cryptory-up-to-https-atlas-2024.pdf

Cryptography 500 BC to https:// Hey everyone, I'm Luke and
this is my talk on cryptography from 500 BC to https. Before I get started; 2 house-keeping items …

Plugs First, some plugs …

Tuesday March 12 at Atlas School is Tulsa UX +
Tulsa WebDevs 10th semi-annual sometimes-we-do-this lightning talk thing. These are always cool because you get about 5-10 di ff erent topics and talks in a single night. It’s free and dinner is provided.

BSides Oklahoma is happening April 3-5 at the Glenpool Conference
Center. Oklahoma hosts one of the nation’s best bsides events, and it's free! Plus, they o ff er lunch and a bar. BSides is a highlight of my year.

And then fi nally on May 17 is our annual
200 OK web developer conference at Atlas School Tulsa. This is a cool 1-day conference with speakers from around the country (sometimes around the world) and really cool talks and after-party stu ff too.

Audience Okay second, just to help me understand this audience,
how many people are: cryptography professionals (any PhDs?)? security professionals? tech professionals? into cryptocurrency and mistakenly thought this talk would be about that?

Now I won’t be covering much that has anything to
do with cryptocurrency in this talk, and when I say “crypto” today, I mean cryptography - not cryptocurrency. But I have another talk that covers bitcoin, cryptocurrency, and cryptojacking on my speaker deck that I’ll share in a second.

About me I’m not a crypto engineer I’m a web
developer   who got into   Security Engineering I’ve always been scared   and fascinated by crypto Okay, I’m Luke and I’m not a cryptography engineer. I’m a web developer who got into security. I remember feeling like I couldn’t be a “real” security pro because I was scared of cryptography and math. I barely understood what https was, and only vaguely knew that private keys should be kept secret. So if that sounds like you, then this talk might be great for you. I found that learning historical cryptography helped me understand what’s going on in https too. So, what I’d like to do today …

About this talk 2700 years in 40 minutes Ancient, Renaissance,
Mechanical, Computer Don’t take notes Slides (including full script) are already up at:     speakerdeck.com/groovecoder is cover 2700 years of cryptography from ancient to computer cryptography including https that we all use every day. Don’t try to take notes - I’m going too fast. These slides with links are already up on speakerdeck. My goal here is that this quick blast helps you see that today's cryptography didn’t spring out of nowhere, and to feel more con fi dent that you can learn it if you want or need to.

The Code Book Simon Singh The fl ow of this
talk summarizes an excellent book from Simon Singh called The Code Book. The code book is less technical and more biographical - it’s great.

Journey into Cryptography Khan Academy I also learned a lot
from Khan Academy’s “Journey into Cryptography” course.

Bulletproof TLS and PKI Ivan Ristić And especially for HTTPS,
there’s great modern practical advice from Bulletproof TLS and PKI by Ivan Ristić.

Chalk Talk Kelsey Houston-Edwards And while I don’t cover any
of it in this talk, Kelsey Houston-Edwards has some great videos on her Chalk Talk YouTube channel about the mathematics of things like post-quantum cryptography.

Cryptography: 500 BC - https Okay, now let’s do cryptography
from 500 BC to https. I fi nd it helps understand cryptography by comparing it to another technique for secrets …

Steganography, or simply: hiding messages. So, some interesting ancient steganography
stories …

499 BCE Histiaeus of Miletus shaves head of a slave
to write to Aristagoras to revolt against Persians In 499 BC, Histiaeus of Miletus was ruling Susa. But he wanted to go back to Miletus, so he shaved a servant’s head and wrote a message to Aristagoras back in Miletus telling him to start a revolution. When the servant’s hair had grown back, Histiaeus sent him to Aristagoras. Aristagoras shaved his head, received the message, started a revolt, and Histiaeus was sent back to Miletus by King Darius to deal with the rebellion.

480 BCE Demaratus writes into wood covered with wax re:
Xerxes’ pending attack Another cool steganography technique from the same time: there are records of using wooden & wax tablets - the real message was carved into wood, then covered with wax, which had a fake message carved on top. The recipient would melt the wax to reveal the real message.

??? Chinese writings on silk in balls of wax ingested
by couriers And speaking of wax, in ancient China, senders would write messages on silk paper, crumple them up and cover them with wax. A courier would eat them, travel to a destination, and then <ahem> … recover them.

First “Invisible Ink”, 1st c. AD Pliny the Elder Milk
of tithymalus plant Heat-activated And the fi rst records of “invisible ink” come from the fi rst century AD. Though they seem simple, steganography tricks can still be relatively e ff ective. In fact, if you ask me at the end, I can describe a steganography trick we came up with for Firefox just a couple years ago.

But especially important to modern security is Cryptography. (Or as
DALL-E spells it: cryptoography) Cryptography is not just hiding messages - it’s transforming a message into a completely di ff erent message. This is done with …

Ciphers a cipher.

T ranspositional Permutation   Ciphers Anagrams: move letters around The
fi rst ciphers used in writing were permutation ciphers, like anagrams. (The code book calls these transpositional, but I’m going to use “permutation”, because that’s what modern ciphers call it.) And although simple to understand, they can be quite strong …

Permutation Cipher For example, consider this short sentence 35 letters
57,675,839,111,362,423,741,870,080,000,000   (57 million trillion trillion) permutations For example, consider this short sentence, which has 35 letters that can be mutated into 57 million trillion trillion possible permutations!

When we measure how “strong” an encryption system is, we
measure it by its … Now, when we measure how “strong” an encryption system is, we measure it by its …

Time Complexity time complexity. Which is how long it would
take to “break” the cipher text and recover plain text. This is why you hear cryptographers say things like it would take longer than the heat death of the universe to break some cipher-text.

Permutation Cipher EXPERIMENTATIONS FRESH CHORD LOSS 57,675,839,111,362,423,741,870,080,000,000   (57 million
trillion trillion) permutations 1 check/second =   1,500,000,000,000,000,000,000,000 years   (1 trillion billion years) For example, if we had this cipher text “Experimentations fresh chord loss”, and we could re-arrange it once per second to guess the plain text, it would still take 1 trillion billion years to check all the possibilities. So even this little anagram is quite strong.

We can’t just send a random anagram Impossible for intended
recipient too Which anagram is correct? Do Not Attack at Midnight Attack at Mind: do T onight But we can’t just send someone a random anagram, because it’s impossible for the intended recipient to know which anagram is the correct plain text. For example, the exact same letters could be deciphered as either “Do not attack at midnight” or “Attack at mind: do tonight”

We need a   deterministic way to encrypt & decrypt
So we need a deterministic way to encrypt & decrypt anagrams.

Algorithms & Keys We do this with an encryption algorithm
and a key. There’s always a key! The most fundamental principle of cryptography from ancient to modern times is …

“a crypto-system should be secure, even if everything about the
system, except the key, is public knowledge” –Kerchkoff’s Principle (19th century AD) Kerchko ff ’s principle which states “a crypto-system should be secure, even if everything about the system, except the key, is public knowledge”. So, a fi rst crypto- system for anagrams …

Scytale, ~700 BCE - 120 AD Algorithm Wrap message around
a cylinder Key Diameter of cylinder was a device called a scytale. To use it, you wrap a piece of paper around a cylinder, and then write a message across the bands. When the paper is un-wound, it looks like one long thin of nonsense letters. The key is simply the diameter of the cylinder. The scytale was a machine that implemented what’s called …

Rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html … a “rail fence cipher”. In
this cipher …

Algorithm: Rail fence cipher key: 4 rows http://crypto.interactive-maths.com/rail-fence-cipher.html they are
attacking from the north … you write a plain text message like "they are attacking from the north” diagonally across some number of rows, in this case 4 …

http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north Algorithm: Rail fence
cipher key: 4 rows then you go thru each row and write the letters from left to right …

http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north TEKOOHRACIRMNREATANFTETYTGHH Algorithm: Rail
fence cipher key: 4 rows … and end up with this anagram cipher text.

TEKOOHRACIRMNREATANFTETYTGHH To decrypt this …

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C
I R M N R E A T A N F T E T Y T G H H Algorithm: Rail fence cipher key: 4 rows the recipient knows the key is 4 rows, so they would draw a grid of 4 rows and as many columns as the letters,

I R M N R E A T A N F T E T Y T G H H then write the cipher letters from the top here …

I R M N R E A T A N F T E T Y T G H H across the grid …

I R M N R E A T A N F T E T Y T G H H diagonally …

I R M N R E A T A N F T E T Y T G H H they are attacking from the north to recover the plaintext at the bottom.

Scytale ~700 BC Let's call Scytale our fi rst ancient
crypto-system, and try break it.

Cryptanalysis Breaking encrypted messages Breaking encrypted messages is called cryptanalysis.

Breaking rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html “Brute Force”   key search:
  T ry a bunch of numbers of rows by hand With a rail fence cipher, we can simply try a bunch of numbers of rows by hand. This is a “brute force” key search. Note: we’re not guessing the trillions of possible plain texts here, we’re just guessing the key.

Breaking rail fence cipher DELEHELFTAAEDSWNT 2 rows: daealeedhsewlnftt 3 rows:
deslefwtlanaeetdh 4 rows: detwaheeanellfdts 5 rows: defend the east wall For example, to break this cipher text on top encrypted with rail fence, we would write it over grids with 2, 3, 4, and then 5 rows to eventually fi nd that the right key is 5 and the plain text is “defend the east wall”.

So, the fi rst cryptanalysis is simply “brute force”  
key searching So, the fi rst code-breaking is “brute force” key searching. And since we measure strength by the time it takes an attacker to recover the plain text, that means the strength of a crypto-system facing a “brute force” key search depends on the total …

“Key space” … key space thru which an attacker has
to search. That is - how many possible keys can there be?

Breaking a Scytale “Brute Force”   key search:   T
ry a bunch of cylinders To break a message encrypted with a scytale, I mean - how many keys could there really be? Just wrap the message around a bunch of di ff erent cylinders.

Scytale ~700 BC Brute Force Key Search So scytale vs.
brute force is our fi rst battle between code-makers and code-breakers.

Substitutional Cipher Change letters into other letters Skip ahead about
700 years to an encryption system you’ve heard of. It uses a substitution cipher, which doesn’t just move letters around, but changes letters into other letters.

Caesar Cipher, 49 - 44 BC Algorithm Shift the alphabet
Key positions shifted Nearly everyone has heard of the Caeser Cipher, where the algorithm is to shift the alphabet, and the key is the number of positions you shifted it.

Caesar (Shift) Cipher Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XYZABCDEFGHIJKLMNOPQRSTUVW So
in this example, we shift the alphabet by -3. So the plain text e at the top becomes cipher text B at the bottom. Plain f becomes cipher C, and so on.

Steganography,   Scytale ~700 BC Brute Force Key Search Caesar
Cipher ~50 BC The code-makers have a new encryption system, but the bad news …

Breaking a Caesar Cipher Brute force   key search:  
  23 possible shifts … is that brute force can also break a caesar cipher. Because you can only shift the 1st century Latin alphabet 23 times, there's only 23 possible keys.

Aside🔒: simple can still be useful But before we dismiss
simple ciphers, I want to point out they can still be useful. When Russia was gearing up to invade Ukraine, I came across this technique to use “rot13” - that is, a caeser cipher with a shift of 13 - with socat as a technique to circumvent deep packet inspection tools that Russia uses to censor its internet. Sometimes the oldest tricks are the best ones. How many DPI operators will think to check for 2000-year-old ciphers?

Substituting is cool … but we ned a way to
do it with more than 23 keys.     So it would take an attacker a long time to search them all? So substituting letters is cool, but we need a way to do it with more than 23 keys. So it would take an attacker a long time to search them all.

Anagrams For example, consider this short sentence 35 letters 57,675,839,111,362,423,741,870,080,000,000
  (57 million trillion trillion) permutations Now remember from the anagrams that we were able to create 57 million trillion trillion random anagrams out of 35 letters.

Anagram the alphabet! ABCDEFGHIJKLMNOPQRSTUVWXYZ 26 letters 403,291,461,126,605,635,584,000,000   (403 trillion
trillion) permutations The same math says if we anagram an alphabet with 26 letters, we can make 403 trillion trillion possible anagrams.

Now that’s a big key space! Now that’s a big
key space!

Algorithm Substitute each letter with another letter Key A random
anagram of the alphabet! So what we can do is substitute each letter with a di ff erent letter from a random anagram of the alphabet.

Key: XZAVOIDBYGERSPCFHJKLMNQTUW So the key could be something like this
…

Key: IXJUYPCERHTFODKLNQVGSZMBAW or this …

Key: IXJUYPCERHTFODKLNQVGSZMBAW ORVLFHPCMGUXEBWAINSQZJDTKY HRIBXDWGNTYPUKCMAJEZFVSQLO AJTPLEZDMVNCGSKXWYRQOIHBUF LDHUIVCTJXEWBRZYOQKFMNPGSA or any of these.

Random Substitutional Cipher 403,291,461,126,605,635,584,000,000   alphabets Check 1 every second
… 120,000,000,000,000,000,000 or any of 403 trillion trillion possible alphabets. So even if someone could check a di ff erent key every second, it would take them 120 billion billion years to check them all! Which is super cool, and brings up 2 important points to understand about all crypto-systems …

Randomness is good! Randomness is good. From this ancient cipher
to post-quantum lattice-based algorithms, so much of the secrecy and security of cryptography comes from incorporating randomness - especially into keys.

Most🔒 crypto-systems don’t try to offer “perfect” encryption … Second,
most crypto-systems don’t try to o ff er “perfect” encryption

… most crypto systems try to force attackers into  
key searches that take too long to complete most crypto systems try to force attackers into key searches that take too long to complete.

Random Substitutional Cipher 403,291,461,126,605,635,584,000,000   alphabets Check 1 every second
… 120,000,000,000,000,000,000 To attack this, the attacker has to perform a key search that would take several decades, even with hundreds of thousands of high-end modern computers in the cloud. But there’s a catch … (there’s always a catch, right?)

Key: XZAVOIDBYGERSPCFHJKLMNQTUW A key in this crypto-system is complicated and
hard to memorize, so someone’s going to write it down on a post-it note stuck to a monitor somewhere. This is the never- ending challenge of every crypto-system thru all ages …

keep the key secret and keep the key safe.

Can we make a   “random-ish” key that is easier
to memorize? To keep it more secret and safe, can we make a random-ish key that is easier to memorize? We'll do this by using a key phrase, and using that to make an alphabet.

Easy to memorize key JULIUS CAESAR  JULISCAER We start with
a key phrase, like “Julius Caesar”, and remove any duplicate letters.

Easy to memorize key Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR  JULISCAER
Then, we write it, and all the remaining letters in the alphabet, in order, skipping letters that were already in the key phrase.

Easy to memorize key Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ
JULIUS CAESAR  JULISCAER Note: smaller key space And now we have a cipher alphabet to encrypt our plain alphabet.

“key derivation function” Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR This is
called a “key derivation function”. It’s a way to turn some source key material into a key that is suitable for a certain crypto system.

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ Defend the East wall
ISCSYI HES SJGH NJWW Now we can encrypt the plain text above into the cipher text below, using an easy-to-memorize key.

Cipher ~50 BC Password-based   Substitution   Cipher So we have an easy-to-use cipher up against brute force that would take billions of billions of years to perform by hand …

Password-based Substitution Cipher considered un-breakable* for ~800 years, until …
* because passwords are always strong, right? This password-based cipher was considered un-breakable for about 800 years, and then …

ةامعملا بتكلا جارختسا يف ةلاسر (On Decrypting Encrypted Correspondence) يدنكلا
حاّبصلا قاحسإ نب بوقعي فسوي وبأ   (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī)   Al-Kindi 801-873 AD In the 9th century, Abu Yusuf Al-Kindi wrote a treatise on code-breaking. In it, he explained a …

Frequency Analysis Attack Frequency Analysis Attack

A frequency analysis attack is based on the fact that,
in every language, some letters occur more often than others.

“PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO
KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” –OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK So, if you have some cipher text …

Cipher alphabet: OXPCBKLYVJDIMRSUZEANFQGWHT … you can count which cipher letters
are the most frequent …

Plain alphabet: etaoinshrdlcumwfgypbvkjxqz Cipher alphabet: OXPCBKLYVJDIMRSUZEANFQGWHT … and map those
to the letters that are most frequent in the plain alphabet …

Likeliest plaintext letters O = e X = t P
= a And guess they are the most frequent plain letters.

English frequency rules Most common double-letters: “LL”, “SS”, “EE”, “OO”
Vowels appear before and after most other letters Consonants avoid many letters E.g., ‘e’ appears before/after virtually every other letter; while ’t’ is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’ “ee” occurs more than “oo” occurs more than other double-vowels “a” occurs on its own often - more than “I” on its own ‘h’ frequently goes before ‘e’ but rarely after ‘e’ If you bring in more language frequency rules …

Cipher O = e X = a Y = i
B = h P = t ? … you give yourself even better guesses.

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee
KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK Then, apply your guesses to the cipher text …

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee
KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK “Lhe” 6 times and you’ll see some common patterns emerge. For example here, what’s a common 3-letter word in English that ends with “he”?

“Lhe” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X???O??BY??????????L?????? “the” Right, “the”.
So you’ve fi gured out that cipher “L” is plaintext “t”.

“PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ thJee
KCPK. CP the thCMKaPV aPV IiJKt PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI, Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS, KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ CI UCMJ SaGeKtU?” –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK “aPV” 5 times How about another common 3-letter word that begins with “a”?

“aPV” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X??VO??BY????P?????L?????? “and” “and” -
now you know cipher “V” is plain “d” and cipher “P” is plain “n” too. So, fi nding part of the key can let you crack the rest of it.

So … a couple hours later …

“now during this time shahra[qxzj]ad had borne king shahriyar three
sons. on the thousand and fi rst night, when she had ended the tale of ma’aruf, she rose and kissed the ground before him, saying: “great king, for a thousand and one nights i have been recounting to you the fables of past ages and the legends of ancient kings. may i make so bold as to crave a favour of your ma[qxzj]esty?” –epilogue, tales from the thousand and one nights Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U? you can reconstruct the whole key and recover all the plaintext.

Frequency Analysis: An analytical attack faster than brute force key
search Which means a frequency analysis attack is waaaaay faster than brute force.

Cipher ~50 BC Password-based   Substitution   Cipher Frequency   Analysis   ~800 AD And now the code-breakers have the upper-hand. This new attack fi nds the key in hours instead of billions of years.

Code-makers needed a   crypto-system that wasn’t vulnerable to  
Frequency Analysis Until the code-makers came up with a new crypto-system that wasn’t vulnerable to frequency analysis.

Leon Battista Alberti 140 4 - 1472 “poly-alphabetic” cipher In
the 15th century, Leon Battista Alberti devised a “poly-alphabetic” substitution cipher.

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z Poly-alphabetic Substitution Cipher Which uses 2 or more alphabets. For example, here we see the plain alphabet followed by 2 randomized cipher alphabets.

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret R_____ Poly-alphabetic Substitution Cipher In this system, to encrypt the word “secret”, you encrypt the fi rst letter with the fi rst alphabet, so “s” becomes “R”.

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RA____ Poly-alphabetic Substitution Cipher For the next letter, you use the next alphabet, so “e” becomes “A”.

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RAB___ Poly-alphabetic Substitution Cipher Then wrap back up to the fi rst, so “c” becomes “B”.

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABH__ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher next, “r” becomes “H”

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABHK_ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher “e” becomes “K”

D M B X K I V A S Z
N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RABHKK Poly-alphabetic Substitution Cipher and “t” becomes “K”

False frequencies ‘e’ is enciphered as both ‘A’ and ‘K’
‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK Using 2 cipher alphabets means that the plain letter “e” becomes both an “A” and a “K”, and that a cipher “K” could be either an “e” or a “t”. So the frequency of the cipher letters is di ff erent than the plain alphabet.

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: ?????????????????????????? 🚫 So, now the
code-makers have a system that’s not vulnerable to frequency analysis

Steganography,   Scytale Brute Force Key Search Caesar Shift Password-based
  Substitution Frequency   Analysis   ~800 AD Homophonic Substitution Poly-alphabetic Substitution ~ 1 45 0 AD 🚫 which means attackers are back to using brute force.

Poly-alphabetic beats frequency analysis, but … But even though poly-alphabetic
beats frequency analysis …

Poly-alphabetic ciphers are complex D M B X K I
V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z M N I P X F S WD T B C E V K U O G A Y J L H Q Z R M WX R G D A C B E I Q T H U V J P F Y K O S Z L N S J C X V E K M WB G T P D A Y N R Q U O F H L I Z X T Q N I L S O Z J V H P F U WC Y D G E M K A B R it has the same problem that random substitution had: look at this complicated 6-alphabet key! Who wants to memorize THAT?

Keyword   SECRET D M B X K I V
A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z So, the code-makers need another key derivation function - a way to use an easy-to-memorize key word AND use lots of cipher alphabets.

Le Chiffre Indéchiffrable created by Blaise de Vigenère 152 3
- 1596 Created new   poly-alphabetic cipher In the 16th century, Blaise de Vigenère created “Le Chi ff e Indéchi ff rable” - a new system to do this.

Vigenère Square It uses the Vigenère Square …

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Which is this lovely device.

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z At the top is the plain alphabet.

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, the alphabet is shifted to the left by one space.

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, shifted to the left again …

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z and so on until the last row is the plain alphabet again.

Repeat keyword for all of text Plaintext: AttackFromTheSouthAtDawn Ciphertext: ????????????????????????
Keyword: SECRETSECRETSECRETSECRET To use the Vigenère square, you fi rst repeat a keyword - in this case SECRET - across the plaintext - in this case “Attack From The South At Dawn”

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET You change the fi rst plain text letter with the alphabet on the row that starts with the fi rst letter of the keyword. So, in this case, to encrypt the “a” in Attack, you go down to the row that starts with the “S” from SECRET …

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET and then go to the plaintext letter “a” column …

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn S Keyword: SECRETSECRETSECRETSECRET and you get an “S”.

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SX?????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET X Then to encrypt the plain “t” go down to the row that starts with the “E” from SECRET, go to the “t” column and this plain “t” becomes an “X”.

a b c d e f g h i j
k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SXV????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET V Stay on the “t” column for the next plain “t”, but move up to the row that starts with the “C” in SECRET, and this second plain “t” becomes “V”. (Again: the same plain letter became 2 di ff erent cipher letters)

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET And after you’ve repeated
that for the whole plaintext, you have cipher-text that’s been encrypted with an easy-to-memorize key, and no frequency analysis! By the way, if you can spot a huge hole in this cipher system and tell me what it is, you get a prize!

  Substitution Frequency   Analysis   ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD 🚫 So now the code-makers have another password-based crypto system that’s easy to use, and it forces attackers into brute force that would take billions of years! For about 200 years, the Vigenère Square was the apex of crypto systems. But the code-breakers weren’t giving up. The code-breakers are going to turn to …

Industrial Revolution ~1760 - 1840 to the new machines &
processes of the industrial revolution.

“Black Chambers” • 1700s • “Assembly-line” Cryptanalysis • Each European
power had one • Breaking all mono-alphabetic ciphers • Encouraged adoption of Vigenère Square for   poly-alphabetic ciphers As early as the 1700’s, every European power had a “black chamber”. This was typically a state-controlled post o ffi ce, with an assembly-line of code-breakers who would “man-in-the-middle” letters during delivery. They opened all the envelopes, copied any encrypted messages, sent the letters on their way, and then handed the copies over to entire teams for code-breaking.

  Substitution Frequency   Analysis Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s And Vigenère Square was available, but not always used. So the code-breakers were breaking all the messages that were using older ciphers. Plus, it was only a matter of time before someone would fi nd vulnerabilities in Vigenère. And if you’re into computers, you might recognize the name of the someone who did.

Charles Babbage • 1791 - 1871 • 1854: Broke Vigenère
Cipher • Without machinery In 1854, Charles Babbage broke the Vigenère cipher, without using any of his mechanical engineerings. Babbage just had a keen insight …

REPEATING KEYWORD Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET He realized
that while the keyword-based Vigenère Square created

False SYMBOL frequencies • ‘e’ is enciphered as both ‘A’
and ‘K’ • ‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK those false symbol frequencies where plain letters become di ff erent cipher letters, and vice-versa …

Word frequencies repeating the key word meant there would be
word frequencies.

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING For example, if the
keyword “king” is used by the Vigenère Square to encrypt “the sun and the man in the moon”, it would result in this cipher text.

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING And in this cipher
text the word “the” is encrypted as “DPR”, then as “BUK”, and then as “BUK” again.

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING { 8 letters keyword
length must be some factor of 8 So the cipher word is repeated when it's displaced by some multiple of the length of the key word.

Breaking Vigenère • Look for repeated sequences of letters •
Measure spacing between repetitions • Identify most likely length of key: L So, to break Vigenère, you fi rst look for repeated sequences of letters and measure the space between those repetitions to fi nd length of the key word.

Cipher text WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK
UZKIZBZLIUAMMVZ For example, in this cipher text encrypted with Vigenère …

REPETITIONS EFIQ, PSDLP, WCXYM, ETRL WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ
IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ These 4 cipher words are all repeated.

spacing between repetitions Repeated Cipher word Spacing Possible Length of
Key 2 3 4 5 6 7 8 9 10 11121314 15 1617181920 EFIQ 95 ✓ ✓ PSDLP 5 ✓ WCXYM 20 ✓ ✓ ✓ ✓ ✓ ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ We count the spacing between the repeated cipher words are 95, 5, 20, and 120, and since the only common factor of all of those is the number 5, we know the key word is 5 letters long. And once you know a bit about the key, you can more easily get the rest. So, at this point you could brute force looking for all the 5-letter words. But Babbage also had another trick …

5 separate cipher texts WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL
VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ Break each with frequency analysis Once he knew the keyword is 5 letters long, Babbage broke the cipher text into 5 separate chunks - each chunk had all the letters 5 spaces apart. He then attacked each of those individual chunks with regular frequency analysis, and re-combined them all to recover the plain text.

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET But let me show
you this again … did anyone notice another hole in this system?

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET Keyword Length: 5 Keyword
Letters: RS??? Every time the plaintext is an “a” character, it leaks a keyword letter into the cipher-text! So, you only need to break enough of the cipher-text to see where the plain-text “A’s” are. Now with Babbage’s technique, you’ll know the length of the keyword AND some letters. So then it’s just a game of wordle at that point.

  Substitution Frequency   Analysis   ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s Babbage Frequency Analysis ~1800’s So, now we’ve got a pretty even race going on between the code-makers using Vigenère, and the black chambers of code-breakers using Babbage and frequency analysis attacks. Then there’s 2 major tech break-thrus.

Electric Telegraphs • Buried underground or suspended overhead • 1844
  60km wire between Baltimore & Washington DC In the 1800’s the telegraph is invented, which lets people communicate instantly over great distances that were connected by long wires. The fi rst US telegraphs used a single-wire system. Which is great, but then …

How can you represent letters and words as electrical signals?
How can you represent letters or words as electrical signals on a single wire? Hint: this telegraph was invented by Samuel Morse.

Morse Code: “Encoding” not “Encryption” Morse code is an encoding
scheme to turn letters into sequences of dots and dashes. But note: morse code is an encoding scheme - there’s no secrecy in it.

I.e., this is still “plaintext” So this is still plain
text; it just allows you to convert messages from letter form into telegraph form.

Radio, 1899-1901 • 3,000 km from Cornwall to to Newfoundland
• Transatlantic communication • Instant military commands • All messages reach enemy too • Increases need for encryption 50 years later, the fi rst radios were invented. They're great for sending instant military commands across great distances without having to set up long wires. But since the messages are traveling over the air, the enemy can eavesdrop on everything too. And this means you need an equally quick encryption tool, which would become one of the most notorious encryption devices in history.

Enigma: Electrical Encryption • Arthur Scherbius, 1918 • Mass Production
in 1925 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329 The Enigma machine was invented by Arthur Scherbius in the early 20th century and deployed extensively - and with devastating e ff ect - by the Nazis during World War II.

Input Keyboard Rotors Output Lampboard Enigma has an input keyboard,
electro-mechanical rotors, and an output lamp-board. When a plain letter is pressed on the keyboard, it completes an electrical circuit that passes thru the rotors and lights up a cipher letter in the lamp-board. Enigma used a series of scrambling wire rotors that “stepped” around with each letter. This is easier to show with a diagram …

By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot;
original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494 So at the top here, when you pressed the plain “A” key, it might travel thru the circuit at the top to result in a cipher “G”. But, each press advanced the right-most rotor 1 position. With the rotor moved 1 position on the bottom here, the next time you pressed the plain “A” it would follow a di ff erent path and result in a new cipher letter - in this case “C”. So every time you type a letter, you change the pathway. When a rotor completed a full rotation, it would advance the rotor to the left of it, creating new pathways all over again. So Enigma is a poly-alphabetic cipher, and you can use it as fast as you can type.

By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651 This is the inside
of one of the rotors. The green jumble of wires on the right are scrambling wires.

3 rotors of 26 wirings 26 x 26 x 26
= 17,576 Cipher Alphabets The fi rst Enigma machines used 3 rotors that scrambled 26 characters, for 17,000 possible cipher alphabets. So, the “key” for Enigma is the 3 starting positions of the rotors, and there are 17,000 possible keys.

17,576 orientations x 6 arrangements = 105,456 Cipher Alphabets But,
the rotors could also be re-arranged. And 6 arrangements meant it had 100,000 possible keys.

105,456 possible keys • A new key was used every
day • Assume 1 check per minute • (Just type ciphertext and look at plaintext) • 96 enigma machines = .75 days to crack Furthermore, the Nazi’s used code-books with a di ff erent key for every day. Code-breakers could check a key by picking some rotor settings, and typing intercepted cipher text to see if the plain text made any sense. If that took 1 minute, then they would have to use 96 enigma machines non-stop to crack the key by tea-time. This is hard, but reasonable - remember that we’re talking about assembly-line code-breaking in these black chambers.

Plugboard By Bob Lord - German Enigma Machine, uploaded in
english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976 Swap up to 6 of 26 letters But Enigma also had a plug-board on the front that made even more substitutions. With it, operators could swap up to 6 letters.

100,391,791,500 Plugboard Settings And 6 swaps of 26 possible letters
meant there were 100 billion possible plugboard settings.

10,586,916,711,696 Total Possible Keys And combining the plugboard and rotor
settings meant there were 10 trillion possible keys.

10,586,916,711,696 possible keys • At 1 check per minute: •
38,291,799 enigma machines = 1 day to crack So it would take 38M enigma machines to search thru them all in a day. On top of all that they didn’t use the day key for all the messages of the day.

Message Keys • Message Key: ASD • Send “ASDASD” at
the beginning: QWERTY • Receiver types QWERTY, sees ‘asdasd’ • Re-orients their rotors to A, S, D for the rest of the message • Minimizes amount of ciphertext created by day key Instead, they used the day key to send a message key. So the sender picks “ASD” as a message key and types it twice at the beginning of the message. So say “ASDASD” becomes “QWERTY”. The receiver types QWERTY, sees the plaintext letters “ASD” twice, re-orients their rotors to A, S, and D, and types the rest of the message from there. This was all meant to minimize the amount of cipher text created by the day key.

Is cracking Enigma possible? • At 1 check per minute:
• 38,291,799 enigma machines = 1 day to crack     A SINGLE MESSAGE! So if you’re attacking Enigma with those 38M machines, it would take you a day to crack A SINGLE MESSAGE - not the entire day’s messages.

  Substitution Frequency   Analysis   ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1 92 5 Enigma was the culmination of implementing state-of-the-art cryptography techniques with state-of-the-art technology. But as we’ve seen already - no code-breaking is indefensible, and no encryption system is un-breakable.

Cracking Enigma The story of cracking Enigma …

Polish Biuro Szyfrów • Established after WWI to protect Poland
from Russian & Germany • Received photographs of Enigma instruction manual from French espionage • Deduced rotor wirings • Usage of codebook A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań,   Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113 starts in Poland, in the Biuro Szyfrów - the Polish black chamber. After the fi rst World War, which many countries thought would be the last European war, Poland had to stay on its guard. It was fl anked by both Germany and the Soviet Union. Poland received an Enigma instruction manual via French espionage, from which they deduced the rotor wirings and how the code books worked. The team to crack Enigma was led by …

Marian Rejewski By Unknown - Rejewski's daughter's private archive, CC
BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 Marian Rejewski. Like Babbage, Rejewski realized that repetition is a vulnerability for any crypto system, and so he focused on the repetition of the 3 letters in the message keys.

Found “chain” cycles   in the first 6 letters 4th
Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 3 links: A-F-W-A He saw that when a certain cipher letter appeared 1st, another cipher letter always appeared 4th, because it was the same plain letter, being encrypted the 2nd time by the day key. In later messages, that 4th cipher letter would show up as the fi rst cipher letter, and be followed by a new 4th cipher letter, and so on. Eventually, these “chains” would cycle around and start over again.

Found “chain” loops   in the first 6 letters 4th
Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 7 links: C-H-G-O-Y-D-P-C He didn’t know the plain text of any of these letters - only that the number of links in the chains were cycling consistently. And he had a brilliant insight …

Marian Rejewski • Realized the # links in the chain
were only caused by the rotors • Could try to break the 105,456 possible rotor settings, not all 10,000,000,000,000,000 possible day keys • 100,000,000,000 times easier By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 He realized the number of links in the chain were only caused by the rotors. Like the Vigenere Square, Enigma “leaked” information about its key into its cipher text. So he could split the problem in two, and concentrate on breaking the 100,000 rotor settings fi rst. Which is 100 billion times easier than the full problem.

Cyclometer • Team checked each of 105,456 possible settings on
replica Enigma machines and recorded which chains were generated by each rotor setting • Took 1 year to complete • Could look up rotor settings by chains found in fi rst 6 letters of ciphertext http://www.cryptomuseum.com/crypto/cyclometer/index.htm His team created a Cyclometer - a device that simulated all the rotor settings of Enigma to record all the possible chain lengths of the cycles. They kept their results in a card catalog system that took 1 year to fi nish. But, with it, they could intercept Enigma messages, count the chain lengths in the cipher text, and then simply look up the rotor settings in their catalog.

Cyclometer created the first “Rainbow Table” for looking up cryptographic
keys So they made the world’s fi rst rainbow table!

How to find the plugboard settings out of 100,391,791,500? •
Plugboard: Un-plug all • Rotor Arrangement: III, I, II • Initial Rotor Orientations: Q, C, W • Type in ciphertext, see: • “rettew” • Swap R/W = Wetter (weather) After the rotor settings, fi nding the plug-board settings was easy. Like we saw in frequency analysis, when you have part of the key, you can get the rest of it. In this case, they unplugged all their Enigma plugboard wires, set the rotors to what they knew were the right settings, and typed the cipher text. They would then see some pretty obvious letter swaps in common words - like “R” and “W” being swapped in weather.

Polish Cryptographic Bombs • 6 machines for the 6 possible
rotor arrangements • Each with 6 full Enigma rotor sets at top for the 6 characters of the repeated message key • Given a number of “females” to fi nd, Bomba could recover settings in less than 2 hours After the cyclometer, the Polish created more electro-mechanical machines for code-breaking. Their cryptographic bombs could recover Enigma keys within 2 hours. In August, 1939, Poland smuggled their machines and research to the Allies. 2 weeks later, Hitler invaded Poland.

British Bombes • 36 rotors arrange in 3 banks of
12 • 210 bombes by the end of the war • Operated by 2,000 members of Women’s Royal Navy Service The allies picked up Enigma code-breaking. They built bigger cryptographic bombs which were operated by thousands of the Women’s Royal Navy Service at chambers like Bletchley Park, where Alan Turing contributed to programmable advancements in code-breaking.

Colossus • Inspired by Turings ideas and his bombe •
1,500 electronic valves - faster than electromechanical relay switches • Programmable - fi rst computers? Inspired by Turing’s ideas, Tommy Flowers designed Colossus Mark 1 which was completed in 1943 and used 1,600 vacuum tubes to perform operations many times faster than the electromechanical bombs. Colossus is regarded as the fi rst, programmable electronic …

  Substitution Frequency   Analysis   ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1925 Colossus Mark 1 194 3 computer. With Colossus attacking Enigma, the code-breakers regained the upper-hand. So, Colossus is searching for - and fi nding - Enigma keys a lot faster than “brute" force. It’s an example of a new technology changing the time complexity of a crypto system. Sometimes code-breakers come up with new attacks, sometimes they get hold of new technology.

Computer Cryptography So, we’ve got computer-powered code-breaking against electro-mechanical code-making.
And the world starts communicating more and more with these computers, so the code-makers need to catch up …

In the early days of computing, electrical signals were much
harder to measure and control precisely It made more sense to only distinguish between an “on” state and an “off” state In early computers like Colossus, electrical signals weren’t so precise. So it made more sense to only distinguish between 2 states: “on” and “o ff ”, represented by 1’s and 0’s. This is what we call binary.

SOS And like the telegraph required morse code to turn
letters into electrical signals, computers need a way to encode letters into the 1’s and 0’s of binary. There’s 2 steps to this …

SOS 83 79 83 The fi rst step is to
encode each letter as a number. In this example, we use ASCII encoding for that.

83 79 83 1010011 1001111 1010011 1 1 1 1
1 1 1 1 1 64 + 16 + 2 + 1 = 83 1 1 1 1 64 + 16 + 2 + 1 = 83 64 + 8 + 4 + 2 + 1 = 79 The next step is to convert each number into binary.

SOS 83 79 83 1010011 1001111 1010011 So the result
is the letters SOS at the top become this sequence of 1’s and 0’s at the bottom. But again, this is just encoding - there’s nothing secret here. These 1’s and 0’s are plaintext.

In Binary, we encrypt at the level of 1’s and
0’s But when we get our letters into binary, we can encrypt them at this level of 1’s and 0’s.

Bitwise anagram For example, consider this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110 11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101
101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 “Bitwise” rail fence cipher with 2 rails 00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010 11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110 101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011 We could perform any of the encryption algorithms we've seen on binary. For example, consider this short sentence, encoded to ASCII, then encrypted with a rail fence cipher with 2 rails, becomes a cipher text of binary. Decoding as ASCII shows this garbled result. So, if you’ve ever seen meaningless string values like this, you’re probably looking at cipher text, improper decoding, or both.

Bitwise substitution: XOR Outputs 0 when inputs are equal Outputs
1 when inputs are different 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 But in binary there's this cool bitwise substitution called XOR. You give XOR 2 bits of input - that is 2 0’s or 1’s - and XOR says to output a 0 if the 2 inputs are equal, or output a 1 if the inputs are di ff erent. The cool thing about XOR is the result space is equal 50/50 between 1 or 0 - like a digital coin fl ip.

Bitwise substitution: XOR For example, encode this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110
11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “Julius Caesar” 01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010 Output 10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001 00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 Now, we can perform a substitution algorithm on bits with XOR. For example, encode this short sentence with ASCII. Encode “Julius Caesar” with ASCII. Then, encrypt the binary plaintext by XOR’ing it with the binary key. We get this binary output, which looks like this when we fi nally ASCII-decode it. Notice: the key was only long enough to encrypt some of the plain-text.

Bitwise substitution: XOR For example, consider this short sentence. 010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101
101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110 1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “random” 1|0’s length of plaintext 000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101 110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000 0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001 Output 100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011 011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100 010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 To fi x this, we could either repeat the key to cover the full length of the plain text, or we could generate a “random” key matching the full length of the plain text, so we can encrypt the whole thing. Based on what we’ve seen so far - which do you think is more secure? Hopefully we’ve learned by now that repeating and re-using keys can lead to vulnerabilities.

A major reason for that is because every cipher we’ve
talked about so far from ancient to modern time has been a “stream cipher” - that is, it operates on a single digit or character at a time.

And we’ve also seen problems in these ciphers. Encrypting 1
plaintext digit with 1 key digit, or repeating the key, leaks information about the key into the cipher text which makes it vulnerable to attacks. This is just as true for binary as it is for letters and symbols.

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation So, just XOR’ing plaintext bits with key bits is
vulnerable to all the same kinds of attacks as all the ciphers we've talked about. A striking example that repeating the key leaks plain data into cipher data is this plain image, encrypted

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 in a way that
just repeats the key to cover the full length of the plain data. In this case of an image, you can literally see the repetition problem at the bit level produces recognizable output.

Horst Feistel 1971: Published “Lucifer” cipher for computer encryption First(?)
Block Cipher To address this, in 1971, Horst Feistel and colleagues at IBM published the “Lucifer” cipher - the earliest civilian block cipher.

Instead of operating on single bits or digits, a block
cipher operates on groups of bits called “blocks”. This simpli fi ed block cipher reads the plaintext input and a key, and applies many “rounds” of bitwise operations like XOR, substitutions, and permutations.

XOR S-box Permutation In this example, 16 bits of plaintext
is fi rst XOR’d with a 16-bit key. Then the output is grouped into 4-bit groups and put thru “substitution boxes” or “s-boxes"- which are like mappings to turn a pre-de fi ned set of 4 bits into 4 di ff erent bits. Finally, the output bits from the s-boxes are put thru a de fi ned permutation step - like an anagram for bits.

SP Network And in this example, that whole process is
repeated 3 times. Altogether, this is known as a “substitution-permutation network” or SP network. You can fi nd these kinds of diagrams for every major block cipher. They are designed to solve the problems we’ve seen by mixing data bits and key bits together in a way that doesn’t leak anything into the cipher data.

Lucifer Cipher: “block” cipher Break message into 128-bit blocks 128-bit
key 16 rounds: Break block in half the f-function is calculated using that round's subkey and the left half of the block. The result is then XORed to the right half of the block, which is the only part of the block altered for that round. After every round except the last one, the right and left halves of the block are swapped. Here's a diagram of the Lucifer cipher SP-network. If we walk thru it …

256 bit message (in ASCII) 01010100011010000110010100100000010101010101001101000001001000000100111001010011 01000001001000000111001101110100011011110111001001100101011100110010000001111001 01101111011101010111001000100000011101000111011101100101011001010111010001110011 0010000100100001 we
take a 256-bit tweet …

Break into 128-bit blocks 01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010 01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001 The USA NSA stor
es your tweets!! Break it into 128-bit blocks …

Generate 128-bit key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001 Generate a 128-bit key …

Break block in half 01010100011010000110010100100000010101010101001101000001 The USA NSA stor 0100111001010011010000010010000001110011011101000110111101110010
Break each block in half …

Generate 72-bit sub-key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001 a a 01100001 01100001 wesomep
01110111011001010111001101101111011011010110010101110000 Generate a 72-bit subkey …

Rotate key left 7 bytes password!awesome 01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101 7 bytes Rotate
the key left by 7 bytes …

… Okay, I'm just kidding … there’s no way we’re
walking thru all the bits of a modern block cipher. But the point is that you COULD walk thru it - it’s not magical. Modern block ciphers do everything we’ve seen with letters, they just do it at the level of 1’s and 0’s.

So if you see these kinds of complex diagrams, just
understand that yes - somewhere in all that is still a bunch of 1’s and 0’s. It’s just that block ciphers work with so many bits at a time, that it’s easier to describe them at this higher level.

In fact, here’s the diagrams for modern AES.

youtube.com/user/Computerphile And if you like YouTube videos, there’s a couple
of really good ones from “Computerphile” that cover SP-Networks and AES in detail.

Data Encryption Standard (DES) 1977 Lucifer with 56-bit keys So
the NSA could brute force keys if they “needed” to But before AES was DES. DES is a standardized Lucifer cipher with a 56-bit key developed by IBM. The NSA tried to convince IBM to make the key length 48 bits - presumably so the NSA could break it by force if they really needed to. IBM & NSA compromised on a 56-bit key.

Ancient Steganography,   Scytale Brute Force Key Search Caesar Shift
Password-based   Substitution Frequency   Analysis Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis One-Time Pad Enigma Cryptanalytic “Bombs”: Polish, British, US Lucifer, DES 197 1 - 1977 Computer With DES, the code-makers are back on top. Even Colossus wasn’t designed to attack block ciphers that make it quick and easy to perform so many rounds of XOR, substitution, and permutation on binary.

How hard is it to fi nd a   binary
56-bit key? But, since computers keep advancing, how hard is it to fi nd a 56-bit key like this?

1001101010011010100110101001 1010100110101001101010011010 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion (million
billion) In 1976, estimated to cost $20M to build a computer to crack such a key Affordable to the NSA With 56 bits of 1’s or 0’s, there are 72 quadrillion possible keys. In 1976, it was estimated to cost about $20M to build a computer to crack such a key, which was within the NSA budget, for sure.

DES 197 1 - 1977 Computer- powered Brute Force Key
Search Now, I’m going to reset our timeline for the computer age, and we’ve got a pretty even battle between code-makers using computer force, against code-breakers also using computer force. But as we saw with Colossus attacking Enigma, brute force can still be a problem.

By Max Roser - https://ourworldindata.org/uploads/ 2 019 / 05 /Transistor-Count-over-time-to-
2 018 .png, CC BY-SA 4 . 0 , https://commons.wikimedia.org/w/index.php?curid= 7975 1 151 And since 1970, every 2 years the price of electronics has been cut in half, while the processing speed has doubled. And very quickly, 56-bit keys were vulnerable to reasonably-priced attacks.

1100110101001101010011010100 1101010011010100110101001101 0 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion
(million billion) 257 144,115,188,075,855,870 144 quadrillion (million billion) But, one great thing about binary keys is that adding bits increases the key space exponentially. So with just 1 more bit, there are 144 quadrillion possible keys. Still, you can’t just throw a single bit of key into a block cipher made for a certain key size.

DES 197 1 - 1977 Computer-powered Brute Force Key Search
Moore’s Law Which means Moore’s Law is helping the code-breakers more than the code-makers. So, the code-makers developed …

3DES EDE:   DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/ fi gure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_
fi g4_322277374 Triple-DES to provide a relatively simple method of increasing the key size of DES, without having to invent a completely new block cipher. It uses 3 di ff erent 56-bit keys in 3 steps: encrypt with fi rst key, decrypt with second, and then encrypt with third. This is a backwards-compatible way to use a 168-bit key with DES.

TLS Cipher Suites in Windows 11 https://docs.microsoft.com/en-us/windows/win 3 2 /secauthn/tls-cipher-suites-in-windows-
11 In fact, Windows 11 still supports 3DES EDE.

3DES EDE:   DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/ fi gure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_
fi g4_322277374 But if these sizes are so strict …

What about messages that are longer than the key? What
about messages that are longer than the key size? How do you use, say, a 168-bit block cipher to encrypt, say 336 bits of message? To apply Triple-DES to data larger than 168 bits, you need a …

Block cipher   “mode of operation” Block Cipher Mode of
Operation

Electronic Codebook (ECB) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation The simplest mode is Electronic Codebook
that we already saw in the linux penguin image. In ECB, you just break the plain data up into blocks that match the key size, and repeat the key for each block.

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 But we saw, like
Babbage and Rejewski did, that repeating the key is a bad idea.

Cipher Block Chaining (CBC) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation So instead 3DES uses Cipher
Block Chaining (or the more performant Galois/Counter Mode), which uses the output cipher text from one block as input for the next block. This mode helps scramble the key into the encrypted data as much as possible …

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 so the fi nal
cipher data is less obvious.

DES Computer-powered Brute Force Key Search Moore’s Law 3 DES
+ CBC With 3DES and new block modes, the code-makers have techniques to stay ahead of Moore’s Law. But, we still have a nagging problem - no matter how great the encryption system is …

How the heck do we come up with the keys,
and how do we share them with our recipients? I mean, it’s the 60’s and all but we do actually need to keep these keys secret.

In the early days of computing, people did it like
they did with Enigma code-books - banks would literally fl y employees around with disks of keys. But as we built up bigger and bigger networks of connected computers, that became a giant pain.

So, the code-makers needed a way to communicate secret keys
over non-secret channels. (By the way, I used DALL-E to create a lot of images in this presentation. The prompt for this one was “1970's painting of 2 people trying to whisper secretly in a crowd of people who are trying to hear what they're saying.” … and it somehow also created …

This nightmare-fueling evil dead-eyed, triple-grinning fi end of a woman
I’m going to call Eve for comedy reasons) But anyway …

Whit fi eld Dif fi e Stanford AI Lab 1974
Whit fi eld Di ff i e …

Martin Hellman IBM Watson Research Center 1968-1969 and Martin Hellman

New Directions in Cryptography Published 1976 published “New Directions in
Cryptography” with an amazing break-through. To help understand how they solved the problem, let’s set it up clearly …

Alice, Bob, and Eve Alice and Bob need to communicate
securely They need to share a secret They only have public channels between them “Eve is always eavesdropping” How can they share a secret without sharing it with Eve? Two people - Alice and Bob - need to communicate securely. To do that, they need to share a secret key. But, they only have public channels between them. (“Eve is always eavesdropping”) So, how can they share a secret with each other, without sharing it with Eve?

Dif fi e-Hellman Key Exchange They came up with what
we now know as Di ffi e-Hellman Key Exchange.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 Di ffi e-Hellman needs a “one-way function”
- that is, an operation that’s easy to perform in one direction, but hard to reverse. For example, it’s easy to mix 2 colors, but given a mixture of 2 colors, it’s hard or impossible to un-mix them.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 In this color analogy of Di ffi
e-Hellman, Alice and Bob publicly agree on a base color, which Eve also sees.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 <click> Then Alice privately chooses a secret
color, mixes it with the public color, and sends her *mixture* to Bob. Bob privately chooses his own secret color, mixes it with the public color, and sends his *mixture* to Alice. At this point, Alice, Bob, and Eve all have the public color and the 2 mixtures. Now comes the cool part …

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 + ____ ____ + Alice and Bob
each add their own private color to the other’s mixture, and both arrive at the same shared secret color. But without one of their private colors, Eve can’t get to the same color. Now, this new shared secret color is like a shared secret key we need for Triple-DES. But, to do this on a computer, we need a way to do this with binary.

The key can be anything that can encode to 1’s
and 0’s So, anything … like a number. A key can be anything that can encode to 1’s and 0’s - so, anything … like a number. And because we can use numbers for a key, there are lots of cool math algorithms we can use to come up with the shared secret number. …

Dif fi e-Hellman Algorithms Modular arithmetic Elliptic Curves The fi
rst most popular Di ffi e-Hellman algorithm uses modular arithmetic, and I have an appendix covering that math. There’s also elliptic curve algorithms that provide stronger security with smaller keys and less computation, which is becoming very popular to accommodate mobile and other devices with more constrained resources. But we’re going to skip over the particular math involved unless we have time to talk about it later.

Public Key Cryptography! The important thing is this break-through -
to establish a shared secret over public channels - is the foundation of public key cryptography. With Di ffi e-Hellman, we can establish secret keys with anyone in the world over public channels …

Dif fi e-Hellman   Key Establishment 3DES + And then
use those secret keys in encryption algorithms like Triple-DES.

It's hard to over-state how important Public Key Cryptography and
Di ffi e-Hellman has been to computers, the internet, and all of modern life. Most TLS cipher suites use Di ffi e-Hellman for establishing keys. Note: the only reason this Windows 11 list doesn’t show “DH” in TLS 1.3 is because TLS 1.3 removes all other key exchange algorithms in favor of Di ffi e-Hellman! That’s how important this technique is.

DES Computer-powered Brute Force Key Search Moore’s Law 197 0
+ 3 DES + CBC DH + 3 DES + CBC 197 6 With Di ff i e-Hellman & Triple-DES, the code-makers have brought us into the current age of computer crypto, where we have a way to establish secret keys with anyone on the internet, an encryption algorithm to use them, and modes to use the keys on any message!

Now, we’ve gone from a Scytale to Di ffi e-Hellman
Triple-DES with Cipher Block Chaining mode.

How many of you software makers have come across something
that looks like this before? For example, if you use your browser network inspector and the “Security” tab. And may have wondered - what the heck is all that? Well, now you know most of it.

Use Dif fi e-Hellman Exchange to make a key …
… for Triple-DES … … with Cipher Block Chaining mode. … Encrypt-Decrypt-Encrypt … This is describing a TLS connection that uses Di ffi e-Hellman to establish a secret key, and then uses that key for 3DES Encrypt-Decrypt-Encrypt with Cipher Block Chaining mode of operation. So the point is: all these complicated modern crypto ciphers didn’t come from nowhere. And you can actually go learn all about them if you want or need to! In fact you’ve learned a bunch of it already. We’ve made it from ancient Scytales in 500 BC to modern HTTPS.

If you open your network developer tool on any modern
browser and look at the security info, <click> you’ll see the cipher suite used in its HTTPS connection. And that’s where I’ll end this part of the talk with maybe the 2 most basic & important lessons of cryptography for coders:

Don’t invent your own crypto: use mature and popular libraries
Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …

Mind your keys When you’re using those crypto libraries, mind
your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.

Because in a crypto nerd’s imagination, their laptop is stolen,
but it’s encrypted with 4096-bit RSA, so the attackers can’t build a computer big enough to crack it.

Yet what actually happens is attackers just look for quicker
ways to steal or get keys. Like drug the victim and hit them with a $5 wrench until they give up the encryption password.

Questions? Scytale Caesar Cipher Random Substitution Frequency Analysis Poly-alphabetic cipher
Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?

What’s RSA? But what's this RSA part?

Dif fi e-Hellman makes a new key between every 2
people! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption While Di ff i e-Hellman is great for coming up with keys, it creates new and di ff erent keys for every single connection to every single entity.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption In 1970, James Ellis developed an idea for public
encryption based on locking and unlocking messages. Instead of making new keys with everyone, Alice could have a single key for herself, and publish the open lock for everyone else. So anyone could lock messages to Alice, and only she can open them. Ellis never found a mathematical solution for this, but …

Clifford Cox 1971 Trap Door   One-way Function By Royal
Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163 In 1971 Cli ff ord Cox came up with a "trap door” one-way function to do this.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption <click> A "trop door” 1-way function is easy to
perform and hard to reverse, UNLESS you have a special piece of information.

The “e” means encrypt! “d” is for decrypt! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption Cox
needed to come up with a mathematical function that's easy in 1 direction, hard to reverse, BUT is easy to reverse if you have some secret knowledge. The solution is an amazing combo of modular arithmetic and prime factorization. But again, we’re going to skip the maths unless people want to see it later.

Ron Rivest, Adi Shamir, Leonard Adelman Cox's discovery was immediately
classi fi ed by the British GCHQ (like the American NSA). But a few years later, in 1977 it was independently re-discovered by Ron Rivest, Adi Shamir, and Leonard Adelman, which is why we know it as RSA. RSA is the most widely copied and used software in the world. With it, anyone in the world can create a pair of public and private keys and use those keys to communicate securely with anyone else in the world.

RSA signature I should point out that although RSA was
designed as a crypto-system for encryption, encrypting and decrypting with RSA keys means the same key is re-used many many times, which we now know makes it more vulnerable to cryptanalysis. So in most modern cipher suites, it’s only used for signing & verifying certi fi cates, which is what we’ll look at next.

+ 3 DES + CBC DH/RSA + 3 DES + CBC 197 6 - 1981 So in the 70’s and 80’s, code-makers have ways to give away their own public key, and a way for anyone to use that key to establish a shared secret key, and an encryption algorithm with secure modes to use the keys on any message! It’s all the building blocks of a crypto-system design that can scale to every single person and device on the planet!

Public Key Certi fi cates https://www.youtube.com/watch?v=704dudhA7UI Alice's Alice's Alice's But
if every Bob can encrypt messages to every Alice on the planet, there's another problem - how does Bob know it's the real Alice he’s talking to? To establish this trust, Alice is going to get a … Public Key Certi fi cate. Alice submits her public key and some identi fi cation to a Certi fi cate Authority. The CA veri fi es Alice’s identity and signs her certi fi cate.

-Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. So when Bob connects to the real Alice, she presents her certi fi cate signed by a CA, and Bob can verify it’s been signed by a CA he trusts. Which brings us fi nally to …

HTTPS. If you click the padlock icon next to a
website in any major browser, you can dig into the cryptography that was used to connect the browser to the site. In this case, I’m at relay. fi refox.com with my Firefox web browser. If I click more information …

Look! The RSA public exponent and modulus! I can see
the certi fi cate at relay. fi refox.com which includes its public key info, and has been signed with the RSA private key of …

Another RSA public exponent and modulus Let’s Encrypt, which is
itself signed by a "root" Let’s Encrypt private key. These root private keys are typically stored o ffl ine in facilities with strong physical security. Now, the public key matching that root private key …

comes pre-loaded on most operating systems in the world. In
this example, my Mac 10.15 laptop implicitly trusts the Let’s Encrypt root certi fi cate. So, my device trusts connections that present a public key that’s signed by Let’s Encrypt. So, in a rush to re-cap …

We’ve made it from ancient Scytales to modern HTTPS, covering
lots and lots of cryptography in between.

DES Computer-powered Brute Force Key Search Moore’s Law 3 DES
+ CBC DH/RSA + 3 DES + CBC Code-breaking: PKI, implementation, protocol attacks 199 5 - Present Code-making:   PKI (Certi fi cate Authorities), AES, Elliptic Curves 199 5 -Present For the sake of time, I’ve left out a LOT of modern code-making and code-breaking … e.g., the math of DH and RSA, code-making with AES & Elliptic Curves, and code- breaking attacks against PKI, implementations, protocol attacks, etc. Because I want to make the 2 most important practical points about cryptography:

Don’t invent your own crypto: use mature and popular libraries
Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …

Mind your keys When you’re using those crypto libraries, mind
your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.

In a crypto nerd’s imagination, their laptop is stolen, but
it’s encrypted with 4096-bit RSA, so the attackers can’t build a computer big enough to crack it. And that’s both the strength and the weakness of cryptography. Through-out history, code-makers are forcing code-breakers into key-cracking attacks that would take too long to complete.

So what actually happens is attackers just look for quicker
ways to steal or get keys. Like drug the victim and hit them with a $5 wrench until they give up the encryption password.

Questions? Scytale Caesar Cipher Unshifted cipher Frequency Analysis Poly-alphabetic cipher
Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?

That certi fi cate contained a public key

-Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. The CA signs it with their private key to make a signed digital certi fi cate. Now, when someone like Bob wants to make an encrypted connection with Alice, she presents them with her signed public key certi fi cate. Which brings us fi nally to …

it takes a quantum computer to defeat this snippet of
JavaScript, which implements RSA. (And look! I fi nally showed some JavaScript at the keynote of a JavaScript conference!) This is what I love about cryptography. Security is usually an unfair battle where attackers have all the advantages - because they only need to fi nd 1 point of weakness. But the mathematical properties of cryptography are so strong, it forces attackers to look for some other weakness besides trying to crack the keys.

To start the HTTPS connection, my client said “hello” to
the server with a list of cipher suites that it supports

The server responded with the selected cipher suite, and its
public key

<click> And if we use a number as the key,
I'm afraid we need to use ... MATH! Yes, we're even covering crypto math today.

And in MATH! , we have some 1-way functions! And
because in math, we have some 1-way functions!

Modular Arithmetic aka “Clock” arithmetic https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem The one-way function we
use for Di ffi e-Hellman is modular arithmetic, also known as “clock” arithmetic.

To fi nd 46 mod 12 … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem For example,
to fi nd 46 mod 12, you divide 12 into 46, and the remainder is the answer.

Wrap a cord 46 “hours” long around a 12-hour clock
… … and it ends on 10 Another way to think of this, is to wrap a cord 46 “hours” long around a 12-hour clock, and the cord will end on the remainder, in this case: 10.

Easy to perform … 46 mod 12 is “congruent” to
10 generator Modulus So 46 is our “generator”, 12 is our “modulus”, and we say 46 mod 12 is “congruent” to 10. This equation is easy to perform.

? mod 12 ≡ 10 … hard to reverse But
it’s hard to reverse …

? mod 12 ≡ 10 22 mod 12 ≡ 10
34 mod 12 ≡ 10 46 mod 12 ≡ 10 58 mod 12 ≡ 10 70 mod 12 ≡ 10 .. mod 12 ≡ 10 … impossible to reverse! … in fact, in this form, it’s impossible to reverse, because there are an in fi nite number of right answers.

… impossible for recipient too! So, like the random anagram,
it's impossible for our recipient to know which number to use. So again, we need a way to calculate this with an algorithm and a key. And that key needs to be made of a secret part from Alice and Bob.

Alice picks an exponent https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus “n”
generator “g” To do this, Alice is going to raise the “generator” to an exponent, and then take the modulus of 17, which results in 12.

Alice keeps her exponent secret https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus
“n” generator “g” But Alice is going to keep her exponent secret. She will only share her result.

“Discrete Logarithm” problem https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 This equation is known
as a “discrete logarithm problem” or DLP, and there’s no generalized method for solving it.

“Discrete Logarithm” problem Have to resort to “brute force” guessing
the exponent Which means there’s no short-cuts to solving it - you have to simply “brute force” guess the answer. So this is our 1-way function. Easy to compute, hard to reverse.

For small numbers, it’s easy, but not for a large
prime modulus. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 <click> For small numbers, it’s easy to guess. But not for prime moduli that are hundreds of digits long.

How can we turn that single exponent secret into 2
secrets? But we need to turn that single secret number into 2 secret numbers, in a way that combining them will result in the same answer. Which sounds super-hard, right? But this might be easier than you suspect. In fact, we all learned about it in 1st grade math …

“Commutative” Arithmetic:   Order of operands doesn’t matter 3 +
5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Remember when we learned that addition and multiplication are commutative? That is, it doesn’t matter what order you put the numbers in - you’ll get the same answer.

“Commutative” Arithmetic:   Order of operands doesn’t matter 323 332
= = 729 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Well, sequential exponentiation is also commutative. That is, if you raise 3 to the power of 2, and raise that answer to the power of 3, you get 729. If someone else raises that 3 to the power of 3, and raises that answer to the power of 2, they also get 729. So, if 2 people each raise a number to 2 sequential exponents, they will get the same result, no matter the order.

Alice and Bob publicly agree on a generator and prime
modulus https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 So, fi rst, Alice and Bob publicly agree on a generator and prime modulus that everyone can see.

Alice picks a private number, and sends the result to
Bob https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Then Alice picks a private exponent, and sends her result to Bob …

Bob picks a private number, and sends the result to
Alice https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Bob also picks his own private exponent, and send his result to Alice …

Now the cool part … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 So, now
Alice, Bob, and Eve all have the public generator, modulus, and both results. And now we do the cool part …

Alice raises Bob’s result to her private exponent and gets
10 Alice raises Bob’s result to her own private exponent and gets 10.

Bob raises Alice’s mixture to his private exponent and also
gets 10! Bob raises Alice’s result to his own private exponent and gets the same number 10!

Because their results were calculated from the shared public generator
and prime modulus Notice they actually did the same calculation, because if you convert their results back into their original forms …

So, they did the same calculation with exponents in different
order, which doesn’t affect the result They both raised the generator to both of their exponents, just with the exponents in a di ff erent order. But changing the order of exponents doesn’t change the result.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption In the 4th century BC, Euclid showed that every
number has only 1 prime factorization - that is, there's only 1 set of prime numbers that multiply together to equal that number.

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption And prime factorization is a hard problem. If you
multiply 2 large prime numbers to get a giant result number, it would be hard to get back to the prime numbers if you only know the result. But now we need a trap door for it …

In the 18th century AD Leonhard Euler de fi ned
the phi function, which measures the “breakability” of a number. It tells you how many numbers are less than the number that do NOT share a factor with the number. In this case, phi of 8 equals 4. Calculating phi is also a hard function, except for 1 kind of number …

the phi value of a prime number is easy to
calculate - it's just the prime number minus 1.

So, Cox integrated the phi function into modular exponentiation. This
means …

Alice can pick 2 prime numbers, and calculate their product,
and phi value easily. Then she picks a public exponent, and calculates

her decryption number.

Then she hides everything but her exponent and result, which
will be used as a modulus. She can publish these to anyone and everyone.

Bob's number With those, Bob can now encrypt a number
with Alice's public key.

And only Alice can use her private key to decrypt
it. Eve would need to fi nd Alice's prime factors to decrypt Bob’s number.

<click> So how hard is this? Well, multiplying numbers is
easy and stays under a second even for larger numbers. Factoring small numbers is also under a second. But as the numbers get larger, there's an exponential e ff ect where multiplying the numbers is waaaay faster than factoring the resulting number, which can take hundreds or thousands of years.

cryptory-up-to-https-atlas-2024.pdf

cryptory-up-to-https-atlas-2024.pdf

More Decks by luke crouch

Other Decks in Technology

Featured

Transcript