Cryptography

The History and Mathematics of Codes and Code Breaking

Author: tiburcma

Computer Cryptography

In the chapter titled “Forays,” of Neal Stephenson’s Cryptonomicon, bit-key encryption is introduced as a method maintaining secrecy between the characters Randy and Avi. Unlike the other characters of the novel, Randy and Avi occupy the modern times and must resort to computer cryptography in order to protect Epiphyte, which is no more than “an idea, with some facts and data to back it up,” thus making it “eminently stealable.” They therefore employ a program referred to as “Ordo,” which converts their e-mails and data into streams of digital “noise,” or indistinguishable numerical nonsense. Interestingly enough, the function by which Ordo operates has recently been a topic of discussion in class.

by NIMATARADJI Photography

In the passage, Randy is directed to choose a key length of 4096 in order to communicate securely with Avi. This key length, as suggested by Randy, is entirely secure. However, because random generation of a larger key length requires tiresome effort on Randy’s behalf, he argues that even an inconceivably large super computer would have no hope of breaking a 4096-bit encryption key. Avi retorts with the implications of Moore’s Law, which argues that computing power doubles approximately every two years, and the prospect of quantum computers further validates the possibility for factoring large numbers with ease. The length of a key is thus of utmost importance, even if it is impervious to the efforts of current computing power.

A 4096-bit key, however, is notably secure, as this key length equates to  24096 possible keys. As mentioned in the novel, a key 2048 or 3072 bits in length would halt even the greatest cryptanalysts in their tracks, whereas a 768-bit key would provide security for years to come. This is because a key length does not directly signify the number of possible keys, provided that a key length of 400 generates double the number of possible keys as does 399-bit key.

This passage was captivating for me because my new found knowledge of computer cryptography and key length allowed me to appreciate its implications within the novel just that much more. Furthermore, the argument of Moore’s Law was quite noticeable to me, despite its lack of explicit mention in the passage. Most interesting to me, however, was the theoretical argument that a supercomputer composed of every particle in existence would take “longer than the lifespan of the universe” to crack a 4096-bit key encryption.

Standardizing Security

Cryptology, by definition, refers to the science and study of secure communications. Similarly, the intended purpose of cryptography is to hide information by way of code. So why is it that, to this day, a limit on the level of security for encrypted files exists in commercial use? Moreover, why are civilians denied the highest levels of security, considering that means for optimal encryption are readily available? The controversy at hand is in fact a matter of national security, and the Data Encryption Standard, or DES, is appropriately headed by the National Security Agency (NSA).

After facing much opposition from the NSA, German emigrant Horst Feistel created Lucifer, an unprecedented cipher algorithm, in the 1970’s. In light of its almost guaranteed security, this cipher system was adopted by a number of commercial organizations. Naturally, however, the NSA limited the number of possible keys produced by Lucifer to roughly 100,000,000,000,000,000. In justifying this constraint, the NSA argued that Lucifer, even under these limiting conditions, would provide sufficient security, given the assumption that “no civilian organization had a computer powerful enough to check every possible key within a reasonable amount of time” (Singh, 250). Although a restraint on security for the sake of security at first seems counter-intuitive, and although I am usually a huge proponent of privacy, I have to side with the NSA on this one.

The demand for greater security (if there exists any) seems somewhat excessive. As argued by the NSA, Lucifer provides sufficient security for its intended context. Commercial organizations under the protection of Lucifer are secure from any rival eavesdropper, and therefore need not worry (Sing, 250). Furthermore, businesses protect only information regarding business – their transactions, projected costs and profits, matters of the technical sort. An individual’s personal liberties are not at stake, their right to privacy is perfectly satisfied, and nobody (save businesses in a far-fetched hypothetical hacking scenario) is any more susceptible as a result of the DES. Perhaps the strongest argument yet is in the sake of national security. In my opinion, national security takes precedence over the security of commercial organizations. The NSA was careful to set the encryption standard so that only the NSA, the organization with the most technological resources in the world, could break it if necessary. Therefore, my question is: If the DES satisfies the commercial world’s criteria for security, as well as the NSA’s criteria for national security, why argue for the sake for greater encryption?

Photo: James, I think your cover's blown! by Ludovic Bertron

The Priority of Privacy

In Little Brother, a novel written by Cory Doctorow, protagonist Marcus Yallow, a.k.a. “M1k3y,” battles against the prospect of universal surveillance by the very agency meant to protect him and his country. In his efforts to galvanize an army of young protesters against the radical Department of Homeland Security (DHS), I could not help but sympathize with his interpretation of our constitutional rights as they apply to privacy.

Heroes: M by Frederic Poirot

In a heated class discussion, Marcus argues that the liberties provided by the Bill of Rights and intended by revolutionary forefathers are absolute and unwavering in their applicability. Those siding with the DHS, however, justified the sacrifice of personal liberties in the name of national security. The passage and novel as a whole raises an interesting and relevant question in regards to privacy: In our modern times, is the tracking of our digital whereabouts justified by the assurance (or hopeful promise) of sound national security?

In my opinion, the answer is no. While digital tracking does increase the efficiency of certain services, such as optimizing a search engine or bombarding key demographics with relevant internet ads, it is counter-intuitive in the context of national security. Surely, universal surveillance seems like a logical solution – track everyone, find the culprit. As demonstrated by the “the paradox of the false positive,” however, universal surveillance proves inefficient by amounting to a surplus of unreliable conclusions and data. Of course, there do exist instances in which a narrow, more focused application of surveillance proves effective, but these instances are considerably covert and target highly suspicious individuals (or at least, that’s how the government today makes it seem). But even when ignoring practicality, the implications of surveillance oppose what we believe to be fundamental, inherent liberties stated in the Constitution, but true regardless of context. In saying so, I believe that our digital shadows should be just that, our digital shadows, for no one else to see.

The Motivation Behind Beale's Mystery

Contradictory to the recurring theme of cryptography, it seems as though a certain cipher shall remain impervious to the demystifying test of time. After 100 years of collective effort from professional and amateur cryptanalysts alike, the enticing Beale cipher continues to serve its cryptic purpose. Ironically, its renowned success in befuddling hundreds, if not thousands, of cryptanalysts has in turn attracted additional challengers up to the task of deciphering Beale’s $20 million message. While some cast doubt upon the letter’s authenticity, and others argue that given its authenticity the cipher may never be discovered, the puzzle continually baits the public’s fruitless efforts. But why try where so many others have failed?

Firstly, there exists a tangible reward of considerable value. The treasure as described by Beale is now estimated at a jaw-dropping $20 million – a lucrative reward for solving a single puzzle. Monetary compensation, however, seems a fanciful outcome given the chances that someone might have already discovered the cipher along with the money, or just as simply stumbled across the hidden treasure throughout the course of 100 years. Furthermore, money hardly stands as the driving force behind the efforts of professional intellectuals who presumably practice cryptography for the mystery rather than reward.

Therefore, we may assume that the attraction of a mystery, in most cases, is the mystery itself. Aside from the fame and whatever tangible compensation one receives from unwinding a mystery, personal satisfaction is the main reward. Mysteries lure by way of promising intellectual gratification and abatement of curiosity. Hundreds flock to the Beale ciphers not only for the possibility of gaining fortune, but for the sake of solution, and making order of the problematic, organized chaos that is cryptographic encryption. The Beale cipher presents a formidably reputable puzzle, and there will always be challenger driven by the curiosity of human nature.

Deciphering the Great Cipher

For an impressive two-hundred years, the Great Cipher of Louis XIV thwarted several generations of accomplished cryptanalysts – a surprising feat, given that it did so through the manipulation of a substitution cipher. The cipher was created by the son-and-father pair of Antoine and Bonaventure Rossignal, who were recognized by King Louis XIV for their cryptological prowess. Their cipher was so secure that upon their deaths, decipherment of the French archives became impossible for the following two centuries. In 1890, however, Commandant  Etienne Bazeries, a distinguished expert of the French Army’s Cryptographic Department, began a successful three year endeavor of cracking the 17th-century code.

Despite Commandant Bazeries’ success in deciphering the Great Cipher of Louis XIV, the cipher can be termed “secure,” for it served its purpose well over its intended lifespan. Its success can be attributed to several ingenious cryptographic techniques that the Rossignal’s implemented into the cipher. The superficial level of complexity in the cipher is found in its range of representative numbers, of which there were 587, altogether representing only 26 letters. The wide range of numbers thus circumvented the technique of frequency analysis in its most basic application, for each letter would be represented by more than a single number. Realizing this, Bazeries applied frequency analysis in search of French diagraphs, with which he had no success. Frequency analysis proved effective only in the search of syllabic combinations, meaning that the cipher was constructed entirely from syllables. This characteristic probably grants the cipher most of its security. Because syllables exist in such variety, can be composed of one, two, or three letters of the English alphabet, and have less obvious patterns, it is considerably difficult to identify an applicable permutation of the assumed cipher. Moreover, the Rossignal’s integrated traps within the cipher to mislead a cryptanalyst from deducing the cipher-text. One trap, for example, included numbers that would essentially remove the number prior to it.

The use of syllabic substitution as well as the traps employed by the Rossignal’s certainly attributed to the considerable success of the Great Cipher of Louis XIV. However, as history has demonstrated time and time again, decipherment is only a matter of time.

Frequency Analysis in a Temporal Context

Today even amateurs, given time, are intuitively predisposed to recognize otherwise “logical” patterns strewn in ciphers and codes alike. This is due to the fact that analytic methods now utilized in the realm of cryptanalysis are not products of innate understanding, but a general improvement of societal and formal education as a whole. Frequency analysis today, for example, proves a fundamental and rather elementary conceptual strategy in decrypting an enciphered message. In the wake of cryptanalysis, however, frequency analysis was a novel and unprecedented notion.

During much of cryptanalysis’ infancy, education was a luxury, largely unattainable to the masses of commoners who preoccupied themselves with self-sustaining labors specialized in practicality rather than subjects of intellect. Such individuals would find themselves entirely dumbfounded by the prospect of solving even the simplest encryptions, provided they harbor any extent of literacy. This approach accounts for the inability of the uneducated to resort to frequency analysis, thus furthering Singh’s argument. On the other end of the societal spectrum, scholars managed to stumble upon the prospect of frequency analysis – but only after a considerable amount of time and inquiry. Singh’s argument again proves sound, for frequency analysis incorporates mathematics, statistics and linguistics, itself being a development in all three fields. Therefore, it seems that “a sophisticated level of scholarship” was indeed necessary to consider frequency analysis as a viable approach for solving substitution ciphers – back then. In a temporal context, perhaps a “sophisticated level of scholarship” is not termed appropriately for the overstatement that it is. Amateur cryptanalysts, along with much of the developed world, have likely received a formal education, in which they have been exposed to the very areas of “expertise” incorporated in frequency analysis. Societal exposure similarly promotes the deciphering technique, the best example of which remains “Wheel of Fortune,” which automatically assumes the most frequently repeating English letters as common knowledge amongst contestants. Moreover, modern society in general places great emphasis on cognitive reasoning from infancy to adulthood, surely fueling the tendency to apply frequency analysis by even the most amateur of cryptanalysts.

In hindsight, the development of frequency analysis was indeed a feat of innovative intellect. Today, however, it seems only a natural inclination to attempt such a logical and practical method of deciphering.

Powered by WordPress & Theme by Anders Norén