXNO X IXNCMJ CI UCMJ SXGOKLU?”
–OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK

59. Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: ??????????????????????????

60. Likeliest plaintext letters
O = e
X = t
P = a

61. English frequency rules
Vowels appear before and after most other letters
Consonants avoid many letters
E.g., ‘e’ appears before/after virtually every other letter; while ’t’
is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’
“ee” occurs more than “oo” occurs more than other double-vowels
“a” occurs on its own often - more than “I” on its own
‘h’ frequently goes before ‘e’
but rarely after ‘e’

62. Cipher
O = e
X = a
Y = i
B = h
P = t ?

63. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
a IaNCMJ CI UCMJ SaGeKLU?”
–eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK

64. “PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe
EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV
aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI
Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV
ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV
aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM
Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI
aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe
a IaNCMJ CI UCMJ SaGeKLU?”
–eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK
“Lhe” 6 times

65. “Lhe”
Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: X???O??BY??????????L??????
“the”

66. “PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD
KhahJiUaJ thJee KCPK. CP the thCMKaPV aPV IiJKt
PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI,
Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS,
KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe
PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the
IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt
EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ
CI UCMJ SaGeKtU?”
–eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK
“aPV” 5 times

67. “aPV”
Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: X??VO??BY????P?????L??????
“and”

shahriyar three sons. on the thousand and ﬁrst night,
when she had ended the tale of ma’aruf, she rose and
kissed the ground before him, saying: “great king, for
a thousand and one nights i have been recounting to
you the fables of past ages and the legends of
ancient kings. may i make so bold as to crave a favour
–epilogue, tales from the thousand and one nights
Plain alphabet: abcdefghijklmnopqrstuvwxyz
Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U?

69. Frequency Analysis:
An analytical attack faster
than naive brute force
key search

70. Ancient
Steganography,
Scytale
~700 BC
Brute Force
Key Search
Caesar Cipher
~50 BC
Non-shifted
Substitution
Cipher
Frequency
Analysis

71. Frequency Analysis
considered indefensible
for ~800 years

72. Code-makers needed a
crypto-system that wasn’t
vulnerable to
Frequency Analysis

73. Leon Battista Alberti
1404-1472
“poly-alphabetic”
cipher

74. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
Poly-alphabetic
Substitution Cipher

75. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
“R?????”
Poly-alphabetic
Substitution Cipher

76. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
“RA????”
Poly-alphabetic
Substitution Cipher

77. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
“RAB???”
Poly-alphabetic
Substitution Cipher

78. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
“RABH??”
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
Poly-alphabetic
Substitution Cipher

79. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
“RABHK?”
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
Poly-alphabetic
Substitution Cipher

80. D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
“secret”
“RABHKK”
Poly-alphabetic
Substitution Cipher

81. False frequencies
‘e’ is enciphered as both ‘A’ and ‘K’
‘K’ is deciphered as both ‘e’ and ‘t’
“secret”
“RABHKK”

82. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution

83. Poly-alphabetic beats
frequency analysis, but …

84. Poly-alphabetic ciphers
are complex
D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z
D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E

85. Keyword
SECRET
D M B X K I V A S Z N P L Y F C J O R T E Q H WG U
Z J D P A I Q H T WL F B G O X N H U K R C Y V S E
a b c d e f g h i j k l m n o p q r s t u v w x y z

86. Le Chiffre Indéchiffrable
created by Blaise de Vigenère
1523 - 1596
Created new
poly-alphabetic cipher

87. Vigenère Square

88. a b c d e f g h i j k l m n o p q r s t u v w x y z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

89. Repeat keyword for all of text
Plaintext: AttackFromTheSouthAtDawn
Ciphertext: ????????????????????????
Keyword: SECRETSECRETSECRETSECRET

90. a b c d e f g h i j k l m n o p q r s t u v w x y z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext: S???????????????????????
Plaintext: AttackFromTheSouthAtDawn
Keyword: SECRETSECRETSECRETSECRET
S

91. a b c d e f g h i j k l m n o p q r s t u v w x y z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext: SX??????????????????????
Plaintext: AttackFromTheSouthAtDawn
Keyword: SECRETSECRETSECRETSECRET
X

92. a b c d e f g h i j k l m n o p q r s t u v w x y z
B C D E F G H I J K L M N O P Q R S T U V W X Y Z A
C D E F G H I J K L M N O P Q R S T U V W X Y Z A B
D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
E F G H I J K L M N O P Q R S T U V W X Y Z A B C D
F G H I J K L M N O P Q R S T U V W X Y Z A B C D E
G H I J K L M N O P Q R S T U V W X Y Z A B C D E F
H I J K L M N O P Q R S T U V W X Y Z A B C D E F G
I J K L M N O P Q R S T U V W X Y Z A B C D E F G H
J K L M N O P Q R S T U V W X Y Z A B C D E F G H I
K L M N O P Q R S T U V W X Y Z A B C D E F G H I J
L M N O P Q R S T U V W X Y Z A B C D E F G H I J K
M N O P Q R S T U V W X Y Z A B C D E F G H I J K L
N O P Q R S T U V W X Y Z A B C D E F G H I J K L M
O P Q R S T U V W X Y Z A B C D E F G H I J K L M N
P Q R S T U V W X Y Z A B C D E F G H I J K L M N O
Q R S T U V W X Y Z A B C D E F G H I J K L M N O P
R S T U V W X Y Z A B C D E F G H I J K L M N O P Q
S T U V W X Y Z A B C D E F G H I J K L M N O P Q R
T U V W X Y Z A B C D E F G H I J K L M N O P Q R S
U V W X Y Z A B C D E F G H I J K L M N O P Q R S T
V W X Y Z A B C D E F G H I J K L M N O P Q R S T U
W X Y Z A B C D E F G H I J K L M N O P Q R S T U V
X Y Z A B C D E F G H I J K L M N O P Q R S T U V W
Y Z A B C D E F G H I J K L M N O P Q R S T U V W X
Z A B C D E F G H I J K L M N O P Q R S T U V W X Y
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ciphertext: SXV?????????????????????
Plaintext: AttackFromTheSouthAtDawn
Keyword: SECRETSECRETSECRETSECRET
V

93. Plaintext: AttackFromTheSouthAtDawn
Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
Keyword: SECRETSECRETSECRETSECRET

94. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable

95. Industrial
Revolution
~1760 - 1840

96. “Black Chambers”
• 1700s
• “Assembly-line” Cryptanalysis
• Each European power had one
• Breaking all mono-alphabetic
ciphers
Vigenère Square for
poly-alphabetic ciphers

97. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable
Assembly-line
Frequency Analysis
~1700’s
Industrial

98. Charles Babbage
• 1791 - 1871
• 1854: Broke Vigenère
Cipher
• Without machinery

99. REPEATING KEYWORD
Plaintext: AttackFromTheSouthAtDawn
Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG
Keyword: SECRETSECRETSECRETSECRET

100. False SYMBOL
frequencies
• ‘e’ is enciphered as both ‘A’ and ‘K’
• ‘K’ is deciphered as both ‘e’ and ‘t’
“secret”
“RABHKK”

101. Word frequencies

102. Plaintext: thesunandthemaninthemoon
Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
Keyword: KINGKINGKINGKINGKINGKING

103. Plaintext: thesunandthemaninthemoon
Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT
Keyword: KINGKINGKINGKINGKINGKING

104. Breaking Vigenère
• Look for repeated sequences
of letters
• Measure spacing between
repetitions
• Identify most likely length
of key: L

105. Cipher text
WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
UZKIZBZLIUAMMVZ

106. REPETITIONS
EFIQ, PSDLP, WCXYM, ETRL
WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM
WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM
WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI
QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL
UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE
WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD
PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
UZKIZBZLIUAMMVZ

107. spacing between repetitions
Repetition Spacing
Possible Length of Key
2 3 4 5 6 7 8 9 10 11 121314 15 1617181920
EFIQ 95 ✓ ✓
PSDLP 5 ✓
WCXYM 20 ✓ ✓ ✓ ✓ ✓
ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓

108. 5 separate cipher texts
WIREWQFPROLVVEESSV
XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH
OTPYWLCNPVGVAMZUZ
WIREWQFPROLVVEESSV
XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH
OTPYWLCNPVGVAMZUZ
WIREWQFPROLVVEESSV
XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH
OTPYWLCNPVGVAMZUZ
WIREWQFPROLVVEESSV
XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH
OTPYWLCNPVGVAMZUZ
WIREWQFPROLVVEESSV
XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH
OTPYWLCNPVGVAMZUZ
Break each with frequency analysis

109. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable
Assembly-line
Frequency Analysis
~1700’s
Industrial
Babbage
Frequency
Analysis
~1800’s

110. Electric Telegraphs
• Buried underground or
• 1844
60km wire between
Baltimore & Washington
DC

111. How can you
represent letters
and words as
electrical signals?

112. Morse Code:
“Encoding” not “Encryption”

113. I.e., this is still
“plaintext”

• 3,000 km from Cornwall to
to Newfoundland
• Transatlantic
communication
• Instant military commands
• All messages reach enemy too
• Increases need for
encryption

115. Enigma: Electrical Encryption
• Arthur Scherbius, 1918
• Mass Production in 1925
CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329

116. Input
Keyboard
Rotors
Output
Lampboard

117. By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651

118. By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot; original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494

119. 3 rotors of 26 wirings
26 x 26 x 26
=
17,576 Cipher Alphabets

120. 17,576 orientations
x
6 arrangements
=
105,456 Cipher Alphabets

121. 105,456 possible keys
• A new key was used every day
• Assume 1 orientation check per minute
• (Just type ciphertext and look at plaintext)
• 96 enigma machines = .75 days to crack

122. Plugboard
By Bob Lord - German Enigma Machine, uploaded in english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976
Swap up to 6 of 26 letters

123. 100,391,791,500
Plugboard Settings

124. 10,586,916,711,696
(10 trillion)
Total Possible Keys

125. 10,586,916,711,696
possible keys
• At 1 check per minute:
• 38,291,799 enigma machines = 1 day to crack

126. Message Keys
• Using day key, send a message rotor orientation ﬁrst.
E.g., A, S, D
• Send it at the beginning, twice for integrity.
E.g., ‘asdasd’ = QWERTY
• Receiver types QWERTY, sees ‘asdasd’
• Re-orients their rotors to A, S, D for the rest of the
message
• Minimizes amount of ciphertext created by day key

127. Is cracking Enigma
possible?
• At 1 check per minute:
• 38,291,799 enigma machines = 1 day to crack

A SINGLE MESSAGE!

128. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable
Assembly-line
Frequency Analysis
Industrial
Babbage
Frequency
Analysis
One-Time
Enigma
~1925

129. Cracking Enigma

130. Polish Biuro Szyfrów
• Established after WWI to
protect Poland from Russian
& Germany
Enigma instruction manual
from French espionage
• Deduced rotor wirings
• Usage of codebook
A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań,
Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113

131. Marian
Rejewski
By Unknown - Rejewski's daughter's private archive,
CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

132. Found “chain” cycles
in the first 6 letters
4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ

133. Found “chain” loops
in the first 6 letters
4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK
1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ

134. Marian Rejewski
• Realized the # links in the
chain were only caused by
the rotors
• Could try to break the
105,456 possible rotor
settings, not all
10,000,000,000,000,000
possible day keys
• 100,000,000,000 times easier
By Unknown - Rejewski's daughter's private archive,
CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461

135. Cyclometer
• Team checked each of
105,456 possible settings
on replica Enigma machines
and recorded which chains
were generated by each
rotor setting
• Took 1 year to complete
• Could look up rotor settings by
chains found in ﬁrst 6
letters of ciphertext
http://www.cryptomuseum.com/crypto/cyclometer/index.htm

136. Cyclometer created
the first
“Rainbow Table”
for looking up
cryptographic keys

137. How to find the plugboard
settings out of 100,391,791,500?
• Plugboard: Un-plug all
• Rotor Arrangement: III, I, II
• Initial Rotor Orientations: Q, C, W
• Type in ciphertext, see:
• “rettew”
• Swap R/W = Wetter (weather)

138. Polish
Cryptographic Bombs
• 6 machines for the 6 possible
rotor arrangements
• Each with 6 full Enigma rotor
sets at top for the 6 characters
of the repeated message key
• Given a number of “females”
to ﬁnd, Bomba could recover
settings in less than 2 hours

139. British Bombes
• 36 rotors arrange in 3 banks
of 12
• 210 bombes by the end of
the war
• Operated by 2,000
members of Women’s
Royal Navy Service

140. Colossus
• Inspired by Turings ideas
and his bombe
• 1,500 electronic valves -
faster than
electromechanical relay
switches
• Programmable - ﬁrst
computers?

141. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable
Assembly-line
Frequency Analysis
Industrial
Babbage
Frequency
Analysis
Enigma
~1925
Colossus
Mark 1
1943
Computer

142. Computer Cryptography

143. In the early days of
computing, electrical
signals were much
harder to measure
and control precisely
to only distinguish
between an “on” state
and an “off” state

144. Like the telegraph required
morse to encode messages into
electrical signals …
In computers, we need a way to
encode messages in 1’ and 0’s

145. ASCII
1963
Encoding,
not encryption
(like Morse code)
E.g.,
A: 1000001
B: 1000010

146. In Binary, we encrypt at the
level of 1’s and 0’s

147. This is called “bitwise”

148. Bitwise anagram
For example, consider this short sentence.
01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
“Bitwise” rail fence cipher with 2 rails
00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010
11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110
101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011

149. Bitwise substitution: XOR
The XOR operator outputs a 1
whenever the inputs do not
match, which occurs when
one of the two inputs is
exclusively true
0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0

150. Bitwise substitution: XOR
For example, consider this short sentence.
01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
Key: “Julius Caesar”
01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010
Output
10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001
00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

151. Bitwise substitution: XOR
For example, consider this short sentence.
010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
Key: “random” 1|0’s length of plaintext
000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
Output
100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

152. Bitwise substitution: XOR
For example, consider this short sentence.
010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110
1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101
Key: “random” 1|0’s length of plaintext
000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101
110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000
0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001
Output
100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011
011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100
010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111

153. Horst Feistel
1971: Published
“Lucifer” cipher for
computer encryption
First(?) Block Cipher

154. XOR
S-box
Permutation

155. SP Network

156. Lucifer Cipher: “block” cipher
Break message into 128-bit blocks
128-bit key
16 rounds:
Break block in half
the f-function is calculated using
that round's subkey and the left half
of the block.
The result is then XORed to the
right half of the block, which is the
only part of the block altered for that
round.
After every round except the last
one, the right and left halves of the
block are swapped.

157. 256 bit message (in ASCII)
01010100011010000110010100100000010101010101001101000001001000000100111001010011
01000001001000000111001101110100011011110111001001100101011100110010000001111001
01101111011101010111001000100000011101000111011101100101011001010111010001110011
0010000100100001

158. Break into 128-bit blocks
01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010
01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001
The USA NSA stor

159. Generate 128-bit key
01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001

160. Break block in half
01010100011010000110010100100000010101010101001101000001
The USA NSA stor
0100111001010011010000010010000001110011011101000110111101110010

161. Generate 72-bit sub-key
01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001
a a
01100001 01100001
wesomep
01110111011001010111001101101111011011010110010101110000

162. Rotate key left 7 bytes
01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101
7 bytes

163. Data Encryption Standard
(DES)
1977
Lucifer with 56-bit keys
So the NSA could
brute force keys if
they “needed” to

164. Ancient
Steganography,
Scytale
Brute Force
Key Search
Caesar Shift
Non-shifted
Substitution
Frequency
Analysis
Homophonic
Substitution
Renaissance
Poly-alphabetic
Substitution
Le Chiffre
Indéchiffrable
Assembly-line
Frequency Analysis
Industrial
Babbage
Frequency
Analysis
One-Time
Enigma
Cryptanalytic “Bombs”:
Polish,
British,
US
Lucifer,
DES
1971-1977
Computer

165. How hard is it to ﬁnd a
binary 56-bit key?

166. 1001101010011010100110101001
1010100110101001101010011010
Unique Possible Permutations
256
72,057,594,037,927,936
In 1976, estimated to cost \$20M to build a computer to crack
such a key
Affordable to the NSA

167. DES
1971-1977
Computer-
powered
Brute Force
Key Search

168. By Max Roser - https://ourworldindata.org/uploads/2019/05/Transistor-Count-over-time-to-2018.png, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=79751151

169. 1100110101001101010011010100
1101010011010100110101001101
0
Unique Possible Permutations
256
72,057,594,037,927,936
257
144,115,188,075,855,870

170. DES
1971-1977
Computer-powered
Brute Force Key Search
Moore’s Law

171. 3DES EDE:
DES: Encrypt, Decrypt, Encrypt
https://www.researchgate.net/ﬁgure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_ﬁg4_322277374

are longer than the key?

173. Block cipher
mode of operation

174. Electronic Codebook (ECB)
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

175. https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

177. Cipher Block Chaining (CBC)
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

179. DES
Computer-powered
Brute Force Key Search
Moore’s Law
3DES + CBC

180. The forever problem of cryptography:
Key distribution

181. Banks literally ﬂew people
around with code-books of keys

182. We need a way to
communicate secret keys
over non-secret channels.

183. Whitﬁeld Difﬁe
Stanford AI Lab
1974

184. Martin
Hellman
IBM Watson Research
Center 1968-1969

185. New Directions in Cryptography
Published 1976

186. Alice, Bob, and Eve
Alice and Bob need to communicate securely
They need to share a secret
They only have public channels between them
“Eve is always eavesdropping”
How can they share a secret without sharing it with
Eve?

187. Difﬁe-Hellman
Key Establishment

+
____ ____
+

192. The key can be anything that
can encode to 1’s and 0’s
So, anything … like a number.

193. And in MATH! , we have
some 1-way functions!

194. Modular Arithmetic
aka “Clock” arithmetic

195. To ﬁnd 46 mod 12 …

196. Wrap a cord 46 “hours” long
around a 12-hour clock …
… and it ends on 10

197. Easy to perform …
46 mod 12 is “congruent” to 10
generator Modulus

198. ? mod 12 ≡ 10
… hard to reverse

199. ? mod 12 ≡ 10
22 mod 12 ≡ 10
34 mod 12 ≡ 10
46 mod 12 ≡ 10
58 mod 12 ≡ 10
70 mod 12 ≡ 10
.. mod 12 ≡ 10
… impossible to reverse!

200. … impossible for recipient too!

201. Alice picks an exponent
Prime Modulus

“n”
generator

“g”

202. Alice keeps her exponent secret
Prime Modulus

“n”
generator

“g”

203. “Discrete Logarithm” problem

204. “Discrete Logarithm” problem
Have to resort to “brute force”
guessing the exponent

205. For small numbers, it’s easy, but
not for a large prime modulus.

206. How can we turn that single
exponent secret into 2 secrets?

207. “Commutative” Arithmetic:
Order of operands doesn’t matter
3 + 5 5 + 3
=
= 8
3 * 5 =
= 15 5 * 3

208. “Commutative” Arithmetic:
Order of operands doesn’t matter
323 332
=
= 729
3 + 5 5 + 3
=
= 8
3 * 5 =
= 15 5 * 3

209. Alice and Bob publicly agree on
a generator and prime modulus

210. Alice picks a private number,
and sends the result to Bob

211. Bob picks a private number,
and sends the result to Alice

212. Now the cool part …

213. Alice raises Bob’s result to
her private exponent
and gets 10

214. Bob raises Alice’s mixture to
his private exponent
and also gets 10!

215. Because their results were calculated
from the shared public generator and
prime modulus

216. So, they did the same calculation
with exponents in different order,
which doesn’t affect the result

217. Public Key Cryptography!

218. Difﬁe-Hellman
Key Establishment
3DES
+

219. DES
Computer-powered
Brute Force Key Search
Moore’s Law
1970+
3DES + CBC
DH + 3DES + CBC
1976

220. Use Difﬁe-Hellman Exchange to make a key …
… for Triple-DES …
… with Cipher Block Chaining mode.
… Encrypt-Decrypt-Encrypt …

221. What’s RSA?

222. Difﬁe-Hellman makes a new
key between every 2 people!

224. Clifford Cox
1971
Trap Door
One-way Function
By Royal Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163

226. The “e” means
encrypt!
“d” is for decrypt!

229. Bob's number

231. DES
Computer-powered
Brute Force Key Search
Moore’s Law
1970+
3DES + CBC
DH/RSA + 3DES + CBC
1976

232. Public Key Certiﬁcates
Alice's
Alice's
Alice's

233. Look!
The public exponent and modulus!

234. Another RSA public exponent and
modulus

235. Quantum
Computing
For fun, proﬁt, and
breaking the whole
world

236. Public Key Certiﬁcates
Alice's
Alice's
Alice's
Quantum-
cracked

237. DES
Computer-powered
Brute Force Key Search
Moore’s Law
3DES + CBC
DH/RSA + 3DES + CBC
Quantum
Computing

238. 2048-bit RSA key needs
4096-qubit computer to crack

239. DES
Computer-powered
Brute Force Key Search
Moore’s Law
3DES + CBC
DH/RSA + 3DES + CBC
Quantum
Computing
Post-Quantum
Cryptography

240. Don’t invent your own crypto

242. https://techcrunch.com/2019/10/21/nordvpn-conﬁrms-it-was-hacked/

243. Questions?
Scytale
Caesar Cipher
Unshifted cipher
Frequency Analysis
Poly-alphabetic cipher
Vigenere Square
Enigma
Lucifer/DES
Modes of Encryption
Difﬁe-Hellman
RSA
Quantum
speakerdeck.com/groovecoder