Cryptography is the art and science of hiding data in plain sight. It is also the art and science of stealing data hidden in plain sight. There are at least three players. The first is the one who has the original data, which is presumed to have high value to others. This data is presumed to reside in a safe place that no one but the originator and his/her friends can see. (If the originator cannot physically secure the original data, cryptography is a waste of time). Now, for cryptography to be necessary, the data must, for some reason, have to be transmitted over some public means such as a telephone line, a letter through the mail; any means that cannot be physically secured by the owner to a legitimate receiver of the data. The receiver is the second party. Cryptography is any transformation of the data into a form it is hoped that cannot be recovered in a timely manner by an unknown party, which is called here ‘the opponent’. The transformation is not some physical means, such as hiding the data on microfilm or some such; it is some mathematical transformation of the original data that the receiver on the other end knows how to undo. The process of scrambling (transforming) the data is called ‘encryption’. Unscrambling is called decryption. An encryption system has two basic parts.
1) A general transformation process called the encryption algorithm.
2) A customization of that algorithm called a cipher key. The sender and the receiver must find a secure means to exchange the cipher key. That is, the same public means used to send the encrypted data cannot be used. This may be a difficult problem, and has a variety of solutions, but will be assumed solved for now. Once the key is successfully exchanged, the two parties can separately implement the encryption algorithm and its inverse, the decryption algorithm. At this point, the data can be transmitted in its encrypted form using the agreed-to key to customize the general algorithm to a particular version that transforms the data. Since the encrypted data is sent over some insecure medium, it is assumed that an opponent (the third party) may intercept the data, possibly without being detected, and analyze the encrypted text, also called cipher text. In theory, any encryption system can be defeated, given enough time. The amount of time it takes cannot always be predicted. This is because the opponent can supply extra information that might reduce the computation time a great deal. For one thing, the sender and receiver may make a very poor choice of cipher key. If the opponent has a list of poor keys, a computer may permit a large list of such keys to be tried; if the poor key actually used is on the list, the opponent wins even if the encryption system is otherwise secure. All methods the opponent dreams up have one thing in common. It is an attempt to recover the original data without advance knowledge of the particular cipher key. There are a wide variety of means available and some will be described later on. The name for any of these methods is called ‘cryptanalysis’ and the person who does the penetration is called the cryptanalyst. In diagram form (the boxes indicated physically secure areas)
| ————– Sender | | Receiver “x” | | cipher key cipher key |——-> y —–>| y=Encrypt( | | | x=Decrypt(y,key) x,key) | | | ————-| | |————- V Opponent z = Cryptanalysis(y,Encrypt Algorithm, general knowledge of x, guesses about secret key, statistical analysis of y) The opponent uses Cryptanalysis of message y until the value z is either equal to x or z is “enough” like x to accomplish the illicit purpose. The sender and receiver win whenever recovery of z takes too much time.
What makes a system ‘good’ relies on many details specific to a given situation. Only after a lot of ingenious attacks are tried can a system be released for use. There never can be any absolute guarantees. All that can be said is that it defeated the best experts available. The opponent may be smarter. However, there are some agreed-to minimums that a good system must have to even be worth serious analysis —
1) It must be suitable for computer use. Ordinary byte streams (as arbitrary as possible) would be the input “plain” text and byte streams would be the output “cipher” text. There should be few cases where some kinds of input text produces poor results and these, if they exist, should be easily known, described, and avoided.
2) To be cost-competitive, it must produce about the same number of output cipher bytes as input plain bytes. Relaxing this restriction is not as helpful as one might think; the best historical systems meet this restriction, so a new system must meet it also.
3) Output bytes should have a complex relationship between the key, the plain text being encrypted, and possibly some amount of text previously encrypted. “Simple”, general methods, such as creation/construction of minterm sums and matrix inversions should not produce the cipher key or an equivalent, usable illicit decryption method.
4) Trying all keys must not be practical. Trying a cleverly ordered subset of the keys must not work. This is hard to achieve; it means that the failure of a particular key X to illicitly decrypt must not also allow an opponent to conclude that some large class of keys “similar” to X need not be tried. All keys must be equally strong; any exceptions must be well known, few in number, and easily avoided.
5) Assume all details about the encryption algorithm are known. Relying on a secret method has failed repeatedly. It is prudent to assume only the variable part of the system, called the cipher key, that is selected by the customer, is unknown.
6) Classical attacks must be tried in great variety and ingenuity. Details of this are beyond the scope of this file. For a summary of the principal attacks, see Question 5, “What are the principal cryptanalytic attacks?”. It is easy to do this particular step incompletely. Remember, there may be little effective limit to the resources or the brainpower of one’s opponent. The data may be very valuable and it make take only a couple of days rental of the right kind of consultant and a supercomputer to get the job done. The legitimate user will, by contrast, have a smaller budget that is begrudged as “overhead”.
7) Performance must be competitive with existing solutions. A practical problem is that every moment spent encrypting is regarded as “overhead”. Therefore, the method must not be uncompetitive with existing algorithms regarded as secure. Inventing one’s own system is an interesting pastime and quite educational. However, any hope of really securing data requires, at the very minimum, mastery of illicit decipherment. It is very easy to scramble data impressively and please oneself. This is not the same as keeping it actually secure.
What is a Public Key system?
A public key system is an encryption method with a unique property — encryption and decryption use different keys and one of those keys can be published freely. Being able to pass around the ‘decrypt’ key part of one’s encryption algorithm allows some very interesting things to happen. For one thing, messages can be exchanged by people who had not planned on doing so in advance. One merely encrypts in one’s private key, decrypts using the receiver’s public key and passes on the result to the receiver. The receiver encrypts in his/her own private key, then decrypts using the sender’s public key, recovering the message.
What is key distribution?
Key distribution is the practical problem of exchanging keys between the parties that wish to set up an encryption system between the two of them. Especially in a network environment, passing keys one can trust back and forth, can be difficult. How can one be sure a cipher key was not sent by an imposter? Unless the keys are exchanged in a secret, secure place, face-to-face, getting keys securely exchanged and with knowledge of the fact that the key was sent authentically can be difficult. Yet, any practical system must permit reasonably convenient, but very secure exchange of cipher keys. Once a few special keys are securely exchanged, it may be possible to send new cipher keys in encrypted form between the sender and receiver that have a known lifetime. That is, the cipher key is sent in a special encrypted message using a special key used only for exchanging keys. In telecommunications environments, this allows frequent change of keys between the parties ‘safely’ over the same insecure medium used to send the cipher text. While this idea is at the heart of much commercial use of cryptography, it is not easily accomplished and less easily summarized.
What is a “one time pad”?
The ‘one time pad’ is an encryption method that is known to be absolutely, provably secure. How it works is as follows —
1. Generate a huge number of bits using a naturally random process.
2. Both sides exchange this data, which is as much data as they are going to exchange later on.
3. Exclusive OR the original text, bit by bit, with the ‘one time pad’ data, never reusing the ‘one time pad’ data.
4. Have elaborate rules to keep the two sides in synch so that the data can be recovered reliably by the receiver. (Both sides must know where they are in terms of how much ‘one time pad’ has been consumed). Note that only genuine, naturally random processes will do. There must be no relationship between any prior bit of the ‘one time pad’ and a future bit of the key.
“Random number generators”, in particular, may not substitute and still be a ‘one time pad’. The reason it works is precisely because there is no relationship between any bits of the key stream. All cipher keys are equally probable. All original data messages are equally probable. There is no ‘hat’ to hang analysis upon. Even if one can inject as much text into a one time pad as one wishes, recovering the key stream tells nothing about the next message. Unfortunately, one time pads are very ungainly, so they are not typically used. The requirement to have a genuinely random process, with the right kind of statistical probability, is not easy to to set up. The ability to exchange vast amounts of data, securely, in advance, is not easy to achieve in environments when encryption is needed in the first place. There are a variety of cipher systems which generate “pseudo one time pad” streams of cipher key, but all have the same theoretical vulnerability; any algorithmic process introduces relationships between some old key bit(s) and the new key bit and so permits cryptanalysis. “Random number generators” are frequently dreamed up by newcomers as a “pseudo one time pad”, but they are notoriously vulnerable to analysis, all independent of whether the pseudo-random stream satisfies randomness tests or not.