Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: cryptography (Page 1 of 4)

Breaking Codes Is Much More Difficult In Practice

In Chapter 3, Singh provides an example of breaking codes with keywords and makes everything seems quite easy. However, in practice, breaking such a code is definitely difficult and needs a lot of time and work.

Say you have a message which is enciphered by using a keyword as long as the plaintext. The first thing is that you can't use the Kasiski examination technique. The only way to start is to try some common words to find a clue about the keywords. In Singh's example, he assumes that the first word is "the". That is a reasonable strategy because "the" is one of the most frequent words in English. However, what if the first word is not "the" but one of the other common words? There is a problem that if the common word in the plaintext is a word with only one or two letters like "a" and "in", Singh's method described in the book will be useless that he couldn't find any corresponding key letters because there are too many possible combinations of two letters to check one by one. Also, Singh's deduction of the construction of the keyword is actually a special situation. Consider if you guess "CAN" and "YPT" in the keyword, it's actually hard to correspond them to "Canada" and "Egypt" and it must take a long time to try all the possible combinations. Finally, the work to find out the last four letters in the keyword is also a hard work which needs a lot of time even with the clue that it is a country name, let alone that in a usual time we don't have an explicit clue like the country name. Singh just assumes he is the most fortunate one that his every shot is perfect when breaking this code.

Besides all of these above, there is another thing we should know that probably we would face the problem of false positives in our breaking procedure. There are thousands of combinations with several certain letters and short words, how could we make sure that we get the right one? Each time we go on with an assumption means that we will spend a lot of time on this assumption and if we failed, everything needs to run again to check the next one.

Uncertain Environments Generate Safer Practices

An environment in which one knows he or she must constantly maintain precautions is safer than one where they are unaware of the dangers that potentially exist.  

This concept is exemplified in the case of Mary Queen of Scots by the simple fact that her naive belief that she was speaking in secrecy directly resulted in her death. She essentially signed up for her own funeral by openly disclosing matters of treason. If she had been living in the era in which it was common knowledge that a “codebreaker might intercept and decipher their most precious secrets,” (Singh, p.45) then it is much more likely she would have been less forthcoming with the information she provided in her encrypted messages.

The new environment created was far more advanced than anyone in her time could have predicted. Mary’s generation falls in the era of monoalphabetic substitution, whereas the new age moved on to as many as twenty-six (polyalphabetic). Furthermore, everyone in this new era of cryptography frequently changed their methods. They would not be caught dead using such a basic cipher over a prolonged period of time to transport such crucial information. Even the ciphers used for general business information transported by telegraphs was more secure than the cipher Mary trusted her life with.

The new environment of encryption even allowed for progression in the cryptography field. As ciphers became more complex, more professional codebreakers emerged that continued to prove how difficult it was to create an uncrackable code. In turn, this generated more ciphers and the loop continues from there. Progression did not just make the population more cautious, but it also generated societal growth.

Mining Student Data - To protect students or invade students' life

In his essay, Michael Morris states that through mining student data, threat-assessment teams of universities have a great chance and plausible accuracy to predict possible violent behaviors with mining algorithms. As a result, it is responsible for every university to monitor students' academic record and prevent every possible tragedy.

Undoubtedly, in no way are we supposed to turn blind eyes to the fact that as the development of statistics and computer science, the mining algorithms is remarkable in this Internet era. Like the way Amazon know what productions we are interested in and may purchase and recommend them in our app,  threat-assessment teams are probably detected most of possible violent behaviors before they come true. So mining student data can be a effective way to prevent those terrible issues like suicide or criminal behaviors. 

However, the accuracy of the mining algorithms is not 100 percent, or even far less than 100 percent. As Micheal Morris said in his essay, I have had my credit-card transaction declined for many times since I created in China but lived in America now. The bank monitored my transaction record and defined it as an unusual pattern of spending America dollars with my credit card. My life was heavily infected during the time my card was freezing. The protection that bank provided actually based on the inaccurate result of the mining algorithm and it took the unnecessary action. The same as my bank, Amazon usually makes inaccurate prediction and recommendation as well, that's why our app often shows productions unrelated to our interests.

Similarly, the mining algorithms can lead threat-assessment teams to wrong direction and judge some nonviolent academic record as possible threat to campus safety. If a university take action according to that prediction and ask an innocent student to have a conversation, that will definitely affect the student's daily life. The feeling of being monitored and offended will come to the student and prevent them from concentrating on their career. In that case, the university just invade the student's life let alone by a way that even though the university does not take any action, it has already pried the student's privacy.

Under the situation that the algorithm can not reach 100 percent accuracy, universities which use the data-mining technology may invaded normal students' daily life. As a result, I disagree with the statement of Micheal Morris and consider that it is not time for universities to abuse the data-mining technology.

 

 

Different Applications of Cryptography Over Time

The only records we have of cryptography used in the past come from people with the resources and technical skills to encrypt and decrypt messages, whether they were World War II spies, Arab scholars, or Greek military leaders. Although not all of the encryption methods mentioned by Singh in Chapter 1 required exceptional resources (the Spartan scytale method used only a staff and parchment), they all required an understanding of the concept of encryption, which was a largely unused technique prior to the development of each cultures' breakthrough cryptography methods. Additionally, it's a reasonable assumption that cryptographers would have wanted to keep their methods secret from the general public, as knowledge of the code would have weakened the encryption. Therefore, I believe that the reason so few records of cryptography exist outside of well-resourced people is because they closely guarded the secrets to their specific codes after development, which, once revealed, often turned out to be simple and did not require exceptional resources.

However, this only applies to encryption and the building of ciphers. The techniques the Arabs developed for the decryption of substitution ciphers required extensive knowledge on linguistics and math, as frequency analysis only works if the cryptanalyst is familiar with the mechanics of a language.

Over time, techniques for encryption and decryption have been constantly improved in an arms race to create more secure codes and ways to break them. Nowadays, the most secure encryptions are created using supercomputers and unique encryption keys, which arguably requires more exceptional resources than simply deciding on a certain substitution cipher. However, the most significant difference between cryptography now and then is that very secure encryption is available to the general public, while people in the past who weren't involved in the encryption and decryption process had very limited access to effective cryptography. Although only the developers of specific encryptions know the specific mechanics, they are made available for anyone to use.

 

How to Keep Communication Relatively Safe through Cryptography

"A weak encryption can be worse than no encryption" because it gives the communicators a false sense of security (41). As a result, they would fail to conceal their meaning in writing and use plain language.

What's communicated throughout the chapter is that one form of encryption is never enough. If one only employs the method of stenography, the message could be completely compromised upon discovery by the enemy. On the other hand, reliance on one form of cryptography is likewise reckless. Even in Queen Mary's case, as she employs several methods to conceive her message, the secret was still easily discovered.

To keep communication safe through the usage of cryptography might mean multiple forms of cryptography. For example, a substitution mixed with transposition, which adds an additional layer of protection. While that might still be insufficient, one could always choose to hide words by using secret language codes (unlike the codes adopted in encryption). For instance, "to assassin Queen Elizabeth" could be written as "to execute the sailing plan". In Queen Mary's case, such communication could have saved her from facing the death penalty.

Cryptography is only adopted when the messengers can't meet in person, in which case some form of written message has to be created. The key and algorithm, however, are always vulnerable to the risk of being deciphered. Cryptanalysis developed alongside cryptography. Thus, the security of encryption depends on how long it's going to take for the enemy to decipher the code. In other words, cryptography is a highly time-sensitive tool. The complexity of encryption could largely increase security, while also decreasing efficiency to communicate for all parties involved.

When Cryptographers Die

There were many strong ciphers that seemed impossible to decipher, but only one has the name "Great Cipher." The Great Cipher stood undecipherable for 200 years. Created by Antoine and Bonaventure Rossignol, it was used by King Louis XIV as a way to keep his secrets hidden, "protect details of his plans, plots, and political schemes." He was impressed by the cipher and the Rossignols' so much he gave the father-son duo offices near his apartments.

What made the Great Cipher so great was the combination of its use of syllables as cipher text in the form of numbers, and the death of both Antoine and Bonaventure. The Great Cipher was secure because it turned basic french syllables into cipher text into numbers, specifically 587 of them. As mentioned before, 200 years went by before it was deciphered. Many people tried their hand at the cipher and ultimately failed, died, or gave up before they could solve it. Along with the death of the Rossignols, there was no one to read the messages. This lead to messages being unreadable for years, thus securing the cipher for years until Etienne Bazeries deciphered the Great Cipher. This still took him a total of 3 years of work of using various techniques. Some of these techniques led to gibberish and complete restarts of his journey. He finally considered the numbers could be syllables, then he found a single word, "les ennemis," from a cluster of numbers that appeared several times. From here he could examine the other parts of cipher texts and decipher them.

The Great Cipher is remembered as one of the most secure ciphers in all of history. The techniques used to decipher it are still used in other deciphering techniques, and it is one of the "forefathers" of today's unsolved ciphers.

Security vs Privacy: The Dangers of too much Authority

Chapter four of Little Brother really made me mad due to the abuse of basic human rights the American government was willing to surpass in order to receive more legalized power. Expanding on this problem, I am going to address how the governments abuse of Marcus and other captives basic human rights directly relate to the government trying to get more legal power through the public's fear. When Marcus was captured, bagged, and brought to an interrogation facility, nicked named Gintmo-On-The-Bay, his fourth amendment right was violated. The fourth amendment states "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized (Cornell Law School)." Marcus' personal digital activity and information was searched unreasonably, he was seized illegally, and he was forced to sign a paper saying he was voluntarily seized and interrogated which I would consider a violation of the fifth amendment which protects people from self incrimination. Because of the government trying to "secure" it violated peoples rights. The governments concern with security, in this case, was false making their actions even worse. The American government in Little Brother had a goal of taking advantage of a terrorist attack and blaming it on the lack of security. From there the government would expand on its power by persuading citizens to support laws that give the government more surveillance control over the citizens themselves. This is dangerous because as the government receives more surveillance power, it becomes easier to label a protester as terrorist. Once this happens, innocent people such as Marcus, will be captured and interrogated based on faulty information.

A false sense of security

In Chapter 1 of Singh’s The Code Book, he states that “The cipher of Mary Queen of Scots clearly demonstrates that a weak cipher can be worse than no cipher at all”. Singh means that sometimes having a layer of security can be more detrimental than having none at all because it gives the sender and receiver a false sense of security.

If the sender and receiver are under a false sense of security due to their encryption, they are under the assumption that if it is intercepted it will not be deciphered. Thus, they may be think it is fine to make their intentions clear in the passage, or even worse, give details of other unnecessary information. However, this provides incriminating evidence in ‘black and white’ — literally. This is demonstrated by Babington’s ease in providing details of the plot to Queen Elizabeth as well as providing the names of his co-conspirators. However, if there was no encryption, both sender and receiver would be more inclined to make sure the message didn’t contain any information that could incriminate them as well as taking further measures to ensure that the message doesn’t get into the hands of the enemy, unlike Babington’s trust of Gifford, who was acting as a double agent. Singh also implies that people who, like Babington, tried to keep their messages safe through ciphers often overestimated the strength of their ciphers. This often lead to an incorrect feeling security which in turn ended badly, and in some cases tragically.

To conclude, looking back at the tragic story of Queen Mary, Singh suggests that even though you may encipher your text, you should not feel overly comfortable or safe. Rather, you should err on the side of caution, both in the delivery and in the content of the message that has been encrypted.

A False Sense of Security

In saying "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.", I believe that Singh is implying that in using a cipher, Mary and her recipient felt much safer than if they had used no encryption at all. They believe their message is secure, so they do not feel the need to be discrete in their language. Had they not used any encryption, the content of their messages would not have been nearly as direct as it was with the encryption.
For those who attempt to keep their communication secret through encryption, this statement implies that their encryption method needs to be rather strong if they expect it to be effective at concealing their messages. One cannot hope to use a simple Caesar cipher effectively, as that encryption method is rather weak. It could be cracked by even the lowliest of amateur cryptographers in a small amount of time. The fact that Singh describes the cipher of Mary Queen of Scots, an encryption method that I couldn't hope to begin to comprehend, to be weak implies that for an encryption method to be effective, it must be very complex. This tells me that unless you and your recipient are seasoned cryptographers, you shouldn't bother trying to encrypt your messages, for one could decrypt them with ease. Instead, you should try to use more discrete language and keep in mind that your words could very well fall into the hands of your enemies.

A False Sense of Security Plus Treason Equals Death

Portrait of Mary, Queen of Scots. BBC

Portrait of Mary, Queen of Scots. BBC

In Singh's The Code Book, the story of Mary Queen of Scots illustrates the dangers of having a false sense of security.  There are countless examples throughout history, but perhaps the most well-known example of a false sense of security is George Washington's crossing of the Delaware to attack the British on that fabled December night in 1776. The British had wrongfully believed that Washington's men were incapacitated and unable to attack, and as such they let down their guard. As we all know, Washington and his men pounced at this opportunity and were able to turn the tide in the American Revolution. If the British had not become so complacent and careless in their actions then the very country we live in probably does not exist today.

In this same sense, Mary and her fellow conspirators "let down their guard" by explicitly detailing plans of attack, names of conspirators, and other incriminating information in their letters. In saying that "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all" (Singh 41), Singh is telling us that if someone believes they are using a strong encryption system, even if it is easy to crack, then they will be apt to send important information via the encryption system. However, if one knows that an encryption system is insecure, then they will be much more likely to restrict the information in the letters. In Mary's case, she fell victim to believing that her encryption system was much stronger than it was, and as a result once Thomas Phellipes easily deciphered the letters, she was sentenced to death. If Mary's group of conspirators had known their code could be easily broken, perhaps they would have been able to successfully take back the throne.

While this would seem to suggest to others using cryptography that they should not send any incriminating information via enciphered text, at the same time there might not be a better option. One has to wonder what better alternatives Mary and her co-conspirators had, even if they had known that their code could be broken. The letters were all being intercepted anyways, so in reality the plan could never have succeeded. However, Mary did teach anyone contemplating the use of encryption at least one thing:

A False Sense of Security + Treason = Death

Page 1 of 4

Powered by WordPress & Theme by Anders Norén