Contains

1606 words

1606 words

Category

Technology

Technology

Cryptography is the science of encoding a message into a form that is unreadable and making sure only the proper people are capable of decoding the message back into its original form. This is usually done by using an encryption algorithm and a decryption algorithm (these two are often the same) and very often a secret key. Some of the early cryptographic systems did not use a key but instead kept the algorithm itself secret. The message sender uses the encryption algorithm and the key to encode the message, and then sends it to the receiver. The receiver then uses the decryption algorithm and the key to turn back the encrypted message into its original form and read it.

If the message is intercepted on the way by a third party, they will only have unreadable data and will have gained nothing, unless they can figure out the decryption algorithm and obtain the key. This is why the key is never to be sent with the message, and has to be kept secret at all cost. If the key is compromised, the sender and the encrypted data is no longer safe. The sender and the receiver then usually agree on a new key to prevent any further damage.

In ancient Greece, around 550 Bc, messages were sent encoded to generals and could only be decoded using special staff keys. The key actually consisted of a physical object, which was applied on the message to get the decrypted version of it. In 50 Bc., one of the most simple cryptographic algorithms ever used was the one called the Caesar cipher, that was used by Julius Caesar to send messages to his generals. It consisted simply of switching each letter with the letter that was 3 letters further down the alphabet.

For example "Stephen" would become "Vwhskhq". To decrypt the message, the receivers would simply subtract 3 letters from each letter. This algorithm was later improved and called ROT13, where the letters could be shifted to any number between 1 and 25, and the number of letters shifted was the secret key. This very simple algorithm has been used on Usenet successfully to prevent people from inadvertently reading materials they might find offensive.

Monoalphabetic substitution is another simple step away from the ROT13 algorithm. In this algorithm, each letter correspond to another letter but in no particular order. For example a = d, d = x, f = e, etc for all 26 letters. This made it much harder to break but also made fairly big keys that couldn't be memorized, since they consisted of 26 pairs of letters.

In France during 1585, members of the king's court liked to send romantic or gossip messages to each other and encrypt them for safety, which becomes almost a necessity. Blaise de Vigenere came up with a poly-alphabetic substitution known as the Vigenere cipher. Basically, the algorithm would encrypt messages several letters at a time instead of letter by letter. For example ab = fh, th = sq. To simplify the huge keys it would require, the key was broken into a table and a key, the table was fairly big but the key was small enough to be memorized, and the table was useless without the key. This cipher wasn't totally safe but no totally sure method to break it was developed before early in the 20th century.

During World War I, American troops used native Indians to send messages over the radio, which could only be understood by other native Indians, and absolutely nobody in Germany could understand it. Also in World War I (most cryptographic algorithms are developed for wars), the Playfair algorithm is developed by the Allies, the key, like in the Vigenere cipher, is based on a little table and a short keyword, which were both changed periodically. The rules used with the table were much more complex and made it fairly safe.

In World War II, however, the Germans gave up on abstract algorithms and came up with a physical encrypting/decrypting machine called the Enigma. It had different wheels of different sizes which were to be tuned differently depending on the date, the different turnings were listed in a little booklet that came with the machine. It wasn't broken before the Allies finally managed to capture enough pieces of the machine and collect enough data from operating errors by the Germans.

Whitfield Diffie and Martin Helbman (1976) come up with the notion of Public Key Cryptography. In 1977, RSA (Ronald L. Rivest, Adi Shamir and Leonard M. Adleman) develops a Public Key algorithm based on large prime numbers that is theoretically impossible to break in a reasonable amount of time. Digital signatures were also made possible.

1991, PGP (Pretty Good Privacy) reuses an algorithm very similar to RSA's and gets posted on the web. Phil Zimmerman gets sued for both exporting cryptographic data and violating copyright laws. A new version of PGP is quickly developed which is different enough from RSA's to be marketed. Because of its broadcasting on the web and the fact that it is freeware, PGP becomes one of the most widespread crypto systems.

Now, we will quickly go over the concepts of public key cryptography and the global idea of how the RSA algorithm works (or PGP, they are almost the same), as well as digital signatures and ?digicash?. I will also explain the general methods used to break most ciphers. I cannot however explain in detail because I cannot broadcast that kind of information without breaking the law which I will explain later.

Public Key Cryptography

The main problem with most cryptographic algorithms is that they are vulnerable to having the key exposed, and the key has to be agreed on by the sender and the receiver ahead of time. This means that when the sender and receiver exchange keys the first time, there is an opportunity for a third party to capture the key (or whenever keys are changed, in many cases keys were changed periodically for additional safety). This is exactly what public key cryptography avoids. The receiver of the message sends his public key to the sender. It is a public key, so it doesn't matter if the whole world knows the key or not. The key can only be used to encrypt data, not decrypt it. Then the sender will encrypt the message with the public key and send it to the receiver. Once the receiver received the data, he takes his private key and uses it to decipher the data. Note that the private key was never transmitted by the receiver to anyone, so it is almost invulnerable to exposure. Also note that the public and private keys work in pairs. There is only one private key associated with each public key and vice versa, and ideally it is impossible to find one key from the other one.

If someone intercepts the message he gets only an unreadable encrypted version of it, and using the public key or any other incorrect key used with the decryption algorithm will simply generate another series of numbers. If the receiver wants to reply to the sender, the sender has to have his own set of private and public key as well, and then the whole story goes on again the other way around. Ideally, there is even a phonebook of all public keys so that anybody could send an encrypted message safely to anybody else by simply looking up that person's public key.

The RSA Algorithm

The RSA algorithm is based on large prime numbers. One very interesting property of large prime numbers is that it is very hard to find out wether a very large number is a prime, and if it is not, finding out what numbers it is a product of can be very hard too. So if we take two (very) large primes and multiply them together, we get a number that is almost prime, and it will be very hard to find what two numbers were originally multiplied to obtain it. These numbers are used as the public and private keys, since it is very hard to find them. Theoretically, if the keys are chosen large enough, breaking the RSA algorithm would take several hundred years using all the biggest computers on the planet put together. RSA has offered a large amount of money to whoever comes up with a reliable and fast algorithm that can break their code. They still have all their money.

Digital Signatures

There remains one problem with passing all these messages: messages can be passed from sender to receiver safely, but the receiver has no means of determining who the message was actually from. For example, Bob could take Joe's public key and send the following message to Joe: "You're a wuss. signed: Jack". Now, when Joe receives this message, he has absolutely no way of telling that Bob sent the message, and not Jack.

This is where digital signatures come in handy. They allow a person to sign a message in a way that certifies that the message was actually sent by them. This is done by using one other interesting property of the private and public keys in RSA: they can be reversed in the ...

This isn't perfect but it is a good start Who is supposed to be the watchdog on the net? This question will raise the temperature in almost any room. The government already has to many regulations on lots of things, who wants Uncle Sam's hand in the web. Some of the regulations that are applied are there for specific reasons. Those protect th...

The Internet has emerged as the most rapidity adopted communication medium in history. The Internet by design is de-centralized, inexpensive, uncensored, and accessible from anywhere in the globe. Bill Gates contends that the Internet is first step along the 'Information Superhighway', which will ultimately create a 'global village' that will...

Network Security and Firewalls In our age of decaying morals, we find the need for security in every aspect of life. There are far to many people that are willing and able to take anything they can that doesn't belong to them. We have security everywhere we look. There are armed guards in our stores and even schools. Police officers p...

Green Architecture is an approach to building which has become more popular in the last 25 to 30 years. Also known as sustainable design, green architecture is a method of design that minimizes the impact of building on the environment. Once thought of as unconventional and nonstandard, both regulatory agencies and the public ali...

The average driver doesn't think about what keeps their car moving or what keeps them on the road, but that's because they don't have to. The average driver doesn't have to worry about having enough downforce to keep them on the road or if they will reach the adhesive limit of their car's tires around a turn. These are the things are the car d...