Tulsa WebDevs 10th semi-annual sometimes-we-do-this lightning talk thing. These are always cool because you get about 5-10 di ff erent topics and talks in a single night. It’s free and dinner is provided.
200 OK web developer conference at Atlas School Tulsa. This is a cool 1-day conference with speakers from around the country (sometimes around the world) and really cool talks and after-party stu ff too.
how many people are: cryptography professionals (any PhDs?)? security professionals? tech professionals? into cryptocurrency and mistakenly thought this talk would be about that?
do with cryptocurrency in this talk, and when I say “crypto” today, I mean cryptography - not cryptocurrency. But I have another talk that covers bitcoin, cryptocurrency, and cryptojacking on my speaker deck that I’ll share in a second.
developer who got into Security Engineering I’ve always been scared and fascinated by crypto Okay, I’m Luke and I’m not a cryptography engineer. I’m a web developer who got into security. I remember feeling like I couldn’t be a “real” security pro because I was scared of cryptography and math. I barely understood what https was, and only vaguely knew that private keys should be kept secret. So if that sounds like you, then this talk might be great for you. I found that learning historical cryptography helped me understand what’s going on in https too. So, what I’d like to do today …
Mechanical, Computer Don’t take notes Slides (including full script) are already up at: speakerdeck.com/groovecoder is cover 2700 years of cryptography from ancient to computer cryptography including https that we all use every day. Don’t try to take notes - I’m going too fast. These slides with links are already up on speakerdeck. My goal here is that this quick blast helps you see that today's cryptography didn’t spring out of nowhere, and to feel more con fi dent that you can learn it if you want or need to.
of it in this talk, Kelsey Houston-Edwards has some great videos on her Chalk Talk YouTube channel about the mathematics of things like post-quantum cryptography.
to write to Aristagoras to revolt against Persians In 499 BC, Histiaeus of Miletus was ruling Susa. But he wanted to go back to Miletus, so he shaved a servant’s head and wrote a message to Aristagoras back in Miletus telling him to start a revolution. When the servant’s hair had grown back, Histiaeus sent him to Aristagoras. Aristagoras shaved his head, received the message, started a revolt, and Histiaeus was sent back to Miletus by King Darius to deal with the rebellion.
Xerxes’ pending attack Another cool steganography technique from the same time: there are records of using wooden & wax tablets - the real message was carved into wood, then covered with wax, which had a fake message carved on top. The recipient would melt the wax to reveal the real message.
by couriers And speaking of wax, in ancient China, senders would write messages on silk paper, crumple them up and cover them with wax. A courier would eat them, travel to a destination, and then <ahem> … recover them.
of tithymalus plant Heat-activated And the fi rst records of “invisible ink” come from the fi rst century AD. Though they seem simple, steganography tricks can still be relatively e ff ective. In fact, if you ask me at the end, I can describe a steganography trick we came up with for Firefox just a couple years ago.
DALL-E spells it: cryptoography) Cryptography is not just hiding messages - it’s transforming a message into a completely di ff erent message. This is done with …
fi rst ciphers used in writing were permutation ciphers, like anagrams. (The code book calls these transpositional, but I’m going to use “permutation”, because that’s what modern ciphers call it.) And although simple to understand, they can be quite strong …
57,675,839,111,362,423,741,870,080,000,000 (57 million trillion trillion) permutations For example, consider this short sentence, which has 35 letters that can be mutated into 57 million trillion trillion possible permutations!
take to “break” the cipher text and recover plain text. This is why you hear cryptographers say things like it would take longer than the heat death of the universe to break some cipher-text.
trillion trillion) permutations 1 check/second = 1,500,000,000,000,000,000,000,000 years (1 trillion billion years) For example, if we had this cipher text “Experimentations fresh chord loss”, and we could re-arrange it once per second to guess the plain text, it would still take 1 trillion billion years to check all the possibilities. So even this little anagram is quite strong.
recipient too Which anagram is correct? Do Not Attack at Midnight Attack at Mind: do T onight But we can’t just send someone a random anagram, because it’s impossible for the intended recipient to know which anagram is the correct plain text. For example, the exact same letters could be deciphered as either “Do not attack at midnight” or “Attack at mind: do tonight”
system, except the key, is public knowledge” –Kerchkoff’s Principle (19th century AD) Kerchko ff ’s principle which states “a crypto-system should be secure, even if everything about the system, except the key, is public knowledge”. So, a fi rst crypto- system for anagrams …
a cylinder Key Diameter of cylinder was a device called a scytale. To use it, you wrap a piece of paper around a cylinder, and then write a message across the bands. When the paper is un-wound, it looks like one long thin of nonsense letters. The key is simply the diameter of the cylinder. The scytale was a machine that implemented what’s called …
attacking from the north … you write a plain text message like "they are attacking from the north” diagonally across some number of rows, in this case 4 …
I R M N R E A T A N F T E T Y T G H H Algorithm: Rail fence cipher key: 4 rows the recipient knows the key is 4 rows, so they would draw a grid of 4 rows and as many columns as the letters,
T ry a bunch of numbers of rows by hand With a rail fence cipher, we can simply try a bunch of numbers of rows by hand. This is a “brute force” key search. Note: we’re not guessing the trillions of possible plain texts here, we’re just guessing the key.
deslefwtlanaeetdh 4 rows: detwaheeanellfdts 5 rows: defend the east wall For example, to break this cipher text on top encrypted with rail fence, we would write it over grids with 2, 3, 4, and then 5 rows to eventually fi nd that the right key is 5 and the plain text is “defend the east wall”.
key searching So, the fi rst code-breaking is “brute force” key searching. And since we measure strength by the time it takes an attacker to recover the plain text, that means the strength of a crypto-system facing a “brute force” key search depends on the total …
ry a bunch of cylinders To break a message encrypted with a scytale, I mean - how many keys could there really be? Just wrap the message around a bunch of di ff erent cylinders.
700 years to an encryption system you’ve heard of. It uses a substitution cipher, which doesn’t just move letters around, but changes letters into other letters.
Key positions shifted Nearly everyone has heard of the Caeser Cipher, where the algorithm is to shift the alphabet, and the key is the number of positions you shifted it.
23 possible shifts … is that brute force can also break a caesar cipher. Because you can only shift the 1st century Latin alphabet 23 times, there's only 23 possible keys.
simple ciphers, I want to point out they can still be useful. When Russia was gearing up to invade Ukraine, I came across this technique to use “rot13” - that is, a caeser cipher with a shift of 13 - with socat as a technique to circumvent deep packet inspection tools that Russia uses to censor its internet. Sometimes the oldest tricks are the best ones. How many DPI operators will think to check for 2000-year-old ciphers?
do it with more than 23 keys. So it would take an attacker a long time to search them all? So substituting letters is cool, but we need a way to do it with more than 23 keys. So it would take an attacker a long time to search them all.
(57 million trillion trillion) permutations Now remember from the anagrams that we were able to create 57 million trillion trillion random anagrams out of 35 letters.
… 120,000,000,000,000,000,000 or any of 403 trillion trillion possible alphabets. So even if someone could check a di ff erent key every second, it would take them 120 billion billion years to check them all! Which is super cool, and brings up 2 important points to understand about all crypto-systems …
to post-quantum lattice-based algorithms, so much of the secrecy and security of cryptography comes from incorporating randomness - especially into keys.
… 120,000,000,000,000,000,000 To attack this, the attacker has to perform a key search that would take several decades, even with hundreds of thousands of high-end modern computers in the cloud. But there’s a catch … (there’s always a catch, right?)
hard to memorize, so someone’s going to write it down on a post-it note stuck to a monitor somewhere. This is the never- ending challenge of every crypto-system thru all ages …
to memorize? To keep it more secret and safe, can we make a random-ish key that is easier to memorize? We'll do this by using a key phrase, and using that to make an alphabet.
Cipher ~50 BC Password-based Substitution Cipher So we have an easy-to-use cipher up against brute force that would take billions of billions of years to perform by hand …
حاّبصلا قاحسإ نب بوقعي فسوي وبأ (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī) Al-Kindi 801-873 AD In the 9th century, Abu Yusuf Al-Kindi wrote a treatise on code-breaking. In it, he explained a …
Vowels appear before and after most other letters Consonants avoid many letters E.g., ‘e’ appears before/after virtually every other letter; while ’t’ is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’ “ee” occurs more than “oo” occurs more than other double-vowels “a” occurs on its own often - more than “I” on its own ‘h’ frequently goes before ‘e’ but rarely after ‘e’ If you bring in more language frequency rules …
KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK Then, apply your guesses to the cipher text …
KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK “Lhe” 6 times and you’ll see some common patterns emerge. For example here, what’s a common 3-letter word in English that ends with “he”?
KCPK. CP the thCMKaPV aPV IiJKt PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI, Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS, KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ CI UCMJ SaGeKtU?” –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK “aPV” 5 times How about another common 3-letter word that begins with “a”?
sons. on the thousand and fi rst night, when she had ended the tale of ma’aruf, she rose and kissed the ground before him, saying: “great king, for a thousand and one nights i have been recounting to you the fables of past ages and the legends of ancient kings. may i make so bold as to crave a favour of your ma[qxzj]esty?” –epilogue, tales from the thousand and one nights Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U? you can reconstruct the whole key and recover all the plaintext.
Cipher ~50 BC Password-based Substitution Cipher Frequency Analysis ~800 AD And now the code-breakers have the upper-hand. This new attack fi nds the key in hours instead of billions of years.
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z Poly-alphabetic Substitution Cipher Which uses 2 or more alphabets. For example, here we see the plain alphabet followed by 2 randomized cipher alphabets.
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret R_____ Poly-alphabetic Substitution Cipher In this system, to encrypt the word “secret”, you encrypt the fi rst letter with the fi rst alphabet, so “s” becomes “R”.
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RA____ Poly-alphabetic Substitution Cipher For the next letter, you use the next alphabet, so “e” becomes “A”.
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RAB___ Poly-alphabetic Substitution Cipher Then wrap back up to the fi rst, so “c” becomes “B”.
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABH__ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher next, “r” becomes “H”
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABHK_ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher “e” becomes “K”
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RABHKK Poly-alphabetic Substitution Cipher and “t” becomes “K”
‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK Using 2 cipher alphabets means that the plain letter “e” becomes both an “A” and a “K”, and that a cipher “K” could be either an “e” or a “t”. So the frequency of the cipher letters is di ff erent than the plain alphabet.
Substitution Frequency Analysis ~800 AD Homophonic Substitution Poly-alphabetic Substitution ~ 1 45 0 AD 🚫 which means attackers are back to using brute force.
V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z M N I P X F S WD T B C E V K U O G A Y J L H Q Z R M WX R G D A C B E I Q T H U V J P F Y K O S Z L N S J C X V E K M WB G T P D A Y N R Q U O F H L I Z X T Q N I L S O Z J V H P F U WC Y D G E M K A B R it has the same problem that random substitution had: look at this complicated 6-alphabet key! Who wants to memorize THAT?
A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z So, the code-makers need another key derivation function - a way to use an easy-to-memorize key word AND use lots of cipher alphabets.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Which is this lovely device.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z At the top is the plain alphabet.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, the alphabet is shifted to the left by one space.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, shifted to the left again …
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z and so on until the last row is the plain alphabet again.
Keyword: SECRETSECRETSECRETSECRET To use the Vigenère square, you fi rst repeat a keyword - in this case SECRET - across the plaintext - in this case “Attack From The South At Dawn”
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET You change the fi rst plain text letter with the alphabet on the row that starts with the fi rst letter of the keyword. So, in this case, to encrypt the “a” in Attack, you go down to the row that starts with the “S” from SECRET …
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET and then go to the plaintext letter “a” column …
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn S Keyword: SECRETSECRETSECRETSECRET and you get an “S”.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SX?????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET X Then to encrypt the plain “t” go down to the row that starts with the “E” from SECRET, go to the “t” column and this plain “t” becomes an “X”.
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SXV????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET V Stay on the “t” column for the next plain “t”, but move up to the row that starts with the “C” in SECRET, and this second plain “t” becomes “V”. (Again: the same plain letter became 2 di ff erent cipher letters)
that for the whole plaintext, you have cipher-text that’s been encrypted with an easy-to-memorize key, and no frequency analysis! By the way, if you can spot a huge hole in this cipher system and tell me what it is, you get a prize!
Substitution Frequency Analysis ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD 🚫 So now the code-makers have another password-based crypto system that’s easy to use, and it forces attackers into brute force that would take billions of years! For about 200 years, the Vigenère Square was the apex of crypto systems. But the code-breakers weren’t giving up. The code-breakers are going to turn to …
power had one • Breaking all mono-alphabetic ciphers • Encouraged adoption of Vigenère Square for poly-alphabetic ciphers As early as the 1700’s, every European power had a “black chamber”. This was typically a state-controlled post o ffi ce, with an assembly-line of code-breakers who would “man-in-the-middle” letters during delivery. They opened all the envelopes, copied any encrypted messages, sent the letters on their way, and then handed the copies over to entire teams for code-breaking.
Substitution Frequency Analysis Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s And Vigenère Square was available, but not always used. So the code-breakers were breaking all the messages that were using older ciphers. Plus, it was only a matter of time before someone would fi nd vulnerabilities in Vigenère. And if you’re into computers, you might recognize the name of the someone who did.
Cipher • Without machinery In 1854, Charles Babbage broke the Vigenère cipher, without using any of his mechanical engineerings. Babbage just had a keen insight …
and ‘K’ • ‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK those false symbol frequencies where plain letters become di ff erent cipher letters, and vice-versa …
Measure spacing between repetitions • Identify most likely length of key: L So, to break Vigenère, you fi rst look for repeated sequences of letters and measure the space between those repetitions to fi nd length of the key word.
IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ These 4 cipher words are all repeated.
Key 2 3 4 5 6 7 8 9 10 11121314 15 1617181920 EFIQ 95 ✓ ✓ PSDLP 5 ✓ WCXYM 20 ✓ ✓ ✓ ✓ ✓ ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ We count the spacing between the repeated cipher words are 95, 5, 20, and 120, and since the only common factor of all of those is the number 5, we know the key word is 5 letters long. And once you know a bit about the key, you can more easily get the rest. So, at this point you could brute force looking for all the 5-letter words. But Babbage also had another trick …
VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ Break each with frequency analysis Once he knew the keyword is 5 letters long, Babbage broke the cipher text into 5 separate chunks - each chunk had all the letters 5 spaces apart. He then attacked each of those individual chunks with regular frequency analysis, and re-combined them all to recover the plain text.
Letters: RS??? Every time the plaintext is an “a” character, it leaks a keyword letter into the cipher-text! So, you only need to break enough of the cipher-text to see where the plain-text “A’s” are. Now with Babbage’s technique, you’ll know the length of the keyword AND some letters. So then it’s just a game of wordle at that point.
Substitution Frequency Analysis ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s Babbage Frequency Analysis ~1800’s So, now we’ve got a pretty even race going on between the code-makers using Vigenère, and the black chambers of code-breakers using Babbage and frequency analysis attacks. Then there’s 2 major tech break-thrus.
60km wire between Baltimore & Washington DC In the 1800’s the telegraph is invented, which lets people communicate instantly over great distances that were connected by long wires. The fi rst US telegraphs used a single-wire system. Which is great, but then …
• Transatlantic communication • Instant military commands • All messages reach enemy too • Increases need for encryption 50 years later, the fi rst radios were invented. They're great for sending instant military commands across great distances without having to set up long wires. But since the messages are traveling over the air, the enemy can eavesdrop on everything too. And this means you need an equally quick encryption tool, which would become one of the most notorious encryption devices in history.
in 1925 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329 The Enigma machine was invented by Arthur Scherbius in the early 20th century and deployed extensively - and with devastating e ff ect - by the Nazis during World War II.
electro-mechanical rotors, and an output lamp-board. When a plain letter is pressed on the keyboard, it completes an electrical circuit that passes thru the rotors and lights up a cipher letter in the lamp-board. Enigma used a series of scrambling wire rotors that “stepped” around with each letter. This is easier to show with a diagram …
original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494 So at the top here, when you pressed the plain “A” key, it might travel thru the circuit at the top to result in a cipher “G”. But, each press advanced the right-most rotor 1 position. With the rotor moved 1 position on the bottom here, the next time you pressed the plain “A” it would follow a di ff erent path and result in a new cipher letter - in this case “C”. So every time you type a letter, you change the pathway. When a rotor completed a full rotation, it would advance the rotor to the left of it, creating new pathways all over again. So Enigma is a poly-alphabetic cipher, and you can use it as fast as you can type.
= 17,576 Cipher Alphabets The fi rst Enigma machines used 3 rotors that scrambled 26 characters, for 17,000 possible cipher alphabets. So, the “key” for Enigma is the 3 starting positions of the rotors, and there are 17,000 possible keys.
day • Assume 1 check per minute • (Just type ciphertext and look at plaintext) • 96 enigma machines = .75 days to crack Furthermore, the Nazi’s used code-books with a di ff erent key for every day. Code-breakers could check a key by picking some rotor settings, and typing intercepted cipher text to see if the plain text made any sense. If that took 1 minute, then they would have to use 96 enigma machines non-stop to crack the key by tea-time. This is hard, but reasonable - remember that we’re talking about assembly-line code-breaking in these black chambers.
english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976 Swap up to 6 of 26 letters But Enigma also had a plug-board on the front that made even more substitutions. With it, operators could swap up to 6 letters.
38,291,799 enigma machines = 1 day to crack So it would take 38M enigma machines to search thru them all in a day. On top of all that they didn’t use the day key for all the messages of the day.
the beginning: QWERTY • Receiver types QWERTY, sees ‘asdasd’ • Re-orients their rotors to A, S, D for the rest of the message • Minimizes amount of ciphertext created by day key Instead, they used the day key to send a message key. So the sender picks “ASD” as a message key and types it twice at the beginning of the message. So say “ASDASD” becomes “QWERTY”. The receiver types QWERTY, sees the plaintext letters “ASD” twice, re-orients their rotors to A, S, and D, and types the rest of the message from there. This was all meant to minimize the amount of cipher text created by the day key.
• 38,291,799 enigma machines = 1 day to crack A SINGLE MESSAGE! So if you’re attacking Enigma with those 38M machines, it would take you a day to crack A SINGLE MESSAGE - not the entire day’s messages.
Substitution Frequency Analysis ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1 92 5 Enigma was the culmination of implementing state-of-the-art cryptography techniques with state-of-the-art technology. But as we’ve seen already - no code-breaking is indefensible, and no encryption system is un-breakable.
from Russian & Germany • Received photographs of Enigma instruction manual from French espionage • Deduced rotor wirings • Usage of codebook A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań, Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113 starts in Poland, in the Biuro Szyfrów - the Polish black chamber. After the fi rst World War, which many countries thought would be the last European war, Poland had to stay on its guard. It was fl anked by both Germany and the Soviet Union. Poland received an Enigma instruction manual via French espionage, from which they deduced the rotor wirings and how the code books worked. The team to crack Enigma was led by …
BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 Marian Rejewski. Like Babbage, Rejewski realized that repetition is a vulnerability for any crypto system, and so he focused on the repetition of the 3 letters in the message keys.
Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 3 links: A-F-W-A He saw that when a certain cipher letter appeared 1st, another cipher letter always appeared 4th, because it was the same plain letter, being encrypted the 2nd time by the day key. In later messages, that 4th cipher letter would show up as the fi rst cipher letter, and be followed by a new 4th cipher letter, and so on. Eventually, these “chains” would cycle around and start over again.
Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 7 links: C-H-G-O-Y-D-P-C He didn’t know the plain text of any of these letters - only that the number of links in the chains were cycling consistently. And he had a brilliant insight …
were only caused by the rotors • Could try to break the 105,456 possible rotor settings, not all 10,000,000,000,000,000 possible day keys • 100,000,000,000 times easier By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 He realized the number of links in the chain were only caused by the rotors. Like the Vigenere Square, Enigma “leaked” information about its key into its cipher text. So he could split the problem in two, and concentrate on breaking the 100,000 rotor settings fi rst. Which is 100 billion times easier than the full problem.
replica Enigma machines and recorded which chains were generated by each rotor setting • Took 1 year to complete • Could look up rotor settings by chains found in fi rst 6 letters of ciphertext http://www.cryptomuseum.com/crypto/cyclometer/index.htm His team created a Cyclometer - a device that simulated all the rotor settings of Enigma to record all the possible chain lengths of the cycles. They kept their results in a card catalog system that took 1 year to fi nish. But, with it, they could intercept Enigma messages, count the chain lengths in the cipher text, and then simply look up the rotor settings in their catalog.
Plugboard: Un-plug all • Rotor Arrangement: III, I, II • Initial Rotor Orientations: Q, C, W • Type in ciphertext, see: • “rettew” • Swap R/W = Wetter (weather) After the rotor settings, fi nding the plug-board settings was easy. Like we saw in frequency analysis, when you have part of the key, you can get the rest of it. In this case, they unplugged all their Enigma plugboard wires, set the rotors to what they knew were the right settings, and typed the cipher text. They would then see some pretty obvious letter swaps in common words - like “R” and “W” being swapped in weather.
rotor arrangements • Each with 6 full Enigma rotor sets at top for the 6 characters of the repeated message key • Given a number of “females” to fi nd, Bomba could recover settings in less than 2 hours After the cyclometer, the Polish created more electro-mechanical machines for code-breaking. Their cryptographic bombs could recover Enigma keys within 2 hours. In August, 1939, Poland smuggled their machines and research to the Allies. 2 weeks later, Hitler invaded Poland.
12 • 210 bombes by the end of the war • Operated by 2,000 members of Women’s Royal Navy Service The allies picked up Enigma code-breaking. They built bigger cryptographic bombs which were operated by thousands of the Women’s Royal Navy Service at chambers like Bletchley Park, where Alan Turing contributed to programmable advancements in code-breaking.
1,500 electronic valves - faster than electromechanical relay switches • Programmable - fi rst computers? Inspired by Turing’s ideas, Tommy Flowers designed Colossus Mark 1 which was completed in 1943 and used 1,600 vacuum tubes to perform operations many times faster than the electromechanical bombs. Colossus is regarded as the fi rst, programmable electronic …
Substitution Frequency Analysis ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1925 Colossus Mark 1 194 3 computer. With Colossus attacking Enigma, the code-breakers regained the upper-hand. So, Colossus is searching for - and fi nding - Enigma keys a lot faster than “brute" force. It’s an example of a new technology changing the time complexity of a crypto system. Sometimes code-breakers come up with new attacks, sometimes they get hold of new technology.
harder to measure and control precisely It made more sense to only distinguish between an “on” state and an “off” state In early computers like Colossus, electrical signals weren’t so precise. So it made more sense to only distinguish between 2 states: “on” and “o ff ”, represented by 1’s and 0’s. This is what we call binary.
is the letters SOS at the top become this sequence of 1’s and 0’s at the bottom. But again, this is just encoding - there’s nothing secret here. These 1’s and 0’s are plaintext.
101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 “Bitwise” rail fence cipher with 2 rails 00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010 11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110 101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011 We could perform any of the encryption algorithms we've seen on binary. For example, consider this short sentence, encoded to ASCII, then encrypted with a rail fence cipher with 2 rails, becomes a cipher text of binary. Decoding as ASCII shows this garbled result. So, if you’ve ever seen meaningless string values like this, you’re probably looking at cipher text, improper decoding, or both.
1 when inputs are different 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 But in binary there's this cool bitwise substitution called XOR. You give XOR 2 bits of input - that is 2 0’s or 1’s - and XOR says to output a 0 if the 2 inputs are equal, or output a 1 if the inputs are di ff erent. The cool thing about XOR is the result space is equal 50/50 between 1 or 0 - like a digital coin fl ip.
11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “Julius Caesar” 01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010 Output 10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001 00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 Now, we can perform a substitution algorithm on bits with XOR. For example, encode this short sentence with ASCII. Encode “Julius Caesar” with ASCII. Then, encrypt the binary plaintext by XOR’ing it with the binary key. We get this binary output, which looks like this when we fi nally ASCII-decode it. Notice: the key was only long enough to encrypt some of the plain-text.
101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110 1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “random” 1|0’s length of plaintext 000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101 110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000 0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001 Output 100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011 011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100 010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 To fi x this, we could either repeat the key to cover the full length of the plain text, or we could generate a “random” key matching the full length of the plain text, so we can encrypt the whole thing. Based on what we’ve seen so far - which do you think is more secure? Hopefully we’ve learned by now that repeating and re-using keys can lead to vulnerabilities.
plaintext digit with 1 key digit, or repeating the key, leaks information about the key into the cipher text which makes it vulnerable to attacks. This is just as true for binary as it is for letters and symbols.
vulnerable to all the same kinds of attacks as all the ciphers we've talked about. A striking example that repeating the key leaks plain data into cipher data is this plain image, encrypted
just repeats the key to cover the full length of the plain data. In this case of an image, you can literally see the repetition problem at the bit level produces recognizable output.
cipher operates on groups of bits called “blocks”. This simpli fi ed block cipher reads the plaintext input and a key, and applies many “rounds” of bitwise operations like XOR, substitutions, and permutations.
is fi rst XOR’d with a 16-bit key. Then the output is grouped into 4-bit groups and put thru “substitution boxes” or “s-boxes"- which are like mappings to turn a pre-de fi ned set of 4 bits into 4 di ff erent bits. Finally, the output bits from the s-boxes are put thru a de fi ned permutation step - like an anagram for bits.
repeated 3 times. Altogether, this is known as a “substitution-permutation network” or SP network. You can fi nd these kinds of diagrams for every major block cipher. They are designed to solve the problems we’ve seen by mixing data bits and key bits together in a way that doesn’t leak anything into the cipher data.
key 16 rounds: Break block in half the f-function is calculated using that round's subkey and the left half of the block. The result is then XORed to the right half of the block, which is the only part of the block altered for that round. After every round except the last one, the right and left halves of the block are swapped. Here's a diagram of the Lucifer cipher SP-network. If we walk thru it …
walking thru all the bits of a modern block cipher. But the point is that you COULD walk thru it - it’s not magical. Modern block ciphers do everything we’ve seen with letters, they just do it at the level of 1’s and 0’s.
understand that yes - somewhere in all that is still a bunch of 1’s and 0’s. It’s just that block ciphers work with so many bits at a time, that it’s easier to describe them at this higher level.
the NSA could brute force keys if they “needed” to But before AES was DES. DES is a standardized Lucifer cipher with a 56-bit key developed by IBM. The NSA tried to convince IBM to make the key length 48 bits - presumably so the NSA could break it by force if they really needed to. IBM & NSA compromised on a 56-bit key.
Password-based Substitution Frequency Analysis Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis One-Time Pad Enigma Cryptanalytic “Bombs”: Polish, British, US Lucifer, DES 197 1 - 1977 Computer With DES, the code-makers are back on top. Even Colossus wasn’t designed to attack block ciphers that make it quick and easy to perform so many rounds of XOR, substitution, and permutation on binary.
billion) In 1976, estimated to cost $20M to build a computer to crack such a key Affordable to the NSA With 56 bits of 1’s or 0’s, there are 72 quadrillion possible keys. In 1976, it was estimated to cost about $20M to build a computer to crack such a key, which was within the NSA budget, for sure.
Search Now, I’m going to reset our timeline for the computer age, and we’ve got a pretty even battle between code-makers using computer force, against code-breakers also using computer force. But as we saw with Colossus attacking Enigma, brute force can still be a problem.
2 018 .png, CC BY-SA 4 . 0 , https://commons.wikimedia.org/w/index.php?curid= 7975 1 151 And since 1970, every 2 years the price of electronics has been cut in half, while the processing speed has doubled. And very quickly, 56-bit keys were vulnerable to reasonably-priced attacks.
(million billion) 257 144,115,188,075,855,870 144 quadrillion (million billion) But, one great thing about binary keys is that adding bits increases the key space exponentially. So with just 1 more bit, there are 144 quadrillion possible keys. Still, you can’t just throw a single bit of key into a block cipher made for a certain key size.
fi g4_322277374 Triple-DES to provide a relatively simple method of increasing the key size of DES, without having to invent a completely new block cipher. It uses 3 di ff erent 56-bit keys in 3 steps: encrypt with fi rst key, decrypt with second, and then encrypt with third. This is a backwards-compatible way to use a 168-bit key with DES.
about messages that are longer than the key size? How do you use, say, a 168-bit block cipher to encrypt, say 336 bits of message? To apply Triple-DES to data larger than 168 bits, you need a …
that we already saw in the linux penguin image. In ECB, you just break the plain data up into blocks that match the key size, and repeat the key for each block.
Block Chaining (or the more performant Galois/Counter Mode), which uses the output cipher text from one block as input for the next block. This mode helps scramble the key into the encrypted data as much as possible …
+ CBC With 3DES and new block modes, the code-makers have techniques to stay ahead of Moore’s Law. But, we still have a nagging problem - no matter how great the encryption system is …
they did with Enigma code-books - banks would literally fl y employees around with disks of keys. But as we built up bigger and bigger networks of connected computers, that became a giant pain.
over non-secret channels. (By the way, I used DALL-E to create a lot of images in this presentation. The prompt for this one was “1970's painting of 2 people trying to whisper secretly in a crowd of people who are trying to hear what they're saying.” … and it somehow also created …
securely They need to share a secret They only have public channels between them “Eve is always eavesdropping” How can they share a secret without sharing it with Eve? Two people - Alice and Bob - need to communicate securely. To do that, they need to share a secret key. But, they only have public channels between them. (“Eve is always eavesdropping”) So, how can they share a secret with each other, without sharing it with Eve?
- that is, an operation that’s easy to perform in one direction, but hard to reverse. For example, it’s easy to mix 2 colors, but given a mixture of 2 colors, it’s hard or impossible to un-mix them.
color, mixes it with the public color, and sends her *mixture* to Bob. Bob privately chooses his own secret color, mixes it with the public color, and sends his *mixture* to Alice. At this point, Alice, Bob, and Eve all have the public color and the 2 mixtures. Now comes the cool part …
each add their own private color to the other’s mixture, and both arrive at the same shared secret color. But without one of their private colors, Eve can’t get to the same color. Now, this new shared secret color is like a shared secret key we need for Triple-DES. But, to do this on a computer, we need a way to do this with binary.
and 0’s So, anything … like a number. A key can be anything that can encode to 1’s and 0’s - so, anything … like a number. And because we can use numbers for a key, there are lots of cool math algorithms we can use to come up with the shared secret number. …
rst most popular Di ffi e-Hellman algorithm uses modular arithmetic, and I have an appendix covering that math. There’s also elliptic curve algorithms that provide stronger security with smaller keys and less computation, which is becoming very popular to accommodate mobile and other devices with more constrained resources. But we’re going to skip over the particular math involved unless we have time to talk about it later.
to establish a shared secret over public channels - is the foundation of public key cryptography. With Di ffi e-Hellman, we can establish secret keys with anyone in the world over public channels …
Di ffi e-Hellman has been to computers, the internet, and all of modern life. Most TLS cipher suites use Di ffi e-Hellman for establishing keys. Note: the only reason this Windows 11 list doesn’t show “DH” in TLS 1.3 is because TLS 1.3 removes all other key exchange algorithms in favor of Di ffi e-Hellman! That’s how important this technique is.
+ 3 DES + CBC DH + 3 DES + CBC 197 6 With Di ff i e-Hellman & Triple-DES, the code-makers have brought us into the current age of computer crypto, where we have a way to establish secret keys with anyone on the internet, an encryption algorithm to use them, and modes to use the keys on any message!
that looks like this before? For example, if you use your browser network inspector and the “Security” tab. And may have wondered - what the heck is all that? Well, now you know most of it.
… for Triple-DES … … with Cipher Block Chaining mode. … Encrypt-Decrypt-Encrypt … This is describing a TLS connection that uses Di ffi e-Hellman to establish a secret key, and then uses that key for 3DES Encrypt-Decrypt-Encrypt with Cipher Block Chaining mode of operation. So the point is: all these complicated modern crypto ciphers didn’t come from nowhere. And you can actually go learn all about them if you want or need to! In fact you’ve learned a bunch of it already. We’ve made it from ancient Scytales in 500 BC to modern HTTPS.
browser and look at the security info, <click> you’ll see the cipher suite used in its HTTPS connection. And that’s where I’ll end this part of the talk with maybe the 2 most basic & important lessons of cryptography for coders:
Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …
your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.
Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?
people! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption While Di ff i e-Hellman is great for coming up with keys, it creates new and di ff erent keys for every single connection to every single entity.
encryption based on locking and unlocking messages. Instead of making new keys with everyone, Alice could have a single key for herself, and publish the open lock for everyone else. So anyone could lock messages to Alice, and only she can open them. Ellis never found a mathematical solution for this, but …
Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163 In 1971 Cli ff ord Cox came up with a "trap door” one-way function to do this.
needed to come up with a mathematical function that's easy in 1 direction, hard to reverse, BUT is easy to reverse if you have some secret knowledge. The solution is an amazing combo of modular arithmetic and prime factorization. But again, we’re going to skip the maths unless people want to see it later.
classi fi ed by the British GCHQ (like the American NSA). But a few years later, in 1977 it was independently re-discovered by Ron Rivest, Adi Shamir, and Leonard Adelman, which is why we know it as RSA. RSA is the most widely copied and used software in the world. With it, anyone in the world can create a pair of public and private keys and use those keys to communicate securely with anyone else in the world.
designed as a crypto-system for encryption, encrypting and decrypting with RSA keys means the same key is re-used many many times, which we now know makes it more vulnerable to cryptanalysis. So in most modern cipher suites, it’s only used for signing & verifying certi fi cates, which is what we’ll look at next.
+ 3 DES + CBC DH/RSA + 3 DES + CBC 197 6 - 1981 So in the 70’s and 80’s, code-makers have ways to give away their own public key, and a way for anyone to use that key to establish a shared secret key, and an encryption algorithm with secure modes to use the keys on any message! It’s all the building blocks of a crypto-system design that can scale to every single person and device on the planet!
if every Bob can encrypt messages to every Alice on the planet, there's another problem - how does Bob know it's the real Alice he’s talking to? To establish this trust, Alice is going to get a … Public Key Certi fi cate. Alice submits her public key and some identi fi cation to a Certi fi cate Authority. The CA veri fi es Alice’s identity and signs her certi fi cate.
-Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. So when Bob connects to the real Alice, she presents her certi fi cate signed by a CA, and Bob can verify it’s been signed by a CA he trusts. Which brings us fi nally to …
website in any major browser, you can dig into the cryptography that was used to connect the browser to the site. In this case, I’m at relay. fi refox.com with my Firefox web browser. If I click more information …
itself signed by a "root" Let’s Encrypt private key. These root private keys are typically stored o ffl ine in facilities with strong physical security. Now, the public key matching that root private key …
this example, my Mac 10.15 laptop implicitly trusts the Let’s Encrypt root certi fi cate. So, my device trusts connections that present a public key that’s signed by Let’s Encrypt. So, in a rush to re-cap …
+ CBC DH/RSA + 3 DES + CBC Code-breaking: PKI, implementation, protocol attacks 199 5 - Present Code-making: PKI (Certi fi cate Authorities), AES, Elliptic Curves 199 5 -Present For the sake of time, I’ve left out a LOT of modern code-making and code-breaking … e.g., the math of DH and RSA, code-making with AES & Elliptic Curves, and code- breaking attacks against PKI, implementations, protocol attacks, etc. Because I want to make the 2 most important practical points about cryptography:
Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …
your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.
it’s encrypted with 4096-bit RSA, so the attackers can’t build a computer big enough to crack it. And that’s both the strength and the weakness of cryptography. Through-out history, code-makers are forcing code-breakers into key-cracking attacks that would take too long to complete.
Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?
-Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. The CA signs it with their private key to make a signed digital certi fi cate. Now, when someone like Bob wants to make an encrypted connection with Alice, she presents them with her signed public key certi fi cate. Which brings us fi nally to …
JavaScript, which implements RSA. (And look! I fi nally showed some JavaScript at the keynote of a JavaScript conference!) This is what I love about cryptography. Security is usually an unfair battle where attackers have all the advantages - because they only need to fi nd 1 point of weakness. But the mathematical properties of cryptography are so strong, it forces attackers to look for some other weakness besides trying to crack the keys.
… … and it ends on 10 Another way to think of this, is to wrap a cord 46 “hours” long around a 12-hour clock, and the cord will end on the remainder, in this case: 10.
34 mod 12 ≡ 10 46 mod 12 ≡ 10 58 mod 12 ≡ 10 70 mod 12 ≡ 10 .. mod 12 ≡ 10 … impossible to reverse! … in fact, in this form, it’s impossible to reverse, because there are an in fi nite number of right answers.
it's impossible for our recipient to know which number to use. So again, we need a way to calculate this with an algorithm and a key. And that key needs to be made of a secret part from Alice and Bob.
the exponent Which means there’s no short-cuts to solving it - you have to simply “brute force” guess the answer. So this is our 1-way function. Easy to compute, hard to reverse.
prime modulus. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 <click> For small numbers, it’s easy to guess. But not for prime moduli that are hundreds of digits long.
secrets? But we need to turn that single secret number into 2 secret numbers, in a way that combining them will result in the same answer. Which sounds super-hard, right? But this might be easier than you suspect. In fact, we all learned about it in 1st grade math …
5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Remember when we learned that addition and multiplication are commutative? That is, it doesn’t matter what order you put the numbers in - you’ll get the same answer.
= = 729 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Well, sequential exponentiation is also commutative. That is, if you raise 3 to the power of 2, and raise that answer to the power of 3, you get 729. If someone else raises that 3 to the power of 3, and raises that answer to the power of 2, they also get 729. So, if 2 people each raise a number to 2 sequential exponents, they will get the same result, no matter the order.
modulus https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 So, fi rst, Alice and Bob publicly agree on a generator and prime modulus that everyone can see.
Bob https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Then Alice picks a private exponent, and sends her result to Bob …
Alice https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Bob also picks his own private exponent, and send his result to Alice …
order, which doesn’t affect the result They both raised the generator to both of their exponents, just with the exponents in a di ff erent order. But changing the order of exponents doesn’t change the result.
multiply 2 large prime numbers to get a giant result number, it would be hard to get back to the prime numbers if you only know the result. But now we need a trap door for it …
the phi function, which measures the “breakability” of a number. It tells you how many numbers are less than the number that do NOT share a factor with the number. In this case, phi of 8 equals 4. Calculating phi is also a hard function, except for 1 kind of number …
easy and stays under a second even for larger numbers. Factoring small numbers is also under a second. But as the numbers get larger, there's an exponential e ff ect where multiplying the numbers is waaaay faster than factoring the resulting number, which can take hundreds or thousands of years.