Tweet
Tweet

Slide 1

Slide 1 text

Cryptography 500 BC to https:// Hey everyone, I'm Luke and this is my talk on cryptography from 500 BC to https. Before I get started; 2 house-keeping items …

Slide 2

Slide 2 text

Plugs First, some plugs …

Slide 3

Slide 3 text

Tuesday March 12 at Atlas School is Tulsa UX + Tulsa WebDevs 10th semi-annual sometimes-we-do-this lightning talk thing. These are always cool because you get about 5-10 di ff erent topics and talks in a single night. It’s free and dinner is provided.

Slide 4

Slide 4 text

BSides Oklahoma is happening April 3-5 at the Glenpool Conference Center. Oklahoma hosts one of the nation’s best bsides events, and it's free! Plus, they o ff er lunch and a bar. BSides is a highlight of my year.

Slide 5

Slide 5 text

And then fi nally on May 17 is our annual 200 OK web developer conference at Atlas School Tulsa. This is a cool 1-day conference with speakers from around the country (sometimes around the world) and really cool talks and after-party stu ff too.

Slide 6

Slide 6 text

Audience Okay second, just to help me understand this audience, how many people are: cryptography professionals (any PhDs?)? security professionals? tech professionals? into cryptocurrency and mistakenly thought this talk would be about that?

Slide 7

Slide 7 text

Now I won’t be covering much that has anything to do with cryptocurrency in this talk, and when I say “crypto” today, I mean cryptography - not cryptocurrency. But I have another talk that covers bitcoin, cryptocurrency, and cryptojacking on my speaker deck that I’ll share in a second.

Slide 8

Slide 8 text

About me I’m not a crypto engineer I’m a web developer 
 who got into 
 Security Engineering I’ve always been scared 
 and fascinated by crypto Okay, I’m Luke and I’m not a cryptography engineer. I’m a web developer who got into security. I remember feeling like I couldn’t be a “real” security pro because I was scared of cryptography and math. I barely understood what https was, and only vaguely knew that private keys should be kept secret. So if that sounds like you, then this talk might be great for you. I found that learning historical cryptography helped me understand what’s going on in https too. So, what I’d like to do today …

Slide 9

Slide 9 text

About this talk 2700 years in 40 minutes Ancient, Renaissance, Mechanical, Computer Don’t take notes Slides (including full script) are already up at: 
 
 speakerdeck.com/groovecoder is cover 2700 years of cryptography from ancient to computer cryptography including https that we all use every day. Don’t try to take notes - I’m going too fast. These slides with links are already up on speakerdeck. My goal here is that this quick blast helps you see that today's cryptography didn’t spring out of nowhere, and to feel more con fi dent that you can learn it if you want or need to.

Slide 10

Slide 10 text

The Code Book Simon Singh The fl ow of this talk summarizes an excellent book from Simon Singh called The Code Book. The code book is less technical and more biographical - it’s great.

Slide 11

Slide 11 text

Journey into Cryptography Khan Academy I also learned a lot from Khan Academy’s “Journey into Cryptography” course.

Slide 12

Slide 12 text

Bulletproof TLS and PKI Ivan Ristić And especially for HTTPS, there’s great modern practical advice from Bulletproof TLS and PKI by Ivan Ristić.

Slide 13

Slide 13 text

Chalk Talk Kelsey Houston-Edwards And while I don’t cover any of it in this talk, Kelsey Houston-Edwards has some great videos on her Chalk Talk YouTube channel about the mathematics of things like post-quantum cryptography.

Slide 14

Slide 14 text

Cryptography: 500 BC - https Okay, now let’s do cryptography from 500 BC to https. I fi nd it helps understand cryptography by comparing it to another technique for secrets …

Slide 15

Slide 15 text

Steganography, or simply: hiding messages. So, some interesting ancient steganography stories …

Slide 16

Slide 16 text

499 BCE Histiaeus of Miletus shaves head of a slave to write to Aristagoras to revolt against Persians In 499 BC, Histiaeus of Miletus was ruling Susa. But he wanted to go back to Miletus, so he shaved a servant’s head and wrote a message to Aristagoras back in Miletus telling him to start a revolution. When the servant’s hair had grown back, Histiaeus sent him to Aristagoras. Aristagoras shaved his head, received the message, started a revolt, and Histiaeus was sent back to Miletus by King Darius to deal with the rebellion.

Slide 17

Slide 17 text

480 BCE Demaratus writes into wood covered with wax re: Xerxes’ pending attack Another cool steganography technique from the same time: there are records of using wooden & wax tablets - the real message was carved into wood, then covered with wax, which had a fake message carved on top. The recipient would melt the wax to reveal the real message.

Slide 18

Slide 18 text

??? Chinese writings on silk in balls of wax ingested by couriers And speaking of wax, in ancient China, senders would write messages on silk paper, crumple them up and cover them with wax. A courier would eat them, travel to a destination, and then … recover them.

Slide 19

Slide 19 text

First “Invisible Ink”, 1st c. AD Pliny the Elder Milk of tithymalus plant Heat-activated And the fi rst records of “invisible ink” come from the fi rst century AD. Though they seem simple, steganography tricks can still be relatively e ff ective. In fact, if you ask me at the end, I can describe a steganography trick we came up with for Firefox just a couple years ago.

Slide 20

Slide 20 text

But especially important to modern security is Cryptography. (Or as DALL-E spells it: cryptoography) Cryptography is not just hiding messages - it’s transforming a message into a completely di ff erent message. This is done with …

Slide 21

Slide 21 text

Ciphers a cipher.

Slide 22

Slide 22 text

T ranspositional Permutation 
 Ciphers Anagrams: move letters around The fi rst ciphers used in writing were permutation ciphers, like anagrams. (The code book calls these transpositional, but I’m going to use “permutation”, because that’s what modern ciphers call it.) And although simple to understand, they can be quite strong …

Slide 23

Slide 23 text

Permutation Cipher For example, consider this short sentence 35 letters 57,675,839,111,362,423,741,870,080,000,000 
 (57 million trillion trillion) permutations For example, consider this short sentence, which has 35 letters that can be mutated into 57 million trillion trillion possible permutations!

Slide 24

Slide 24 text

When we measure how “strong” an encryption system is, we measure it by its … Now, when we measure how “strong” an encryption system is, we measure it by its …

Slide 25

Slide 25 text

Time Complexity time complexity. Which is how long it would take to “break” the cipher text and recover plain text. This is why you hear cryptographers say things like it would take longer than the heat death of the universe to break some cipher-text.

Slide 26

Slide 26 text

Permutation Cipher EXPERIMENTATIONS FRESH CHORD LOSS 57,675,839,111,362,423,741,870,080,000,000 
 (57 million trillion trillion) permutations 1 check/second = 
 1,500,000,000,000,000,000,000,000 years 
 (1 trillion billion years) For example, if we had this cipher text “Experimentations fresh chord loss”, and we could re-arrange it once per second to guess the plain text, it would still take 1 trillion billion years to check all the possibilities. So even this little anagram is quite strong.

Slide 27

Slide 27 text

We can’t just send a random anagram Impossible for intended recipient too Which anagram is correct? Do Not Attack at Midnight Attack at Mind: do T onight But we can’t just send someone a random anagram, because it’s impossible for the intended recipient to know which anagram is the correct plain text. For example, the exact same letters could be deciphered as either “Do not attack at midnight” or “Attack at mind: do tonight”

Slide 28

Slide 28 text

We need a 
 deterministic way to encrypt & decrypt So we need a deterministic way to encrypt & decrypt anagrams.

Slide 29

Slide 29 text

Algorithms & Keys We do this with an encryption algorithm and a key. There’s always a key! The most fundamental principle of cryptography from ancient to modern times is …

Slide 30

Slide 30 text

“a crypto-system should be secure, even if everything about the system, except the key, is public knowledge” –Kerchkoff’s Principle (19th century AD) Kerchko ff ’s principle which states “a crypto-system should be secure, even if everything about the system, except the key, is public knowledge”. So, a fi rst crypto- system for anagrams …

Slide 31

Slide 31 text

Scytale, ~700 BCE - 120 AD Algorithm Wrap message around a cylinder Key Diameter of cylinder was a device called a scytale. To use it, you wrap a piece of paper around a cylinder, and then write a message across the bands. When the paper is un-wound, it looks like one long thin of nonsense letters. The key is simply the diameter of the cylinder. The scytale was a machine that implemented what’s called …

Slide 32

Slide 32 text

Rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html … a “rail fence cipher”. In this cipher …

Slide 33

Slide 33 text

Algorithm: Rail fence cipher key: 4 rows http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north … you write a plain text message like "they are attacking from the north” diagonally across some number of rows, in this case 4 …

Slide 34

Slide 34 text

http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north Algorithm: Rail fence cipher key: 4 rows then you go thru each row and write the letters from left to right …

Slide 35

Slide 35 text

http://crypto.interactive-maths.com/rail-fence-cipher.html they are attacking from the north TEKOOHRACIRMNREATANFTETYTGHH Algorithm: Rail fence cipher key: 4 rows … and end up with this anagram cipher text.

Slide 36

Slide 36 text

TEKOOHRACIRMNREATANFTETYTGHH To decrypt this …

Slide 37

Slide 37 text

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C I R M N R E A T A N F T E T Y T G H H Algorithm: Rail fence cipher key: 4 rows the recipient knows the key is 4 rows, so they would draw a grid of 4 rows and as many columns as the letters,

Slide 38

Slide 38 text

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C I R M N R E A T A N F T E T Y T G H H then write the cipher letters from the top here …

Slide 39

Slide 39 text

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C I R M N R E A T A N F T E T Y T G H H across the grid …

Slide 40

Slide 40 text

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C I R M N R E A T A N F T E T Y T G H H diagonally …

Slide 41

Slide 41 text

http://crypto.interactive-maths.com/rail-fence-cipher.html T E K O O H R A C I R M N R E A T A N F T E T Y T G H H they are attacking from the north to recover the plaintext at the bottom.

Slide 42

Slide 42 text

Scytale ~700 BC Let's call Scytale our fi rst ancient crypto-system, and try break it.

Slide 43

Slide 43 text

Cryptanalysis Breaking encrypted messages Breaking encrypted messages is called cryptanalysis.

Slide 44

Slide 44 text

Breaking rail fence cipher http://crypto.interactive-maths.com/rail-fence-cipher.html “Brute Force” 
 key search: 
 T ry a bunch of numbers of rows by hand With a rail fence cipher, we can simply try a bunch of numbers of rows by hand. This is a “brute force” key search. Note: we’re not guessing the trillions of possible plain texts here, we’re just guessing the key.

Slide 45

Slide 45 text

Breaking rail fence cipher DELEHELFTAAEDSWNT 2 rows: daealeedhsewlnftt 3 rows: deslefwtlanaeetdh 4 rows: detwaheeanellfdts 5 rows: defend the east wall For example, to break this cipher text on top encrypted with rail fence, we would write it over grids with 2, 3, 4, and then 5 rows to eventually fi nd that the right key is 5 and the plain text is “defend the east wall”.

Slide 46

Slide 46 text

So, the fi rst cryptanalysis is simply “brute force” 
 key searching So, the fi rst code-breaking is “brute force” key searching. And since we measure strength by the time it takes an attacker to recover the plain text, that means the strength of a crypto-system facing a “brute force” key search depends on the total …

Slide 47

Slide 47 text

“Key space” … key space thru which an attacker has to search. That is - how many possible keys can there be?

Slide 48

Slide 48 text

Breaking a Scytale “Brute Force” 
 key search: 
 T ry a bunch of cylinders To break a message encrypted with a scytale, I mean - how many keys could there really be? Just wrap the message around a bunch of di ff erent cylinders.

Slide 49

Slide 49 text

Scytale ~700 BC Brute Force Key Search So scytale vs. brute force is our fi rst battle between code-makers and code-breakers.

Slide 50

Slide 50 text

Substitutional Cipher Change letters into other letters Skip ahead about 700 years to an encryption system you’ve heard of. It uses a substitution cipher, which doesn’t just move letters around, but changes letters into other letters.

Slide 51

Slide 51 text

Caesar Cipher, 49 - 44 BC Algorithm Shift the alphabet Key positions shifted Nearly everyone has heard of the Caeser Cipher, where the algorithm is to shift the alphabet, and the key is the number of positions you shifted it.

Slide 52

Slide 52 text

Caesar (Shift) Cipher Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XYZABCDEFGHIJKLMNOPQRSTUVW So in this example, we shift the alphabet by -3. So the plain text e at the top becomes cipher text B at the bottom. Plain f becomes cipher C, and so on.

Slide 53

Slide 53 text

Steganography, 
 Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC The code-makers have a new encryption system, but the bad news …

Slide 54

Slide 54 text

Breaking a Caesar Cipher Brute force 
 key search: 
 
 23 possible shifts … is that brute force can also break a caesar cipher. Because you can only shift the 1st century Latin alphabet 23 times, there's only 23 possible keys.

Slide 55

Slide 55 text

Aside🔒: simple can still be useful But before we dismiss simple ciphers, I want to point out they can still be useful. When Russia was gearing up to invade Ukraine, I came across this technique to use “rot13” - that is, a caeser cipher with a shift of 13 - with socat as a technique to circumvent deep packet inspection tools that Russia uses to censor its internet. Sometimes the oldest tricks are the best ones. How many DPI operators will think to check for 2000-year-old ciphers?

Slide 56

Slide 56 text

Substituting is cool … but we ned a way to do it with more than 23 keys. 
 
 So it would take an attacker a long time to search them all? So substituting letters is cool, but we need a way to do it with more than 23 keys. So it would take an attacker a long time to search them all.

Slide 57

Slide 57 text

Anagrams For example, consider this short sentence 35 letters 57,675,839,111,362,423,741,870,080,000,000 
 (57 million trillion trillion) permutations Now remember from the anagrams that we were able to create 57 million trillion trillion random anagrams out of 35 letters.

Slide 58

Slide 58 text

Anagram the alphabet! ABCDEFGHIJKLMNOPQRSTUVWXYZ 26 letters 403,291,461,126,605,635,584,000,000 
 (403 trillion trillion) permutations The same math says if we anagram an alphabet with 26 letters, we can make 403 trillion trillion possible anagrams.

Slide 59

Slide 59 text

Now that’s a big key space! Now that’s a big key space!

Slide 60

Slide 60 text

Algorithm Substitute each letter with another letter Key A random anagram of the alphabet! So what we can do is substitute each letter with a di ff erent letter from a random anagram of the alphabet.

Slide 61

Slide 61 text

Key: XZAVOIDBYGERSPCFHJKLMNQTUW So the key could be something like this …

Slide 62

Slide 62 text

Key: IXJUYPCERHTFODKLNQVGSZMBAW or this …

Slide 63

Slide 63 text

Key: IXJUYPCERHTFODKLNQVGSZMBAW ORVLFHPCMGUXEBWAINSQZJDTKY HRIBXDWGNTYPUKCMAJEZFVSQLO AJTPLEZDMVNCGSKXWYRQOIHBUF LDHUIVCTJXEWBRZYOQKFMNPGSA or any of these.

Slide 64

Slide 64 text

Random Substitutional Cipher 403,291,461,126,605,635,584,000,000 
 alphabets Check 1 every second … 120,000,000,000,000,000,000 or any of 403 trillion trillion possible alphabets. So even if someone could check a di ff erent key every second, it would take them 120 billion billion years to check them all! Which is super cool, and brings up 2 important points to understand about all crypto-systems …

Slide 65

Slide 65 text

Randomness is good! Randomness is good. From this ancient cipher to post-quantum lattice-based algorithms, so much of the secrecy and security of cryptography comes from incorporating randomness - especially into keys.

Slide 66

Slide 66 text

Most🔒 crypto-systems don’t try to offer “perfect” encryption … Second, most crypto-systems don’t try to o ff er “perfect” encryption

Slide 67

Slide 67 text

… most crypto systems try to force attackers into 
 key searches that take too long to complete most crypto systems try to force attackers into key searches that take too long to complete.

Slide 68

Slide 68 text

Random Substitutional Cipher 403,291,461,126,605,635,584,000,000 
 alphabets Check 1 every second … 120,000,000,000,000,000,000 To attack this, the attacker has to perform a key search that would take several decades, even with hundreds of thousands of high-end modern computers in the cloud. But there’s a catch … (there’s always a catch, right?)

Slide 69

Slide 69 text

Key: XZAVOIDBYGERSPCFHJKLMNQTUW A key in this crypto-system is complicated and hard to memorize, so someone’s going to write it down on a post-it note stuck to a monitor somewhere. This is the never- ending challenge of every crypto-system thru all ages …

Slide 70

Slide 70 text

keep the key secret and keep the key safe.

Slide 71

Slide 71 text

Can we make a 
 “random-ish” key that is easier to memorize? To keep it more secret and safe, can we make a random-ish key that is easier to memorize? We'll do this by using a key phrase, and using that to make an alphabet.

Slide 72

Slide 72 text

Easy to memorize key JULIUS CAESAR
 JULISCAER We start with a key phrase, like “Julius Caesar”, and remove any duplicate letters.

Slide 73

Slide 73 text

Easy to memorize key Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR
 JULISCAER Then, we write it, and all the remaining letters in the alphabet, in order, skipping letters that were already in the key phrase.

Slide 74

Slide 74 text

Easy to memorize key Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR
 JULISCAER Note: smaller key space And now we have a cipher alphabet to encrypt our plain alphabet.

Slide 75

Slide 75 text

“key derivation function” Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ JULIUS CAESAR This is called a “key derivation function”. It’s a way to turn some source key material into a key that is suitable for a certain crypto system.

Slide 76

Slide 76 text

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: JULISCAERTVWXYZBDFGHKMNOPQ Defend the East wall ISCSYI HES SJGH NJWW Now we can encrypt the plain text above into the cipher text below, using an easy-to-memorize key.

Slide 77

Slide 77 text

Steganography, 
 Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC Password-based 
 Substitution 
 Cipher So we have an easy-to-use cipher up against brute force that would take billions of billions of years to perform by hand …

Slide 78

Slide 78 text

Password-based Substitution Cipher considered un-breakable* for ~800 years, until … * because passwords are always strong, right? This password-based cipher was considered un-breakable for about 800 years, and then …

Slide 79

Slide 79 text

ةامعملا بتكلا جارختسا يف ةلاسر (On Decrypting Encrypted Correspondence) يدنكلا حاّبصلا قاحسإ نب بوقعي فسوي وبأ 
 (Abu Yūsuf Yaʻqūb ibn ʼIsḥāq aṣ-Ṣabbāḥ al-Kindī) 
 Al-Kindi 801-873 AD In the 9th century, Abu Yusuf Al-Kindi wrote a treatise on code-breaking. In it, he explained a …

Slide 80

Slide 80 text

Frequency Analysis Attack Frequency Analysis Attack

Slide 81

Slide 81 text

A frequency analysis attack is based on the fact that, in every language, some letters occur more often than others.

Slide 82

Slide 82 text

“PCQ VMJYPD LBYK LYSO KBXBJXWXV BXV ZCJPO EYPD KBXBJYUXJ LBJOO KCPK. CP LBO LBCMKXPV XPV IYJKL PYDBL, QBOP KBO BXV OPVOV LBO LXRO CI SX’XJMI, KBO JCKO XPV EYKKOV LBO DJCMPV ZOICJO BYS, KXUYPD: “DJOXL EYPD, ICJ X LBCMKXPV XPV CPO PYDBLK Y BXNO ZOOP JOACMPLYPD LC UCM LBO IXZROK CI FXKL XDOK XPV LBO RODOPVK CI XPAYOPL EYPDK. SXU Y SXEO KC ZCRV XK LC AJXNO X IXNCMJ CI UCMJ SXGOKLU?” –OFYRCDMO, LXROK IJCS LBO LBCMKXPV XPV CPO PYDBLK So, if you have some cipher text …

Slide 83

Slide 83 text

Cipher alphabet: OXPCBKLYVJDIMRSUZEANFQGWHT … you can count which cipher letters are the most frequent …

Slide 84

Slide 84 text

Plain alphabet: etaoinshrdlcumwfgypbvkjxqz Cipher alphabet: OXPCBKLYVJDIMRSUZEANFQGWHT … and map those to the letters that are most frequent in the plain alphabet …

Slide 85

Slide 85 text

Likeliest plaintext letters O = e X = t P = a And guess they are the most frequent plain letters.

Slide 86

Slide 86 text

English frequency rules Most common double-letters: “LL”, “SS”, “EE”, “OO” Vowels appear before and after most other letters Consonants avoid many letters E.g., ‘e’ appears before/after virtually every other letter; while ’t’ is rarely seen before or after ‘b’, ‘d’, ‘g’, ‘j’, ‘k’, ‘m’, ‘q’, ‘v’ “ee” occurs more than “oo” occurs more than other double-vowels “a” occurs on its own often - more than “I” on its own ‘h’ frequently goes before ‘e’ but rarely after ‘e’ If you bring in more language frequency rules …

Slide 87

Slide 87 text

Cipher O = e X = a Y = i B = h P = t ? … you give yourself even better guesses.

Slide 88

Slide 88 text

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK Then, apply your guesses to the cipher text …

Slide 89

Slide 89 text

“PCQ VMJiPD LhiK LiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ LhJee KCPK. CP Lhe LhCMKaPV aPV IiJKL PiDhL, QheP Khe haV ePVeV Lhe LaRe CI Sa’aJMI, Khe JCKe aPV EiKKeV Lhe DJCMPV ZeICJe hiS, KaUiPD: “DJeaL EiPD, ICJ a LhCMKaPV aPV CPe PiDhLK i haNe ZeeP JeACMPLiPD LC UCM Lhe IaZReK CI FaKL aDeK aPV Lhe ReDePVK CI aPAiePL EiPDK. SaU i SaEe KC ZCRV aK LC AJaNe a IaNCMJ CI UCMJ SaGeKLU?” –eFiRCDMe, LaReK IJCS Lhe LhCMKaPV aPV CPe PiDhLK “Lhe” 6 times and you’ll see some common patterns emerge. For example here, what’s a common 3-letter word in English that ends with “he”?

Slide 90

Slide 90 text

“Lhe” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X???O??BY??????????L?????? “the” Right, “the”. So you’ve fi gured out that cipher “L” is plaintext “t”.

Slide 91

Slide 91 text

“PCQ VMJiPD thiK tiSe KhahJaWaV haV ZCJPe EiPD KhahJiUaJ thJee KCPK. CP the thCMKaPV aPV IiJKt PiDht, QheP Khe haV ePVeV the taRe CI Sa’aJMI, Khe JCKe aPV EiKKeV the DJCMPV ZeICJe hiS, KaUiPD: “DJeat EiPD, ICJ a thCMKaPV aPV CPe PiDhtK i haNe ZeeP JeACMPtiPD tC UCM the IaZReK CI FaKt aDeK aPV the ReDePVK CI aPAiePt EiPDK. SaU i SaEe KC ZCRV aK tC AJaNe a IaNCMJ CI UCMJ SaGeKtU?” –eFiRCDMe, taReK IJCS the thCMKaPV aPV CPe PiDhtK “aPV” 5 times How about another common 3-letter word that begins with “a”?

Slide 92

Slide 92 text

“aPV” Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: X??VO??BY????P?????L?????? “and” “and” - now you know cipher “V” is plain “d” and cipher “P” is plain “n” too. So, fi nding part of the key can let you crack the rest of it.

Slide 93

Slide 93 text

So … a couple hours later …

Slide 94

Slide 94 text

“now during this time shahra[qxzj]ad had borne king shahriyar three sons. on the thousand and fi rst night, when she had ended the tale of ma’aruf, she rose and kissed the ground before him, saying: “great king, for a thousand and one nights i have been recounting to you the fables of past ages and the legends of ancient kings. may i make so bold as to crave a favour of your ma[qxzj]esty?” –epilogue, tales from the thousand and one nights Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: XZAVOIDBY?ERSPCF?JKLMNQ?U? you can reconstruct the whole key and recover all the plaintext.

Slide 95

Slide 95 text

Frequency Analysis: An analytical attack faster than brute force key search Which means a frequency analysis attack is waaaaay faster than brute force.

Slide 96

Slide 96 text

Steganography, 
 Scytale ~700 BC Brute Force Key Search Caesar Cipher ~50 BC Password-based 
 Substitution 
 Cipher Frequency 
 Analysis 
 ~800 AD And now the code-breakers have the upper-hand. This new attack fi nds the key in hours instead of billions of years.

Slide 97

Slide 97 text

Code-makers needed a 
 crypto-system that wasn’t vulnerable to 
 Frequency Analysis Until the code-makers came up with a new crypto-system that wasn’t vulnerable to frequency analysis.

Slide 98

Slide 98 text

Leon Battista Alberti 140 4 - 1472 “poly-alphabetic” cipher In the 15th century, Leon Battista Alberti devised a “poly-alphabetic” substitution cipher.

Slide 99

Slide 99 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z Poly-alphabetic Substitution Cipher Which uses 2 or more alphabets. For example, here we see the plain alphabet followed by 2 randomized cipher alphabets.

Slide 100

Slide 100 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret R_____ Poly-alphabetic Substitution Cipher In this system, to encrypt the word “secret”, you encrypt the fi rst letter with the fi rst alphabet, so “s” becomes “R”.

Slide 101

Slide 101 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RA____ Poly-alphabetic Substitution Cipher For the next letter, you use the next alphabet, so “e” becomes “A”.

Slide 102

Slide 102 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RAB___ Poly-alphabetic Substitution Cipher Then wrap back up to the fi rst, so “c” becomes “B”.

Slide 103

Slide 103 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABH__ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher next, “r” becomes “H”

Slide 104

Slide 104 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E RABHK_ a b c d e f g h i j k l m n o p q r s t u v w x y z secret Poly-alphabetic Substitution Cipher “e” becomes “K”

Slide 105

Slide 105 text

D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z secret RABHKK Poly-alphabetic Substitution Cipher and “t” becomes “K”

Slide 106

Slide 106 text

False frequencies ‘e’ is enciphered as both ‘A’ and ‘K’ ‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK Using 2 cipher alphabets means that the plain letter “e” becomes both an “A” and a “K”, and that a cipher “K” could be either an “e” or a “t”. So the frequency of the cipher letters is di ff erent than the plain alphabet.

Slide 107

Slide 107 text

Plain alphabet: abcdefghijklmnopqrstuvwxyz Cipher alphabet: ?????????????????????????? 🚫 So, now the code-makers have a system that’s not vulnerable to frequency analysis

Slide 108

Slide 108 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis 
 ~800 AD Homophonic Substitution Poly-alphabetic Substitution ~ 1 45 0 AD 🚫 which means attackers are back to using brute force.

Slide 109

Slide 109 text

Poly-alphabetic beats frequency analysis, but … But even though poly-alphabetic beats frequency analysis …

Slide 110

Slide 110 text

Poly-alphabetic ciphers are complex D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z M N I P X F S WD T B C E V K U O G A Y J L H Q Z R M WX R G D A C B E I Q T H U V J P F Y K O S Z L N S J C X V E K M WB G T P D A Y N R Q U O F H L I Z X T Q N I L S O Z J V H P F U WC Y D G E M K A B R it has the same problem that random substitution had: look at this complicated 6-alphabet key! Who wants to memorize THAT?

Slide 111

Slide 111 text

Keyword 
 SECRET D M B X K I V A S Z N P L Y F C J O R T E Q H WG U Z J D P A I Q H T WL F B G O X N H U K R C Y V S E a b c d e f g h i j k l m n o p q r s t u v w x y z So, the code-makers need another key derivation function - a way to use an easy-to-memorize key word AND use lots of cipher alphabets.

Slide 112

Slide 112 text

Le Chiffre Indéchiffrable created by Blaise de Vigenère 152 3 - 1596 Created new 
 poly-alphabetic cipher In the 16th century, Blaise de Vigenère created “Le Chi ff e Indéchi ff rable” - a new system to do this.

Slide 113

Slide 113 text

Vigenère Square It uses the Vigenère Square …

Slide 114

Slide 114 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Which is this lovely device.

Slide 115

Slide 115 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z At the top is the plain alphabet.

Slide 116

Slide 116 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, the alphabet is shifted to the left by one space.

Slide 117

Slide 117 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Below that, shifted to the left again …

Slide 118

Slide 118 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z and so on until the last row is the plain alphabet again.

Slide 119

Slide 119 text

Repeat keyword for all of text Plaintext: AttackFromTheSouthAtDawn Ciphertext: ???????????????????????? Keyword: SECRETSECRETSECRETSECRET To use the Vigenère square, you fi rst repeat a keyword - in this case SECRET - across the plaintext - in this case “Attack From The South At Dawn”

Slide 120

Slide 120 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET You change the fi rst plain text letter with the alphabet on the row that starts with the fi rst letter of the keyword. So, in this case, to encrypt the “a” in Attack, you go down to the row that starts with the “S” from SECRET …

Slide 121

Slide 121 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET and then go to the plaintext letter “a” column …

Slide 122

Slide 122 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: S??????????????????????? Plaintext: AttackFromTheSouthAtDawn S Keyword: SECRETSECRETSECRETSECRET and you get an “S”.

Slide 123

Slide 123 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SX?????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET X Then to encrypt the plain “t” go down to the row that starts with the “E” from SECRET, go to the “t” column and this plain “t” becomes an “X”.

Slide 124

Slide 124 text

a b c d e f g h i j k l m n o p q r s t u v w x y z B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L M N O P Q R S T U V W X Y Z A B C D E F G H I J K M N O P Q R S T U V W X Y Z A B C D E F G H I J K L N O P Q R S T U V W X Y Z A B C D E F G H I J K L M O P Q R S T U V W X Y Z A B C D E F G H I J K L M N P Q R S T U V W X Y Z A B C D E F G H I J K L M N O Q R S T U V W X Y Z A B C D E F G H I J K L M N O P R S T U V W X Y Z A B C D E F G H I J K L M N O P Q S T U V W X Y Z A B C D E F G H I J K L M N O P Q R T U V W X Y Z A B C D E F G H I J K L M N O P Q R S U V W X Y Z A B C D E F G H I J K L M N O P Q R S T V W X Y Z A B C D E F G H I J K L M N O P Q R S T U W X Y Z A B C D E F G H I J K L M N O P Q R S T U V X Y Z A B C D E F G H I J K L M N O P Q R S T U V W Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Z A B C D E F G H I J K L M N O P Q R S T U V W X Y A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Ciphertext: SXV????????????????????? Plaintext: AttackFromTheSouthAtDawn Keyword: SECRETSECRETSECRETSECRET V Stay on the “t” column for the next plain “t”, but move up to the row that starts with the “C” in SECRET, and this second plain “t” becomes “V”. (Again: the same plain letter became 2 di ff erent cipher letters)

Slide 125

Slide 125 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET And after you’ve repeated that for the whole plaintext, you have cipher-text that’s been encrypted with an easy-to-memorize key, and no frequency analysis! By the way, if you can spot a huge hole in this cipher system and tell me what it is, you get a prize!

Slide 126

Slide 126 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis 
 ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD 🚫 So now the code-makers have another password-based crypto system that’s easy to use, and it forces attackers into brute force that would take billions of years! For about 200 years, the Vigenère Square was the apex of crypto systems. But the code-breakers weren’t giving up. The code-breakers are going to turn to …

Slide 127

Slide 127 text

Industrial Revolution ~1760 - 1840 to the new machines & processes of the industrial revolution.

Slide 128

Slide 128 text

“Black Chambers” • 1700s • “Assembly-line” Cryptanalysis • Each European power had one • Breaking all mono-alphabetic ciphers • Encouraged adoption of Vigenère Square for 
 poly-alphabetic ciphers As early as the 1700’s, every European power had a “black chamber”. This was typically a state-controlled post o ffi ce, with an assembly-line of code-breakers who would “man-in-the-middle” letters during delivery. They opened all the envelopes, copied any encrypted messages, sent the letters on their way, and then handed the copies over to entire teams for code-breaking.

Slide 129

Slide 129 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s And Vigenère Square was available, but not always used. So the code-breakers were breaking all the messages that were using older ciphers. Plus, it was only a matter of time before someone would fi nd vulnerabilities in Vigenère. And if you’re into computers, you might recognize the name of the someone who did.

Slide 130

Slide 130 text

Charles Babbage • 1791 - 1871 • 1854: Broke Vigenère Cipher • Without machinery In 1854, Charles Babbage broke the Vigenère cipher, without using any of his mechanical engineerings. Babbage just had a keen insight …

Slide 131

Slide 131 text

REPEATING KEYWORD Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET He realized that while the keyword-based Vigenère Square created

Slide 132

Slide 132 text

False SYMBOL frequencies • ‘e’ is enciphered as both ‘A’ and ‘K’ • ‘K’ is deciphered as both ‘e’ and ‘t’ secret RABHKK those false symbol frequencies where plain letters become di ff erent cipher letters, and vice-versa …

Slide 133

Slide 133 text

Word frequencies repeating the key word meant there would be word frequencies.

Slide 134

Slide 134 text

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING For example, if the keyword “king” is used by the Vigenère Square to encrypt “the sun and the man in the moon”, it would result in this cipher text.

Slide 135

Slide 135 text

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING And in this cipher text the word “the” is encrypted as “DPR”, then as “BUK”, and then as “BUK” again.

Slide 136

Slide 136 text

Plaintext: thesunandthemaninthemoon Ciphertext: DPRYEVNTNBUKWIAOXBUKWWBT Keyword: KINGKINGKINGKINGKINGKING { 8 letters keyword length must be some factor of 8 So the cipher word is repeated when it's displaced by some multiple of the length of the key word.

Slide 137

Slide 137 text

Breaking Vigenère • Look for repeated sequences of letters • Measure spacing between repetitions • Identify most likely length of key: L So, to break Vigenère, you fi rst look for repeated sequences of letters and measure the space between those repetitions to fi nd length of the key word.

Slide 138

Slide 138 text

Cipher text WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ For example, in this cipher text encrypted with Vigenère …

Slide 139

Slide 139 text

REPETITIONS EFIQ, PSDLP, WCXYM, ETRL WUBEFIQLZURMVOFEHMYMWTIXCQTMPIFKRZUPMVOIRQMM WOZMPULMBNYVQQQMVMVJLEYMHFEFNZPSDLPPSDLPEVQM WCXYMDAVQEEFIQCAYTQOWCXYMWMSEMEFCFWYEYQETRLI QYCGMTWCWFBSMYFPLRXTQYEEXMRULUKSGWFPTLRQAERL UVPMVYQYCXTWFQLMTELSFJPQEHMOZCIWCIWFPZSLMAEZ IQVLQMZVPPXAWCSMZMORVGVVQSZETRLQZPBJAZVQIYXE WWOICCGDWHQMMVOWSGNTJPFPPAYBIYBJUTWRLQKLLLMD PYVACDCFQNZPIFPPKSDVPTIDGXMQQVEBMQALKEZMGCVK UZKIZBZLIUAMMVZ These 4 cipher words are all repeated.

Slide 140

Slide 140 text

spacing between repetitions Repeated Cipher word Spacing Possible Length of Key 2 3 4 5 6 7 8 9 10 11121314 15 1617181920 EFIQ 95 ✓ ✓ PSDLP 5 ✓ WCXYM 20 ✓ ✓ ✓ ✓ ✓ ETRL 120 ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ We count the spacing between the repeated cipher words are 95, 5, 20, and 120, and since the only common factor of all of those is the number 5, we know the key word is 5 letters long. And once you know a bit about the key, you can more easily get the rest. So, at this point you could brute force looking for all the 5-letter words. But Babbage also had another trick …

Slide 141

Slide 141 text

5 separate cipher texts WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ WIREWQFPROLVVEESSV XVITXSCYLGWYXELWRL VXLSECWLQPSRQRBQCH OTPYWLCNPVGVAMZUZ Break each with frequency analysis Once he knew the keyword is 5 letters long, Babbage broke the cipher text into 5 separate chunks - each chunk had all the letters 5 spaces apart. He then attacked each of those individual chunks with regular frequency analysis, and re-combined them all to recover the plain text.

Slide 142

Slide 142 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET But let me show you this again … did anyone notice another hole in this system?

Slide 143

Slide 143 text

Plaintext: AttackFromTheSouthAtDawn Ciphertext: SXVRGDXVQDXAWWQLXASXFRAG Keyword: SECRETSECRETSECRETSECRET Keyword Length: 5 Keyword Letters: RS??? Every time the plaintext is an “a” character, it leaks a keyword letter into the cipher-text! So, you only need to break enough of the cipher-text to see where the plain-text “A’s” are. Now with Babbage’s technique, you’ll know the length of the keyword AND some letters. So then it’s just a game of wordle at that point.

Slide 144

Slide 144 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis 
 ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable ~ 1 55 0 AD Assembly-line Frequency Analysis ~1700’s Babbage Frequency Analysis ~1800’s So, now we’ve got a pretty even race going on between the code-makers using Vigenère, and the black chambers of code-breakers using Babbage and frequency analysis attacks. Then there’s 2 major tech break-thrus.

Slide 145

Slide 145 text

Electric Telegraphs • Buried underground or suspended overhead • 1844 
 60km wire between Baltimore & Washington DC In the 1800’s the telegraph is invented, which lets people communicate instantly over great distances that were connected by long wires. The fi rst US telegraphs used a single-wire system. Which is great, but then …

Slide 146

Slide 146 text

How can you represent letters and words as electrical signals? How can you represent letters or words as electrical signals on a single wire? Hint: this telegraph was invented by Samuel Morse.

Slide 147

Slide 147 text

Morse Code: “Encoding” not “Encryption” Morse code is an encoding scheme to turn letters into sequences of dots and dashes. But note: morse code is an encoding scheme - there’s no secrecy in it.

Slide 148

Slide 148 text

I.e., this is still “plaintext” So this is still plain text; it just allows you to convert messages from letter form into telegraph form.

Slide 149

Slide 149 text

Radio, 1899-1901 • 3,000 km from Cornwall to to Newfoundland • Transatlantic communication • Instant military commands • All messages reach enemy too • Increases need for encryption 50 years later, the fi rst radios were invented. They're great for sending instant military commands across great distances without having to set up long wires. But since the messages are traveling over the air, the enemy can eavesdrop on everything too. And this means you need an equally quick encryption tool, which would become one of the most notorious encryption devices in history.

Slide 150

Slide 150 text

Enigma: Electrical Encryption • Arthur Scherbius, 1918 • Mass Production in 1925 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=497329 The Enigma machine was invented by Arthur Scherbius in the early 20th century and deployed extensively - and with devastating e ff ect - by the Nazis during World War II.

Slide 151

Slide 151 text

Input Keyboard Rotors Output Lampboard Enigma has an input keyboard, electro-mechanical rotors, and an output lamp-board. When a plain letter is pressed on the keyboard, it completes an electrical circuit that passes thru the rotors and lights up a cipher letter in the lamp-board. Enigma used a series of scrambling wire rotors that “stepped” around with each letter. This is easier to show with a diagram …

Slide 152

Slide 152 text

By MesserWoland - Own work based on Image:Enigma-action.pnj by Jeanot; original diagram by Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=1794494 So at the top here, when you pressed the plain “A” key, it might travel thru the circuit at the top to result in a cipher “G”. But, each press advanced the right-most rotor 1 position. With the rotor moved 1 position on the bottom here, the next time you pressed the plain “A” it would follow a di ff erent path and result in a new cipher letter - in this case “C”. So every time you type a letter, you change the pathway. When a rotor completed a full rotation, it would advance the rotor to the left of it, creating new pathways all over again. So Enigma is a poly-alphabetic cipher, and you can use it as fast as you can type.

Slide 153

Slide 153 text

By User:RadioFan, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=30719651 This is the inside of one of the rotors. The green jumble of wires on the right are scrambling wires.

Slide 154

Slide 154 text

3 rotors of 26 wirings 26 x 26 x 26 = 17,576 Cipher Alphabets The fi rst Enigma machines used 3 rotors that scrambled 26 characters, for 17,000 possible cipher alphabets. So, the “key” for Enigma is the 3 starting positions of the rotors, and there are 17,000 possible keys.

Slide 155

Slide 155 text

17,576 orientations x 6 arrangements = 105,456 Cipher Alphabets But, the rotors could also be re-arranged. And 6 arrangements meant it had 100,000 possible keys.

Slide 156

Slide 156 text

105,456 possible keys • A new key was used every day • Assume 1 check per minute • (Just type ciphertext and look at plaintext) • 96 enigma machines = .75 days to crack Furthermore, the Nazi’s used code-books with a di ff erent key for every day. Code-breakers could check a key by picking some rotor settings, and typing intercepted cipher text to see if the plain text made any sense. If that took 1 minute, then they would have to use 96 enigma machines non-stop to crack the key by tea-time. This is hard, but reasonable - remember that we’re talking about assembly-line code-breaking in these black chambers.

Slide 157

Slide 157 text

Plugboard By Bob Lord - German Enigma Machine, uploaded in english wikipedia on 16. Feb. 2005 by en:User:Matt Crypto, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=258976 Swap up to 6 of 26 letters But Enigma also had a plug-board on the front that made even more substitutions. With it, operators could swap up to 6 letters.

Slide 158

Slide 158 text

100,391,791,500 Plugboard Settings And 6 swaps of 26 possible letters meant there were 100 billion possible plugboard settings.

Slide 159

Slide 159 text

10,586,916,711,696 Total Possible Keys And combining the plugboard and rotor settings meant there were 10 trillion possible keys.

Slide 160

Slide 160 text

10,586,916,711,696 possible keys • At 1 check per minute: • 38,291,799 enigma machines = 1 day to crack So it would take 38M enigma machines to search thru them all in a day. On top of all that they didn’t use the day key for all the messages of the day.

Slide 161

Slide 161 text

Message Keys • Message Key: ASD • Send “ASDASD” at the beginning: QWERTY • Receiver types QWERTY, sees ‘asdasd’ • Re-orients their rotors to A, S, D for the rest of the message • Minimizes amount of ciphertext created by day key Instead, they used the day key to send a message key. So the sender picks “ASD” as a message key and types it twice at the beginning of the message. So say “ASDASD” becomes “QWERTY”. The receiver types QWERTY, sees the plaintext letters “ASD” twice, re-orients their rotors to A, S, and D, and types the rest of the message from there. This was all meant to minimize the amount of cipher text created by the day key.

Slide 162

Slide 162 text

Is cracking Enigma possible? • At 1 check per minute: • 38,291,799 enigma machines = 1 day to crack 
 
 A SINGLE MESSAGE! So if you’re attacking Enigma with those 38M machines, it would take you a day to crack A SINGLE MESSAGE - not the entire day’s messages.

Slide 163

Slide 163 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis 
 ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1 92 5 Enigma was the culmination of implementing state-of-the-art cryptography techniques with state-of-the-art technology. But as we’ve seen already - no code-breaking is indefensible, and no encryption system is un-breakable.

Slide 164

Slide 164 text

Cracking Enigma The story of cracking Enigma …

Slide 165

Slide 165 text

Polish Biuro Szyfrów • Established after WWI to protect Poland from Russian & Germany • Received photographs of Enigma instruction manual from French espionage • Deduced rotor wirings • Usage of codebook A. Jankowski "Warszawa" Publisher:Wydawnictwo Polskie, Poznań, 
 Public Domain, https://commons.wikimedia.org/w/index.php?curid=1514113 starts in Poland, in the Biuro Szyfrów - the Polish black chamber. After the fi rst World War, which many countries thought would be the last European war, Poland had to stay on its guard. It was fl anked by both Germany and the Soviet Union. Poland received an Enigma instruction manual via French espionage, from which they deduced the rotor wirings and how the code books worked. The team to crack Enigma was led by …

Slide 166

Slide 166 text

Marian Rejewski By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 Marian Rejewski. Like Babbage, Rejewski realized that repetition is a vulnerability for any crypto system, and so he focused on the repetition of the 3 letters in the message keys.

Slide 167

Slide 167 text

Found “chain” cycles 
 in the first 6 letters 4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 3 links: A-F-W-A He saw that when a certain cipher letter appeared 1st, another cipher letter always appeared 4th, because it was the same plain letter, being encrypted the 2nd time by the day key. In later messages, that 4th cipher letter would show up as the fi rst cipher letter, and be followed by a new 4th cipher letter, and so on. Eventually, these “chains” would cycle around and start over again.

Slide 168

Slide 168 text

Found “chain” loops 
 in the first 6 letters 4th Letter: FQHPLWOGBMVRXUYCZITNJEASDK 1st Letter: ABCDEFGHIJKLMNOPQRSTUVWXYZ 7 links: C-H-G-O-Y-D-P-C He didn’t know the plain text of any of these letters - only that the number of links in the chains were cycling consistently. And he had a brilliant insight …

Slide 169

Slide 169 text

Marian Rejewski • Realized the # links in the chain were only caused by the rotors • Could try to break the 105,456 possible rotor settings, not all 10,000,000,000,000,000 possible day keys • 100,000,000,000 times easier By Unknown - Rejewski's daughter's private archive, CC BY-SA 2.5, https://commons.wikimedia.org/w/index.php?curid=216461 He realized the number of links in the chain were only caused by the rotors. Like the Vigenere Square, Enigma “leaked” information about its key into its cipher text. So he could split the problem in two, and concentrate on breaking the 100,000 rotor settings fi rst. Which is 100 billion times easier than the full problem.

Slide 170

Slide 170 text

Cyclometer • Team checked each of 105,456 possible settings on replica Enigma machines and recorded which chains were generated by each rotor setting • Took 1 year to complete • Could look up rotor settings by chains found in fi rst 6 letters of ciphertext http://www.cryptomuseum.com/crypto/cyclometer/index.htm His team created a Cyclometer - a device that simulated all the rotor settings of Enigma to record all the possible chain lengths of the cycles. They kept their results in a card catalog system that took 1 year to fi nish. But, with it, they could intercept Enigma messages, count the chain lengths in the cipher text, and then simply look up the rotor settings in their catalog.

Slide 171

Slide 171 text

Cyclometer created the first “Rainbow Table” for looking up cryptographic keys So they made the world’s fi rst rainbow table!

Slide 172

Slide 172 text

How to find the plugboard settings out of 100,391,791,500? • Plugboard: Un-plug all • Rotor Arrangement: III, I, II • Initial Rotor Orientations: Q, C, W • Type in ciphertext, see: • “rettew” • Swap R/W = Wetter (weather) After the rotor settings, fi nding the plug-board settings was easy. Like we saw in frequency analysis, when you have part of the key, you can get the rest of it. In this case, they unplugged all their Enigma plugboard wires, set the rotors to what they knew were the right settings, and typed the cipher text. They would then see some pretty obvious letter swaps in common words - like “R” and “W” being swapped in weather.

Slide 173

Slide 173 text

Polish Cryptographic Bombs • 6 machines for the 6 possible rotor arrangements • Each with 6 full Enigma rotor sets at top for the 6 characters of the repeated message key • Given a number of “females” to fi nd, Bomba could recover settings in less than 2 hours After the cyclometer, the Polish created more electro-mechanical machines for code-breaking. Their cryptographic bombs could recover Enigma keys within 2 hours. In August, 1939, Poland smuggled their machines and research to the Allies. 2 weeks later, Hitler invaded Poland.

Slide 174

Slide 174 text

British Bombes • 36 rotors arrange in 3 banks of 12 • 210 bombes by the end of the war • Operated by 2,000 members of Women’s Royal Navy Service The allies picked up Enigma code-breaking. They built bigger cryptographic bombs which were operated by thousands of the Women’s Royal Navy Service at chambers like Bletchley Park, where Alan Turing contributed to programmable advancements in code-breaking.

Slide 175

Slide 175 text

Colossus • Inspired by Turings ideas and his bombe • 1,500 electronic valves - faster than electromechanical relay switches • Programmable - fi rst computers? Inspired by Turing’s ideas, Tommy Flowers designed Colossus Mark 1 which was completed in 1943 and used 1,600 vacuum tubes to perform operations many times faster than the electromechanical bombs. Colossus is regarded as the fi rst, programmable electronic …

Slide 176

Slide 176 text

Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis 
 ~800 AD Homophonic Substitution Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Babbage Frequency Analysis Enigma ~ 1925 Colossus Mark 1 194 3 computer. With Colossus attacking Enigma, the code-breakers regained the upper-hand. So, Colossus is searching for - and fi nding - Enigma keys a lot faster than “brute" force. It’s an example of a new technology changing the time complexity of a crypto system. Sometimes code-breakers come up with new attacks, sometimes they get hold of new technology.

Slide 177

Slide 177 text

Computer Cryptography So, we’ve got computer-powered code-breaking against electro-mechanical code-making. And the world starts communicating more and more with these computers, so the code-makers need to catch up …

Slide 178

Slide 178 text

In the early days of computing, electrical signals were much harder to measure and control precisely It made more sense to only distinguish between an “on” state and an “off” state In early computers like Colossus, electrical signals weren’t so precise. So it made more sense to only distinguish between 2 states: “on” and “o ff ”, represented by 1’s and 0’s. This is what we call binary.

Slide 179

Slide 179 text

SOS And like the telegraph required morse code to turn letters into electrical signals, computers need a way to encode letters into the 1’s and 0’s of binary. There’s 2 steps to this …

Slide 180

Slide 180 text

SOS 83 79 83 The fi rst step is to encode each letter as a number. In this example, we use ASCII encoding for that.

Slide 181

Slide 181 text

83 79 83 1010011 1001111 1010011 1 1 1 1 1 1 1 1 1 64 + 16 + 2 + 1 = 83 1 1 1 1 64 + 16 + 2 + 1 = 83 64 + 8 + 4 + 2 + 1 = 79 The next step is to convert each number into binary.

Slide 182

Slide 182 text

SOS 83 79 83 1010011 1001111 1010011 So the result is the letters SOS at the top become this sequence of 1’s and 0’s at the bottom. But again, this is just encoding - there’s nothing secret here. These 1’s and 0’s are plaintext.

Slide 183

Slide 183 text

In Binary, we encrypt at the level of 1’s and 0’s But when we get our letters into binary, we can encrypt them at this level of 1’s and 0’s.

Slide 184

Slide 184 text

Bitwise anagram For example, consider this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110 11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 “Bitwise” rail fence cipher with 2 rails 00010111010101000100011001000110010001100100011001000101011101110101011001000100010101000100011001100101010001010 11001110101010001000101010001110100010001110101010010101011110000001011110010011011110010101011001000001001101110 101101100110101011110000001110100010011101000011011000101111001110000011011011101011101011101010011011 We could perform any of the encryption algorithms we've seen on binary. For example, consider this short sentence, encoded to ASCII, then encrypted with a rail fence cipher with 2 rails, becomes a cipher text of binary. Decoding as ASCII shows this garbled result. So, if you’ve ever seen meaningless string values like this, you’re probably looking at cipher text, improper decoding, or both.

Slide 185

Slide 185 text

Bitwise substitution: XOR Outputs 0 when inputs are equal Outputs 1 when inputs are different 0 XOR 0 = 0 0 XOR 1 = 1 1 XOR 0 = 1 1 XOR 1 = 0 But in binary there's this cool bitwise substitution called XOR. You give XOR 2 bits of input - that is 2 0’s or 1’s - and XOR says to output a 0 if the 2 inputs are equal, or output a 1 if the inputs are di ff erent. The cool thing about XOR is the result space is equal 50/50 between 1 or 0 - like a digital coin fl ip.

Slide 186

Slide 186 text

Bitwise substitution: XOR For example, encode this short sentence. 01000110011011110111001000100000011001010111100001100001011011010111000001101100011001010010110000100000011000110 11011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001101 101000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “Julius Caesar” 01001010011101010110110001101001011101010111001100100000010000110110000101100101011100110110000101110010 Output 10001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 10111101101110011100110110100101100100011001010111001000100000011101000110100001101001011100110010000001110011001 00010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 Now, we can perform a substitution algorithm on bits with XOR. For example, encode this short sentence with ASCII. Encode “Julius Caesar” with ASCII. Then, encrypt the binary plaintext by XOR’ing it with the binary key. We get this binary output, which looks like this when we fi nally ASCII-decode it. Notice: the key was only long enough to encrypt some of the plain-text.

Slide 187

Slide 187 text

Bitwise substitution: XOR For example, consider this short sentence. 010001100110111101110010001000000110010101111000011000010110110101110000011011000110010100101100001000000110001101 101111011011100111001101101001011001000110010101110010001000000111010001101000011010010111001100100000011100110110 1000011011110111001001110100001000000111001101100101011011100111010001100101011011100110001101100101 Key: “random” 1|0’s length of plaintext 000000111010001101000011010010111001100100000011100110110100001101111011100100111010000100000011100110110010101101 110011101000110010101101110011000110110010101000110011011110111001000100000011001010111100001100001011011010111000 0011011000110010100101100001000000110001101101111011011100111001101101001011001000110010101110010001 Output 100011001101111011100100010000001100101011110000110000101101101011100000110110001100101001011000010000001100011011 011110110111001110011011010010110010001100101011100100010000001110100011010000110100101110011001000000111001100100 010000110100001111000011101010101010000000001000101001011010001010100000000000111010000001000010111 To fi x this, we could either repeat the key to cover the full length of the plain text, or we could generate a “random” key matching the full length of the plain text, so we can encrypt the whole thing. Based on what we’ve seen so far - which do you think is more secure? Hopefully we’ve learned by now that repeating and re-using keys can lead to vulnerabilities.

Slide 188

Slide 188 text

A major reason for that is because every cipher we’ve talked about so far from ancient to modern time has been a “stream cipher” - that is, it operates on a single digit or character at a time.

Slide 189

Slide 189 text

And we’ve also seen problems in these ciphers. Encrypting 1 plaintext digit with 1 key digit, or repeating the key, leaks information about the key into the cipher text which makes it vulnerable to attacks. This is just as true for binary as it is for letters and symbols.

Slide 190

Slide 190 text

https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation So, just XOR’ing plaintext bits with key bits is vulnerable to all the same kinds of attacks as all the ciphers we've talked about. A striking example that repeating the key leaks plain data into cipher data is this plain image, encrypted

Slide 191

Slide 191 text

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 in a way that just repeats the key to cover the full length of the plain data. In this case of an image, you can literally see the repetition problem at the bit level produces recognizable output.

Slide 192

Slide 192 text

Horst Feistel 1971: Published “Lucifer” cipher for computer encryption First(?) Block Cipher To address this, in 1971, Horst Feistel and colleagues at IBM published the “Lucifer” cipher - the earliest civilian block cipher.

Slide 193

Slide 193 text

Instead of operating on single bits or digits, a block cipher operates on groups of bits called “blocks”. This simpli fi ed block cipher reads the plaintext input and a key, and applies many “rounds” of bitwise operations like XOR, substitutions, and permutations.

Slide 194

Slide 194 text

XOR S-box Permutation In this example, 16 bits of plaintext is fi rst XOR’d with a 16-bit key. Then the output is grouped into 4-bit groups and put thru “substitution boxes” or “s-boxes"- which are like mappings to turn a pre-de fi ned set of 4 bits into 4 di ff erent bits. Finally, the output bits from the s-boxes are put thru a de fi ned permutation step - like an anagram for bits.

Slide 195

Slide 195 text

SP Network And in this example, that whole process is repeated 3 times. Altogether, this is known as a “substitution-permutation network” or SP network. You can fi nd these kinds of diagrams for every major block cipher. They are designed to solve the problems we’ve seen by mixing data bits and key bits together in a way that doesn’t leak anything into the cipher data.

Slide 196

Slide 196 text

Lucifer Cipher: “block” cipher Break message into 128-bit blocks 128-bit key 16 rounds: Break block in half the f-function is calculated using that round's subkey and the left half of the block. The result is then XORed to the right half of the block, which is the only part of the block altered for that round. After every round except the last one, the right and left halves of the block are swapped. Here's a diagram of the Lucifer cipher SP-network. If we walk thru it …

Slide 197

Slide 197 text

256 bit message (in ASCII) 01010100011010000110010100100000010101010101001101000001001000000100111001010011 01000001001000000111001101110100011011110111001001100101011100110010000001111001 01101111011101010111001000100000011101000111011101100101011001010111010001110011 0010000100100001 we take a 256-bit tweet …

Slide 198

Slide 198 text

Break into 128-bit blocks 01010100011010000110010100100000010101010101001101000001001000000100111001010011010000010010000001110011011101000110111101110010 01100101011100110010000001111001011011110111010101110010001000000111010001110111011001010110010101110100011100110010000100100001 The USA NSA stor es your tweets!! Break it into 128-bit blocks …

Slide 199

Slide 199 text

Generate 128-bit key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001 Generate a 128-bit key …

Slide 200

Slide 200 text

Break block in half 01010100011010000110010100100000010101010101001101000001 The USA NSA stor 0100111001010011010000010010000001110011011101000110111101110010 Break each block in half …

Slide 201

Slide 201 text

Generate 72-bit sub-key awesomepassword! 01100001011101110110010101110011011011110110110101100101011100000110000101110011011100110111011101101111011100100110010000100001 a a 01100001 01100001 wesomep 01110111011001010111001101101111011011010110010101110000 Generate a 72-bit subkey …

Slide 202

Slide 202 text

Rotate key left 7 bytes password!awesome 01110000011000010111001101110011011101110110111101110010011001000010000101100001011101110110010101110011011011110110110101100101 7 bytes Rotate the key left by 7 bytes …

Slide 203

Slide 203 text

… Okay, I'm just kidding … there’s no way we’re walking thru all the bits of a modern block cipher. But the point is that you COULD walk thru it - it’s not magical. Modern block ciphers do everything we’ve seen with letters, they just do it at the level of 1’s and 0’s.

Slide 204

Slide 204 text

So if you see these kinds of complex diagrams, just understand that yes - somewhere in all that is still a bunch of 1’s and 0’s. It’s just that block ciphers work with so many bits at a time, that it’s easier to describe them at this higher level.

Slide 205

Slide 205 text

In fact, here’s the diagrams for modern AES.

Slide 206

Slide 206 text

youtube.com/user/Computerphile And if you like YouTube videos, there’s a couple of really good ones from “Computerphile” that cover SP-Networks and AES in detail.

Slide 207

Slide 207 text

Data Encryption Standard (DES) 1977 Lucifer with 56-bit keys So the NSA could brute force keys if they “needed” to But before AES was DES. DES is a standardized Lucifer cipher with a 56-bit key developed by IBM. The NSA tried to convince IBM to make the key length 48 bits - presumably so the NSA could break it by force if they really needed to. IBM & NSA compromised on a 56-bit key.

Slide 208

Slide 208 text

Ancient Steganography, 
 Scytale Brute Force Key Search Caesar Shift Password-based 
 Substitution Frequency 
 Analysis Homophonic Substitution Renaissance Poly-alphabetic Substitution Le Chiffre Indéchiffrable Assembly-line Frequency Analysis Industrial Babbage Frequency Analysis One-Time Pad Enigma Cryptanalytic “Bombs”: Polish, British, US Lucifer, DES 197 1 - 1977 Computer With DES, the code-makers are back on top. Even Colossus wasn’t designed to attack block ciphers that make it quick and easy to perform so many rounds of XOR, substitution, and permutation on binary.

Slide 209

Slide 209 text

How hard is it to fi nd a 
 binary 56-bit key? But, since computers keep advancing, how hard is it to fi nd a 56-bit key like this?

Slide 210

Slide 210 text

1001101010011010100110101001 1010100110101001101010011010 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion (million billion) In 1976, estimated to cost $20M to build a computer to crack such a key Affordable to the NSA With 56 bits of 1’s or 0’s, there are 72 quadrillion possible keys. In 1976, it was estimated to cost about $20M to build a computer to crack such a key, which was within the NSA budget, for sure.

Slide 211

Slide 211 text

DES 197 1 - 1977 Computer- powered Brute Force Key Search Now, I’m going to reset our timeline for the computer age, and we’ve got a pretty even battle between code-makers using computer force, against code-breakers also using computer force. But as we saw with Colossus attacking Enigma, brute force can still be a problem.

Slide 212

Slide 212 text

By Max Roser - https://ourworldindata.org/uploads/ 2 019 / 05 /Transistor-Count-over-time-to- 2 018 .png, CC BY-SA 4 . 0 , https://commons.wikimedia.org/w/index.php?curid= 7975 1 151 And since 1970, every 2 years the price of electronics has been cut in half, while the processing speed has doubled. And very quickly, 56-bit keys were vulnerable to reasonably-priced attacks.

Slide 213

Slide 213 text

1100110101001101010011010100 1101010011010100110101001101 0 Unique Possible Permutations 256 72,057,594,037,927,936 72 quadrillion (million billion) 257 144,115,188,075,855,870 144 quadrillion (million billion) But, one great thing about binary keys is that adding bits increases the key space exponentially. So with just 1 more bit, there are 144 quadrillion possible keys. Still, you can’t just throw a single bit of key into a block cipher made for a certain key size.

Slide 214

Slide 214 text

DES 197 1 - 1977 Computer-powered Brute Force Key Search Moore’s Law Which means Moore’s Law is helping the code-breakers more than the code-makers. So, the code-makers developed …

Slide 215

Slide 215 text

3DES EDE: 
 DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/ fi gure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_ fi g4_322277374 Triple-DES to provide a relatively simple method of increasing the key size of DES, without having to invent a completely new block cipher. It uses 3 di ff erent 56-bit keys in 3 steps: encrypt with fi rst key, decrypt with second, and then encrypt with third. This is a backwards-compatible way to use a 168-bit key with DES.

Slide 216

Slide 216 text

TLS Cipher Suites in Windows 11 https://docs.microsoft.com/en-us/windows/win 3 2 /secauthn/tls-cipher-suites-in-windows- 11 In fact, Windows 11 still supports 3DES EDE.

Slide 217

Slide 217 text

3DES EDE: 
 DES: Encrypt, Decrypt, Encrypt https://www.researchgate.net/ fi gure/Flowchart-of-3DES-encryption-and-decryption-algorithm-40_ fi g4_322277374 But if these sizes are so strict …

Slide 218

Slide 218 text

What about messages that are longer than the key? What about messages that are longer than the key size? How do you use, say, a 168-bit block cipher to encrypt, say 336 bits of message? To apply Triple-DES to data larger than 168 bits, you need a …

Slide 219

Slide 219 text

Block cipher 
 “mode of operation” Block Cipher Mode of Operation

Slide 220

Slide 220 text

Electronic Codebook (ECB) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation The simplest mode is Electronic Codebook that we already saw in the linux penguin image. In ECB, you just break the plain data up into blocks that match the key size, and repeat the key for each block.

Slide 221

Slide 221 text

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 But we saw, like Babbage and Rejewski did, that repeating the key is a bad idea.

Slide 222

Slide 222 text

Cipher Block Chaining (CBC) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation So instead 3DES uses Cipher Block Chaining (or the more performant Galois/Counter Mode), which uses the output cipher text from one block as input for the next block. This mode helps scramble the key into the encrypted data as much as possible …

Slide 223

Slide 223 text

Attribution, https://commons.wikimedia.org/w/index.php?curid= 8 2 8 161 so the fi nal cipher data is less obvious.

Slide 224

Slide 224 text

DES Computer-powered Brute Force Key Search Moore’s Law 3 DES + CBC With 3DES and new block modes, the code-makers have techniques to stay ahead of Moore’s Law. But, we still have a nagging problem - no matter how great the encryption system is …

Slide 225

Slide 225 text

How the heck do we come up with the keys, and how do we share them with our recipients? I mean, it’s the 60’s and all but we do actually need to keep these keys secret.

Slide 226

Slide 226 text

In the early days of computing, people did it like they did with Enigma code-books - banks would literally fl y employees around with disks of keys. But as we built up bigger and bigger networks of connected computers, that became a giant pain.

Slide 227

Slide 227 text

So, the code-makers needed a way to communicate secret keys over non-secret channels. (By the way, I used DALL-E to create a lot of images in this presentation. The prompt for this one was “1970's painting of 2 people trying to whisper secretly in a crowd of people who are trying to hear what they're saying.” … and it somehow also created …

Slide 228

Slide 228 text

This nightmare-fueling evil dead-eyed, triple-grinning fi end of a woman I’m going to call Eve for comedy reasons) But anyway …

Slide 229

Slide 229 text

Whit fi eld Dif fi e Stanford AI Lab 1974 Whit fi eld Di ff i e …

Slide 230

Slide 230 text

Martin Hellman IBM Watson Research Center 1968-1969 and Martin Hellman

Slide 231

Slide 231 text

New Directions in Cryptography Published 1976 published “New Directions in Cryptography” with an amazing break-through. To help understand how they solved the problem, let’s set it up clearly …

Slide 232

Slide 232 text

Alice, Bob, and Eve Alice and Bob need to communicate securely They need to share a secret They only have public channels between them “Eve is always eavesdropping” How can they share a secret without sharing it with Eve? Two people - Alice and Bob - need to communicate securely. To do that, they need to share a secret key. But, they only have public channels between them. (“Eve is always eavesdropping”) So, how can they share a secret with each other, without sharing it with Eve?

Slide 233

Slide 233 text

Dif fi e-Hellman Key Exchange They came up with what we now know as Di ffi e-Hellman Key Exchange.

Slide 234

Slide 234 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 Di ffi e-Hellman needs a “one-way function” - that is, an operation that’s easy to perform in one direction, but hard to reverse. For example, it’s easy to mix 2 colors, but given a mixture of 2 colors, it’s hard or impossible to un-mix them.

Slide 235

Slide 235 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 In this color analogy of Di ffi e-Hellman, Alice and Bob publicly agree on a base color, which Eve also sees.

Slide 236

Slide 236 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 Then Alice privately chooses a secret color, mixes it with the public color, and sends her *mixture* to Bob. Bob privately chooses his own secret color, mixes it with the public color, and sends his *mixture* to Alice. At this point, Alice, Bob, and Eve all have the public color and the 2 mixtures. Now comes the cool part …

Slide 237

Slide 237 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-1 + ____ ____ + Alice and Bob each add their own private color to the other’s mixture, and both arrive at the same shared secret color. But without one of their private colors, Eve can’t get to the same color. Now, this new shared secret color is like a shared secret key we need for Triple-DES. But, to do this on a computer, we need a way to do this with binary.

Slide 238

Slide 238 text

The key can be anything that can encode to 1’s and 0’s So, anything … like a number. A key can be anything that can encode to 1’s and 0’s - so, anything … like a number. And because we can use numbers for a key, there are lots of cool math algorithms we can use to come up with the shared secret number. …

Slide 239

Slide 239 text

Dif fi e-Hellman Algorithms Modular arithmetic Elliptic Curves The fi rst most popular Di ffi e-Hellman algorithm uses modular arithmetic, and I have an appendix covering that math. There’s also elliptic curve algorithms that provide stronger security with smaller keys and less computation, which is becoming very popular to accommodate mobile and other devices with more constrained resources. But we’re going to skip over the particular math involved unless we have time to talk about it later.

Slide 240

Slide 240 text

Public Key Cryptography! The important thing is this break-through - to establish a shared secret over public channels - is the foundation of public key cryptography. With Di ffi e-Hellman, we can establish secret keys with anyone in the world over public channels …

Slide 241

Slide 241 text

Dif fi e-Hellman 
 Key Establishment 3DES + And then use those secret keys in encryption algorithms like Triple-DES.

Slide 242

Slide 242 text

It's hard to over-state how important Public Key Cryptography and Di ffi e-Hellman has been to computers, the internet, and all of modern life. Most TLS cipher suites use Di ffi e-Hellman for establishing keys. Note: the only reason this Windows 11 list doesn’t show “DH” in TLS 1.3 is because TLS 1.3 removes all other key exchange algorithms in favor of Di ffi e-Hellman! That’s how important this technique is.

Slide 243

Slide 243 text

DES Computer-powered Brute Force Key Search Moore’s Law 197 0 + 3 DES + CBC DH + 3 DES + CBC 197 6 With Di ff i e-Hellman & Triple-DES, the code-makers have brought us into the current age of computer crypto, where we have a way to establish secret keys with anyone on the internet, an encryption algorithm to use them, and modes to use the keys on any message!

Slide 244

Slide 244 text

Now, we’ve gone from a Scytale to Di ffi e-Hellman Triple-DES with Cipher Block Chaining mode.

Slide 245

Slide 245 text

How many of you software makers have come across something that looks like this before? For example, if you use your browser network inspector and the “Security” tab. And may have wondered - what the heck is all that? Well, now you know most of it.

Slide 246

Slide 246 text

Use Dif fi e-Hellman Exchange to make a key … … for Triple-DES … … with Cipher Block Chaining mode. … Encrypt-Decrypt-Encrypt … This is describing a TLS connection that uses Di ffi e-Hellman to establish a secret key, and then uses that key for 3DES Encrypt-Decrypt-Encrypt with Cipher Block Chaining mode of operation. So the point is: all these complicated modern crypto ciphers didn’t come from nowhere. And you can actually go learn all about them if you want or need to! In fact you’ve learned a bunch of it already. We’ve made it from ancient Scytales in 500 BC to modern HTTPS.

Slide 247

Slide 247 text

If you open your network developer tool on any modern browser and look at the security info, you’ll see the cipher suite used in its HTTPS connection. And that’s where I’ll end this part of the talk with maybe the 2 most basic & important lessons of cryptography for coders:

Slide 248

Slide 248 text

Don’t invent your own crypto: use mature and popular libraries Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …

Slide 249

Slide 249 text

Mind your keys When you’re using those crypto libraries, mind your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.

Slide 250

Slide 250 text

Because in a crypto nerd’s imagination, their laptop is stolen, but it’s encrypted with 4096-bit RSA, so the attackers can’t build a computer big enough to crack it.

Slide 251

Slide 251 text

Yet what actually happens is attackers just look for quicker ways to steal or get keys. Like drug the victim and hit them with a $5 wrench until they give up the encryption password.

Slide 252

Slide 252 text

Questions? Scytale Caesar Cipher Random Substitution Frequency Analysis Poly-alphabetic cipher Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?

Slide 253

Slide 253 text

No content

Slide 254

Slide 254 text

No content

Slide 255

Slide 255 text

No content

Slide 256

Slide 256 text

No content

Slide 257

Slide 257 text

No content

Slide 258

Slide 258 text

No content

Slide 259

Slide 259 text

What’s RSA? But what's this RSA part?

Slide 260

Slide 260 text

Dif fi e-Hellman makes a new key between every 2 people! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption While Di ff i e-Hellman is great for coming up with keys, it creates new and di ff erent keys for every single connection to every single entity.

Slide 261

Slide 261 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption In 1970, James Ellis developed an idea for public encryption based on locking and unlocking messages. Instead of making new keys with everyone, Alice could have a single key for herself, and publish the open lock for everyone else. So anyone could lock messages to Alice, and only she can open them. Ellis never found a mathematical solution for this, but …

Slide 262

Slide 262 text

Clifford Cox 1971 Trap Door 
 One-way Function By Royal Society uploader - Own work, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=43268163 In 1971 Cli ff ord Cox came up with a "trap door” one-way function to do this.

Slide 263

Slide 263 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption A "trop door” 1-way function is easy to perform and hard to reverse, UNLESS you have a special piece of information.

Slide 264

Slide 264 text

The “e” means encrypt! “d” is for decrypt! https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption Cox needed to come up with a mathematical function that's easy in 1 direction, hard to reverse, BUT is easy to reverse if you have some secret knowledge. The solution is an amazing combo of modular arithmetic and prime factorization. But again, we’re going to skip the maths unless people want to see it later.

Slide 265

Slide 265 text

Ron Rivest, Adi Shamir, Leonard Adelman Cox's discovery was immediately classi fi ed by the British GCHQ (like the American NSA). But a few years later, in 1977 it was independently re-discovered by Ron Rivest, Adi Shamir, and Leonard Adelman, which is why we know it as RSA. RSA is the most widely copied and used software in the world. With it, anyone in the world can create a pair of public and private keys and use those keys to communicate securely with anyone else in the world.

Slide 266

Slide 266 text

RSA signature I should point out that although RSA was designed as a crypto-system for encryption, encrypting and decrypting with RSA keys means the same key is re-used many many times, which we now know makes it more vulnerable to cryptanalysis. So in most modern cipher suites, it’s only used for signing & verifying certi fi cates, which is what we’ll look at next.

Slide 267

Slide 267 text

DES Computer-powered Brute Force Key Search Moore’s Law 197 0 + 3 DES + CBC DH/RSA + 3 DES + CBC 197 6 - 1981 So in the 70’s and 80’s, code-makers have ways to give away their own public key, and a way for anyone to use that key to establish a shared secret key, and an encryption algorithm with secure modes to use the keys on any message! It’s all the building blocks of a crypto-system design that can scale to every single person and device on the planet!

Slide 268

Slide 268 text

Public Key Certi fi cates https://www.youtube.com/watch?v=704dudhA7UI Alice's Alice's Alice's But if every Bob can encrypt messages to every Alice on the planet, there's another problem - how does Bob know it's the real Alice he’s talking to? To establish this trust, Alice is going to get a … Public Key Certi fi cate. Alice submits her public key and some identi fi cation to a Certi fi cate Authority. The CA veri fi es Alice’s identity and signs her certi fi cate.

Slide 269

Slide 269 text

DES Computer-powered Brute Force Key Search Moore’s Law 197 0 -Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. So when Bob connects to the real Alice, she presents her certi fi cate signed by a CA, and Bob can verify it’s been signed by a CA he trusts. Which brings us fi nally to …

Slide 270

Slide 270 text

HTTPS. If you click the padlock icon next to a website in any major browser, you can dig into the cryptography that was used to connect the browser to the site. In this case, I’m at relay. fi refox.com with my Firefox web browser. If I click more information …

Slide 271

Slide 271 text

Look! The RSA public exponent and modulus! I can see the certi fi cate at relay. fi refox.com which includes its public key info, and has been signed with the RSA private key of …

Slide 272

Slide 272 text

Another RSA public exponent and modulus Let’s Encrypt, which is itself signed by a "root" Let’s Encrypt private key. These root private keys are typically stored o ffl ine in facilities with strong physical security. Now, the public key matching that root private key …

Slide 273

Slide 273 text

comes pre-loaded on most operating systems in the world. In this example, my Mac 10.15 laptop implicitly trusts the Let’s Encrypt root certi fi cate. So, my device trusts connections that present a public key that’s signed by Let’s Encrypt. So, in a rush to re-cap …

Slide 274

Slide 274 text

We’ve made it from ancient Scytales to modern HTTPS, covering lots and lots of cryptography in between.

Slide 275

Slide 275 text

DES Computer-powered Brute Force Key Search Moore’s Law 3 DES + CBC DH/RSA + 3 DES + CBC Code-breaking: PKI, implementation, protocol attacks 199 5 - Present Code-making: 
 PKI (Certi fi cate Authorities), AES, Elliptic Curves 199 5 -Present For the sake of time, I’ve left out a LOT of modern code-making and code-breaking … e.g., the math of DH and RSA, code-making with AES & Elliptic Curves, and code- breaking attacks against PKI, implementations, protocol attacks, etc. Because I want to make the 2 most important practical points about cryptography:

Slide 276

Slide 276 text

Don’t invent your own crypto: use mature and popular libraries Don’t invent your own crypto. As modern software developers, we have an embarrassment of rich crypto libraries available, and the good ones have incorporated centuries of all this crypto knowledge into easy-to-use functions. And secondly …

Slide 277

Slide 277 text

Mind your keys When you’re using those crypto libraries, mind your secret keys! All the fancy crypto math in the world can’t help you if your secret password is “123456” or you copy- paste it into your GitHub repository. As our Mozilla SecOps lead told me once, “Cryptography is great at turning other security problems into key management problems.” So, keep your keys secret and keep them safe.

Slide 278

Slide 278 text

In a crypto nerd’s imagination, their laptop is stolen, but it’s encrypted with 4096-bit RSA, so the attackers can’t build a computer big enough to crack it. And that’s both the strength and the weakness of cryptography. Through-out history, code-makers are forcing code-breakers into key-cracking attacks that would take too long to complete.

Slide 279

Slide 279 text

So what actually happens is attackers just look for quicker ways to steal or get keys. Like drug the victim and hit them with a $5 wrench until they give up the encryption password.

Slide 280

Slide 280 text

Questions? Scytale Caesar Cipher Unshifted cipher Frequency Analysis Poly-alphabetic cipher Vigenere Square Enigma Lucifer/DES Modes of Encryption Dif fi e-Hellman (Math?) RSA (Math?) Quantum speakerdeck.com/groovecoder Okay, that’s been a ton of material about the history of cryptography leading up to HTTPS. Here’s a list of things we covered (and didn’t cover), in case anyone remembers any questions?

Slide 281

Slide 281 text

No content

Slide 282

Slide 282 text

No content

Slide 283

Slide 283 text

No content

Slide 284

Slide 284 text

No content

Slide 285

Slide 285 text

No content

Slide 286

Slide 286 text

That certi fi cate contained a public key

Slide 287

Slide 287 text

DES Computer-powered Brute Force Key Search Moore’s Law 197 0 -Present 3 DES + CBC DH/RSA 3 DES CBC Certi fi cate Authorities 199 5 -Present The fi rst public CA’s arrived in 1995. The CA signs it with their private key to make a signed digital certi fi cate. Now, when someone like Bob wants to make an encrypted connection with Alice, she presents them with her signed public key certi fi cate. Which brings us fi nally to …

Slide 288

Slide 288 text

No content

Slide 289

Slide 289 text

it takes a quantum computer to defeat this snippet of JavaScript, which implements RSA. (And look! I fi nally showed some JavaScript at the keynote of a JavaScript conference!) This is what I love about cryptography. Security is usually an unfair battle where attackers have all the advantages - because they only need to fi nd 1 point of weakness. But the mathematical properties of cryptography are so strong, it forces attackers to look for some other weakness besides trying to crack the keys.

Slide 290

Slide 290 text

290

Slide 291

Slide 291 text

No content

Slide 292

Slide 292 text

No content

Slide 293

Slide 293 text

To start the HTTPS connection, my client said “hello” to the server with a list of cipher suites that it supports

Slide 294

Slide 294 text

The server responded with the selected cipher suite, and its public key

Slide 295

Slide 295 text

No content

Slide 296

Slide 296 text

No content

Slide 297

Slide 297 text

No content

Slide 298

Slide 298 text

And if we use a number as the key, I'm afraid we need to use ... MATH! Yes, we're even covering crypto math today.

Slide 299

Slide 299 text

And in MATH! , we have some 1-way functions! And because in math, we have some 1-way functions!

Slide 300

Slide 300 text

Modular Arithmetic aka “Clock” arithmetic https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem The one-way function we use for Di ffi e-Hellman is modular arithmetic, also known as “clock” arithmetic.

Slide 301

Slide 301 text

To fi nd 46 mod 12 … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/discrete-logarithm-problem For example, to fi nd 46 mod 12, you divide 12 into 46, and the remainder is the answer.

Slide 302

Slide 302 text

Wrap a cord 46 “hours” long around a 12-hour clock … … and it ends on 10 Another way to think of this, is to wrap a cord 46 “hours” long around a 12-hour clock, and the cord will end on the remainder, in this case: 10.

Slide 303

Slide 303 text

Easy to perform … 46 mod 12 is “congruent” to 10 generator Modulus So 46 is our “generator”, 12 is our “modulus”, and we say 46 mod 12 is “congruent” to 10. This equation is easy to perform.

Slide 304

Slide 304 text

? mod 12 ≡ 10 … hard to reverse But it’s hard to reverse …

Slide 305

Slide 305 text

? mod 12 ≡ 10 22 mod 12 ≡ 10 34 mod 12 ≡ 10 46 mod 12 ≡ 10 58 mod 12 ≡ 10 70 mod 12 ≡ 10 .. mod 12 ≡ 10 … impossible to reverse! … in fact, in this form, it’s impossible to reverse, because there are an in fi nite number of right answers.

Slide 306

Slide 306 text

… impossible for recipient too! So, like the random anagram, it's impossible for our recipient to know which number to use. So again, we need a way to calculate this with an algorithm and a key. And that key needs to be made of a secret part from Alice and Bob.

Slide 307

Slide 307 text

Alice picks an exponent https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus “n” generator “g” To do this, Alice is going to raise the “generator” to an exponent, and then take the modulus of 17, which results in 12.

Slide 308

Slide 308 text

Alice keeps her exponent secret https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Prime Modulus “n” generator “g” But Alice is going to keep her exponent secret. She will only share her result.

Slide 309

Slide 309 text

“Discrete Logarithm” problem https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 This equation is known as a “discrete logarithm problem” or DLP, and there’s no generalized method for solving it.

Slide 310

Slide 310 text

“Discrete Logarithm” problem Have to resort to “brute force” guessing the exponent Which means there’s no short-cuts to solving it - you have to simply “brute force” guess the answer. So this is our 1-way function. Easy to compute, hard to reverse.

Slide 311

Slide 311 text

For small numbers, it’s easy, but not for a large prime modulus. https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 For small numbers, it’s easy to guess. But not for prime moduli that are hundreds of digits long.

Slide 312

Slide 312 text

How can we turn that single exponent secret into 2 secrets? But we need to turn that single secret number into 2 secret numbers, in a way that combining them will result in the same answer. Which sounds super-hard, right? But this might be easier than you suspect. In fact, we all learned about it in 1st grade math …

Slide 313

Slide 313 text

“Commutative” Arithmetic: 
 Order of operands doesn’t matter 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Remember when we learned that addition and multiplication are commutative? That is, it doesn’t matter what order you put the numbers in - you’ll get the same answer.

Slide 314

Slide 314 text

“Commutative” Arithmetic: 
 Order of operands doesn’t matter 323 332 = = 729 3 + 5 5 + 3 = = 8 3 * 5 = = 15 5 * 3 Well, sequential exponentiation is also commutative. That is, if you raise 3 to the power of 2, and raise that answer to the power of 3, you get 729. If someone else raises that 3 to the power of 3, and raises that answer to the power of 2, they also get 729. So, if 2 people each raise a number to 2 sequential exponents, they will get the same result, no matter the order.

Slide 315

Slide 315 text

Alice and Bob publicly agree on a generator and prime modulus https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 So, fi rst, Alice and Bob publicly agree on a generator and prime modulus that everyone can see.

Slide 316

Slide 316 text

Alice picks a private number, and sends the result to Bob https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Then Alice picks a private exponent, and sends her result to Bob …

Slide 317

Slide 317 text

Bob picks a private number, and sends the result to Alice https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 Bob also picks his own private exponent, and send his result to Alice …

Slide 318

Slide 318 text

Now the cool part … https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/dif fi e-hellman-key-exchange-part-2 So, now Alice, Bob, and Eve all have the public generator, modulus, and both results. And now we do the cool part …

Slide 319

Slide 319 text

Alice raises Bob’s result to her private exponent and gets 10 Alice raises Bob’s result to her own private exponent and gets 10.

Slide 320

Slide 320 text

Bob raises Alice’s mixture to his private exponent and also gets 10! Bob raises Alice’s result to his own private exponent and gets the same number 10!

Slide 321

Slide 321 text

Because their results were calculated from the shared public generator and prime modulus Notice they actually did the same calculation, because if you convert their results back into their original forms …

Slide 322

Slide 322 text

So, they did the same calculation with exponents in different order, which doesn’t affect the result They both raised the generator to both of their exponents, just with the exponents in a di ff erent order. But changing the order of exponents doesn’t change the result.

Slide 323

Slide 323 text

No content

Slide 324

Slide 324 text

No content

Slide 325

Slide 325 text

No content

Slide 326

Slide 326 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption In the 4th century BC, Euclid showed that every number has only 1 prime factorization - that is, there's only 1 set of prime numbers that multiply together to equal that number.

Slide 327

Slide 327 text

https://www.khanacademy.org/computing/computer-science/cryptography/modern-crypt/v/intro-to-rsa-encryption And prime factorization is a hard problem. If you multiply 2 large prime numbers to get a giant result number, it would be hard to get back to the prime numbers if you only know the result. But now we need a trap door for it …

Slide 328

Slide 328 text

In the 18th century AD Leonhard Euler de fi ned the phi function, which measures the “breakability” of a number. It tells you how many numbers are less than the number that do NOT share a factor with the number. In this case, phi of 8 equals 4. Calculating phi is also a hard function, except for 1 kind of number …

Slide 329

Slide 329 text

the phi value of a prime number is easy to calculate - it's just the prime number minus 1.

Slide 330

Slide 330 text

So, Cox integrated the phi function into modular exponentiation. This means …

Slide 331

Slide 331 text

Alice can pick 2 prime numbers, and calculate their product, and phi value easily. Then she picks a public exponent, and calculates

Slide 332

Slide 332 text

her decryption number.

Slide 333

Slide 333 text

Then she hides everything but her exponent and result, which will be used as a modulus. She can publish these to anyone and everyone.

Slide 334

Slide 334 text

Bob's number With those, Bob can now encrypt a number with Alice's public key.

Slide 335

Slide 335 text

And only Alice can use her private key to decrypt it. Eve would need to fi nd Alice's prime factors to decrypt Bob’s number.

Slide 336

Slide 336 text

So how hard is this? Well, multiplying numbers is easy and stays under a second even for larger numbers. Factoring small numbers is also under a second. But as the numbers get larger, there's an exponential e ff ect where multiplying the numbers is waaaay faster than factoring the resulting number, which can take hundreds or thousands of years.