21 Oct Secure It! – A Resource Guide to Cryptography
Cryptography, which involves computer science, math, and electrical engineering, is the science and study of codes, cipher systems, and secret writing. Historically, cryptography was considered to be the same thing as encryption; however, due to recent technological advances cryptography has become a much more diverse discipline. Most current cryptography is based around designing computationally secure algorithms. These algorithms are difficult, but not impossible, to figure out. The largest factor that makes an algorithm secure is the difficulty and amount of resources involved in figuring it out. Most codes can be broken, but some people may not want to devote the resources and time to doing so.
In order to understand cryptography, one must first understand some essential terms. Encryption, the basis for cryptography, is the translation of information into incomprehensible nonsense, which is called ciphertext. Decryption is the complementary process to bring the ciphertext back to normal language, or plaintext. A cipher is a set of algorithms from which the encryption and decryption result. The key is the instructions for decoding the encrypted data. A cryptosystem is a set of possible cryptography elements that could match up to a key. Code is replacing a regular word with a code word. Cryptanalysis is the study of how to crack the encryption. Cryptolinguistics is the study of how language applies to cryptography.
Today, cryptography is used in many things in our daily lives, for example, ATM cards and computer passwords. However, when cryptography first originated it was mostly used by the military and diplomats to keep communications confidential. Early cryptographic techniques were fairly simple. A few examples are transposition ciphers, substitution ciphers, and steganography. Transposition ciphers simply reorganize the letters in the message, while substitution ciphers replace letters in each word with other letters. Steganography hides the message, which may be written in some form of code. Most classic ciphers are fairly easy to break and became even more so after Al-kindi, a mathematician, discovered frequency analysis in the 9th century. Between ancient modern times, several new advances in cryptography were made. This includes the development of the polyalphabetic cipher, which uses different ciphers for different parts of a ciphertext, by Leon Battista Alberti in 1467. Another advance was the invention of Kechkhoffs principle: even if the person trying to break the cipher knows what the system is, as long as they cannot discover the key, the cipher is adequately protected from attack.
After computers were invented, so too were more complex and difficult cipher systems. These new systems were based on encrypting data in a binary format. On the flip side, computers also make cryptanalysis much easier, so cipher has to become more complex as well. Also, most ciphers are now based on complicated mathematical equations. These equations are solvable, but as long as they are complicated and take a lot of resources to solve, the cipher is still considered effective. Modern cryptography involves several areas of study including: symmetric-key cryptography, public-key cryptography, cryptanalysis, cryptographic primitives, and cryptosystems.
In symmetric-key cryptography, the same key is used to encrypt and decrypt the message. Most symmetric-key ciphers are either block ciphers, where the input and output text is the same size, or stream ciphers, which create a long key that is combined with the plaintext that is to be encoded. Cryptographic has functions that are also an example of symmetric-key cryptography. This method creates a fixed length hash from the message that is entered. In public-key cryptography a public, or known, key is used to encrypt the message, while a private key is used to decrypt. This system is often used for digital signatures, because the signature is unique to the person producing it and cannot be moved from document to document. Cryptanalysis is what most people would refer to as “code-breaking,” or an “attack.” There are several different types of cryptanalysis that may be attempted. One such attack is a ciphertext-only attack, where the attacker attempts to decode encrypted text. In a known-plaintext attack, the cryptanalyst attempts to break the code by comparing the plaintext to the ciphertext. In a chosen-plaintext attack or chosen-ciphertext attack, the attacker either learns what the ciphertext version of a plaintext is or vice versa. Other attacks involve attempting to solve the mathematical equation on which the encryption is based. A side-channel attack is an attempt to solve the encryption algorithm based on its use in a device. Cryptographic primitives and cryptosystems are two more branches of modern cryptography. Cryptographic primitives are simple algorithms on which more complicated cryptography is based, while cryptosystems are more complex than cryptographic primitives and are often used for security.
Although cryptography is studied and used quite often in the United States, there are quite a few legal issues involving cryptography. In fact, after World War II it was actually illegal to sell encryption technology to anyone outside of the US. However, in the 1990s several court cases arose that precipitated a change in the law. The first case arose because of an encryption program, Pretty Good Privacy, designed by an American, Phillip Zimmermann. The program ended up on the Internet, accessible to anyone. The FBI investigated Mr. Zimmermann extensively, but did not charge him. A student, Daniel Bernstein eventually filed a lawsuit against the government regarding cryptography restrictions and won. The court decided that cryptography was protected as free speech. After this, the United States along with 38 other countries signed the Wassenaar Arrangement. This resulted in certain cryptographies not being export controlled any longer.
The laws have changed, but there are still other issues aside from the export of cryptographic technology. One such issue is the National Security Agency influence on the development of cryptography. In the ‘80s, NSA asked IBM to keep some of its techniques secret, just in case the government wanted to use them as their standard. However, even though the technique was kept secret, someone else discovered the technique of differential analysis and released it. NSA was also involved in the Clipper Chip Affair in 1993. The microchip, known as the “Clipper Chip” was supposed to be part of a cryptography control initiative, however, many cryptographers criticized the initiative. The cipher was classified, but the government had a copy of the key for law enforcement. This made the system vulnerable to attack.
Another relevant issue is digital rights management. As much of our media comes in digital form, protecting it from unauthorized copy and distribution is a major concern for copyright holders. The Digital Millennium Copyright Act was signed in 1998, making production and use of some cryptanalytic technology and techniques that can evade DRM illegal. This law is not enforced frequently but it is still rather controversial as, in theory, this law could make all cryptography illegal.
For more information on cryptography visit: