Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: Mary Queen of Scots (Page 1 of 2)

Assume the Worst

Before the Vigenère cipher, a simple monoalphabetic substitution cipher was the most advanced encryption. This is a weak way of coding however, as an encryption is only as strong as the key used to create it, and tools such as frequency analysis make this easy to conquer. Any code could be broken if the person who intercepted it was well acquainted with basic deciphering methods. The best way to protect your secret message was to assume that anyone could intercept and decipher your code. It was a given that before the Vigenère cipher was invented, that no encryption was completely safe. That being said, not many people realized this and truly thought they were keeping their secrets safe. A perfect example of this is Mary Queen of Scots.

Mary Queen of Scots spent her time imprisoned sending encrypted messages back and forth with a conspiracy group. Mary, along with the rest of the group, ignorantly thought that no one was able to crack their "master" encryptions. As a result they talked about many sensitive topics, especially the coup to overthrow the Queen of England. Their false sense of security led to their demise because, in reality, their code was very easy to break. They thought that their code was unbreakable, however, there was no sure way to know how accurate this claim was. Mary downfall was underestimating the environment in which she lived. She assumed that no one would be smart enough to break her code, but as she soon learnt, an encrypted message can be cracked to spill the secrets it contains.

Diffusion of Knowledge and Awareness

In the time of Mary Queen of Scotts, Mary, her conspirators and others trusted the encrypted messages would remain secret, trusted the difficulty of their key, and trusted the inability of others to decipher coded messages. Even though they were not aware that their trust ended in Mary Queen of Scotts death sentence, it was this lack of knowledge and lack of paranoia that allowed this to occur. The environment in Chapter 2 represents that of knowledge and awareness. As people were able to decipher others coded messages it posed the question: who says they can't determine mine? With this increasing awareness of other peoples similar capabilities, this then caused a lack of trust in the system and even deterred from the use of encryption. If an encrypted message was likely to be decrypted by an unknown and unintended recipient, there was not point in writing the message. The ability to decipher others messages also turned into a game. For example, since people did not trust the mail or content of the letters from being discovered, they attempted to write notes in newspapers where at least their identities could remain anonymous. However, cryptanalysts then responded to these messages using the coding system in the previous message. In one instance, a woman aware that her code had been broken warned her recipient through the next newspaper that the code had been broken except she used the same code to relay the message and stated his name. This scenario is humorous as the woman now told the cryptanalysts the recipient's name making the system just as compromised as letters had been. Overall, the new environment caused awareness to increase leading to more caution in transporting private messages, and also led to the yearn to create more difficult coding systems that could not be deciphered easily.

An Insecure Environment

Before the Vigenère cipher, which gave more security for code makers, “anybody sending an encrypted message had to accept that an expert enemy codebreaker might intercept and decipher their most precious secrets.” (Singh, p. 45).  Nothing of extreme importance should have been sent because the risk that it could be read by a code breaker was always present, but that was not known to the code makers. With Mary Queen of Scots, she did not have the luxury of knowing that there was a possibility of her secrets being unveiled and because of this she revealed crucial information about her escape. She was arrested and subsequently executed because she naively believed in the safety of her method. But in an environment where it is known that there is a risk, code makers can be wary of the information they send. They know what and what not to say. So that if their message does get broken by their enemy, any information that they reveal won't be of too much importance. On the other hand, this could possibly be an advantage to code makers. For instance, if they want to give code breakers false information, they could portray it in their messages and the code breakers will take it to be the truth. Code makers could potentially take the upper hand and manipulate the code breakers. Also with having the luxury of knowing the the codes can be broken while in route, the makers can be more discrete in what they are saying and even use certain code words within their encryption. While the environment gives less security, it does provide the opportunity to make sure that the enemy code breakers think what the code makers want them to think, ultimately helping the makers come out on top.

A false sense of security

In Chapter 1 of Singh’s The Code Book, he states that “The cipher of Mary Queen of Scots clearly demonstrates that a weak cipher can be worse than no cipher at all”. Singh means that sometimes having a layer of security can be more detrimental than having none at all because it gives the sender and receiver a false sense of security.

If the sender and receiver are under a false sense of security due to their encryption, they are under the assumption that if it is intercepted it will not be deciphered. Thus, they may be think it is fine to make their intentions clear in the passage, or even worse, give details of other unnecessary information. However, this provides incriminating evidence in ‘black and white’ — literally. This is demonstrated by Babington’s ease in providing details of the plot to Queen Elizabeth as well as providing the names of his co-conspirators. However, if there was no encryption, both sender and receiver would be more inclined to make sure the message didn’t contain any information that could incriminate them as well as taking further measures to ensure that the message doesn’t get into the hands of the enemy, unlike Babington’s trust of Gifford, who was acting as a double agent. Singh also implies that people who, like Babington, tried to keep their messages safe through ciphers often overestimated the strength of their ciphers. This often lead to an incorrect feeling security which in turn ended badly, and in some cases tragically.

To conclude, looking back at the tragic story of Queen Mary, Singh suggests that even though you may encipher your text, you should not feel overly comfortable or safe. Rather, you should err on the side of caution, both in the delivery and in the content of the message that has been encrypted.

A False Sense of Security

In saying "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.", I believe that Singh is implying that in using a cipher, Mary and her recipient felt much safer than if they had used no encryption at all. They believe their message is secure, so they do not feel the need to be discrete in their language. Had they not used any encryption, the content of their messages would not have been nearly as direct as it was with the encryption.
For those who attempt to keep their communication secret through encryption, this statement implies that their encryption method needs to be rather strong if they expect it to be effective at concealing their messages. One cannot hope to use a simple Caesar cipher effectively, as that encryption method is rather weak. It could be cracked by even the lowliest of amateur cryptographers in a small amount of time. The fact that Singh describes the cipher of Mary Queen of Scots, an encryption method that I couldn't hope to begin to comprehend, to be weak implies that for an encryption method to be effective, it must be very complex. This tells me that unless you and your recipient are seasoned cryptographers, you shouldn't bother trying to encrypt your messages, for one could decrypt them with ease. Instead, you should try to use more discrete language and keep in mind that your words could very well fall into the hands of your enemies.

Bloody Ciphers

There is good merit in regards to reminding one’s self to the fact that they are never safe in comfort. Mary Queen of Scots and Anthony Babington communicated with this “comfort,” while a double agent, Gilbert Gifford, was secretly taking their encrypted messages to one of England’s leading cryptanalyst and cipher secretary, Thomas Phelippes. To the eyes of maybe her jailor, or another untrained person, the cipher may have been unbreakable, probably impossible, but it was dismantled by Phelippes.

The nomenclature used by Queen Mary and Babington had abstract alphabetic, null, and word symbols used to masquerade the details of every message between the Queen and her henchmen. The false security given by this weak encryption let Queen Mary and Babington fall into a complacency that made them feel that they can write openly and freely about a murderous plot to kill Mary’s cousin, Queen Elizabeth I. The henchmen to Mary and Mary herself were all executed for the crimes of plotting Queen Elizabeth’s death.

Queen Mary’s complacency to write at her pleasure because of her weak encryption lead to her execution, but having little-to-no encryption keeps pressure on a message’s sender and receiver. This pressure does not allow either person to feel comfortable giving too much detail in a encrypted message, out of fear of the message being deciphered. If a message written by someone who is very cautious is also intercepted, one can assume that this message will not shed light onto any major situation that would sabotage a planned action. This implies that people that attempt to use cryptography for secret communication would use it in a way that should hide every possible detail of a message. They use hiding techniques such as steganography to keep messages hidden, and they use almost unbreakable encryptions on their ciphers.

These people know that they can be caught, and their secrets can be released. These are the prices they pay. With all the possible negative outcomes with this form of communication, especially when used in the fashion of Queen Mary and Babington, there should be no room for comfort.

A False Sense of Security Plus Treason Equals Death

Portrait of Mary, Queen of Scots. BBC

Portrait of Mary, Queen of Scots. BBC

In Singh's The Code Book, the story of Mary Queen of Scots illustrates the dangers of having a false sense of security.  There are countless examples throughout history, but perhaps the most well-known example of a false sense of security is George Washington's crossing of the Delaware to attack the British on that fabled December night in 1776. The British had wrongfully believed that Washington's men were incapacitated and unable to attack, and as such they let down their guard. As we all know, Washington and his men pounced at this opportunity and were able to turn the tide in the American Revolution. If the British had not become so complacent and careless in their actions then the very country we live in probably does not exist today.

In this same sense, Mary and her fellow conspirators "let down their guard" by explicitly detailing plans of attack, names of conspirators, and other incriminating information in their letters. In saying that "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all" (Singh 41), Singh is telling us that if someone believes they are using a strong encryption system, even if it is easy to crack, then they will be apt to send important information via the encryption system. However, if one knows that an encryption system is insecure, then they will be much more likely to restrict the information in the letters. In Mary's case, she fell victim to believing that her encryption system was much stronger than it was, and as a result once Thomas Phellipes easily deciphered the letters, she was sentenced to death. If Mary's group of conspirators had known their code could be easily broken, perhaps they would have been able to successfully take back the throne.

While this would seem to suggest to others using cryptography that they should not send any incriminating information via enciphered text, at the same time there might not be a better option. One has to wonder what better alternatives Mary and her co-conspirators had, even if they had known that their code could be broken. The letters were all being intercepted anyways, so in reality the plan could never have succeeded. However, Mary did teach anyone contemplating the use of encryption at least one thing:

A False Sense of Security + Treason = Death

The Vulnerability of A Weak Encryption

Having been arrested for the murder of her husband and imprisoned by her cousin Queen Elizabeth, Mary Queen of Scots was in a extremely vulnerable position. Any correspondence between Mary and the outside world would need to be of the highest concealment, so she and her correspondent Babington utilized a nomenclature that consisted of code words and a cipher alphabet. After successfully exchanging messages using this system, both believed that this system would be strong enough to formulate a plan for her escape and Queen Elizabeth's assassination. This false sense of security proved to be more risky and dangerous, as opposed to any lack of security or encryption.

In the case of Mary Queen of Scots, her trust in both her method of sending messages and in her seemingly weak encryption led to her arrest and subsequent execution. Their naive trust led Babington to even fall victim to the forgery of Thomas Phelippes, a man working in close quarters with Sir Francis Walsingham. Since the fact that her codes had be cracked was unbeknownst to Mary, she exchanged incriminating evidence and was ruthlessly killed instead of staying safely imprisoned.

Through the story of Mary Queen of Scots, Singh portrays the idea that while utilizing cryptography can work in favor of those wanting to keep information secret, it also can serve to do more damage than good. Sometimes making an attempt to keep something concealed is not necessarily better than no attempt at all. In this case, they missed the opportunity to be discreet in their messages and keep all serious information to themselves. Singh is not only giving important information about Mary Queen of Scots' story, but also warning cryptographers that are unaware of the power of cryptanalysis that can break even the codes that they perceive to be secure.

Mary Queen of Scots's and Babington's Ignorance in Assuming Security

Imprisoned for 18 years in England, Mary Queen of Scots welcomed the idea for a plan to escape the prison cell. However, as the plan was developed through writing, the use of an encryption system, even if it was weak, provided Queen Mary and Babington with a sense of security that prompted them to outlines all plans within these letters. This feeling of falsely assumed security not only put them at risk of their letters being deciphered easily, but also indicated through the use of an encryption system that the letters contained covert information.

As the courier or double agent encountered these encrypted messages it caused them to be immediately examined in order to determine its contents. To England's advantage, the use of the weak encryption enabled the letter's message to be exposed, and also granted the ability to be tampered with so Walsingham, one of England's ministers, could acquire sufficient evidence to prosecute both Queen Mary and Babington with concrete details of their involvement.

Had the letters not been encrypted, not as much information regarding the plan would have been revealed leaving the English without unwavering evidence which could have prevented Queen Mary's death sentence. The weak encryption was the underlying reason for Queen Mary's death sentence.

The trial of Queen Mary served to illustrate that ignorance of one's surroundings and trust is deadly. If coded information needs to be transported between two parties, steganography is not enough. A mixture of both steganography and a complex cipher must be utilized. The hiding of the letters adds one level of security but in the case of Queen Mary and the potential presence of a double agent, a complex cipher, not a nomenclature, should be utilized to ensure letters found cannot be interpreted by the unintended reader.

In conclusion, those who need to keep their communication a secret must prepare for the worst scenario. However, even the most remote hiding location or complex cipher cannot ensure complete secrecy. As a result, those who participate in cryptography must always recognize the risk of being exposed.

 

 

 

 

Watch Out for the Middleman

The section of the book that most caught my attention can be found at the beginning of Chapter 10. Marcus is in the early stages of setting up the Xnet and is beginning to realize that his heavily encrypted system is most likely already infiltrated by members of Homeland Security. He asks himself what the right course of action would be and makes clear his intentions of feeding the false information to both sides in what he calls a "man-in-the-middle attack". The process of steaming open letters is described and Marcus uses the metaphor of being a fat spider in the middle of communication to cause as much havoc as possible.

I find the idea of "man-in-the-middle attack" very interesting and it is something we have discussed a few times in our cryptography course. A prime example of this attack can be found in Singh chapter one when Mary Queen of Scots is imprisoned but still sends out instructions to attack Queen Elizabeth with weak encoding methods. Cryptanalysts were able to intercept Mary Queen of Scots's letters, thus allowing her to be incriminated and manipulated by Queen Elizabeth's men. Marcus's solution to the problem of a "man-in-the-middle attack" is crypto of course. He describes a confusing method of encryption involving a double key which creates a double enciphering. I, however, was more interested in Marcus's form of attack rather than his double key form of defense.

Page 1 of 2

Powered by WordPress & Theme by Anders Norén