The History and Mathematics of Codes and Code Breaking

Month: August 2018 Page 2 of 3

The Dangers of Weak Cryptography

For one who is not well-versed in “cryptography,” hearing the word might simply bring to mind the language game Pig Latin. However, Singh is trying to convey, in layman’s terms, that cryptography is not a child’s game for all; in Mary Queen of Scots’ case, it was literally an instance of life or death. The issue at hand is that while encryption is meant to show that one’s guard is up, it actually creates a false sense of security when utilized poorly.

For instance, there has been a time in every person’s life when he or she whispered something to a neighbor in the hopes of keeping the message a secret. Unbeknownst to them, spectators who speak the same language were either able to eavesdrop and hear the secret or possibly even lipread bits and pieces. Yet, to the two that were whispering in their own world, it was as if they had been speaking a foreign language. Babington and Mary were in this same little world, where they had a false sense of reality and security. As Singh stated, this was honestly an unfortunate time for Mary to be communicating through cryptography because the first true cryptanalysts were emerging. The two did little to alter their patterns and believed that only they could read what was intended for one another. The problem is, in an ever-changing world, it is naive to think that one should not have to adapt to remain undiscovered. Like two people whispering, Babington and Mary let their guard down at a critical point of their mission

By trusting her basic encoding system at an essential turning point in the history of cryptanalysis, Mary left herself vulnerable to decryption and was caught openly aligning with the rebels attempting to free her. Had she been writing without encryption, she would not have directly given her blessing for the assassination. Singh wants other cryptographers to be aware that they cannot expect to simply lay encryption over their messages like some form of a safety blanket. If a message is truly meant to be a secret, cryptographers should work to ensure that their ciphers are unbreakable.

Never Trust A Weak Encryption

In the first chapter of The Code Book by Simon Singh, he states that “a weak encryption is worse than no encryption at all”. A weak encryption is worse than no encryption at all because the sender and receiver of the message believe that the message is secure. A weak encryption leads to a false sense of security. If someone was to send a message with no encryption, they would know that their message was floating around and would be more cautious. People that send encrypted messages should always be mindful of what information their message contains. Over time many messages can be decrypted, and a sender of an encrypted message should remain mindful of that. No one should put all of their trust into a encryption since the message could possibly be deciphered. People that want to keep their messages secret should keep their messages very vague even if they are encrypted. There is always a chance that a message can be decrypted, so the sender should not only rely on a encryption to make sure that their message is secure. Mary Queen of Scots should have been vaguer with the messages that she sent. Since she truly believed that her messages would not be decrypted, she was not withholding the information that she sent. Her trust in the encryption led to her execution.


How to Keep Communication Relatively Safe through Cryptography

“A weak encryption can be worse than no encryption” because it gives the communicators a false sense of security (41). As a result, they would fail to conceal their meaning in writing and use plain language.

What’s communicated throughout the chapter is that one form of encryption is never enough. If one only employs the method of stenography, the message could be completely compromised upon discovery by the enemy. On the other hand, reliance on one form of cryptography is likewise reckless. Even in Queen Mary’s case, as she employs several methods to conceive her message, the secret was still easily discovered.

To keep communication safe through the usage of cryptography might mean multiple forms of cryptography. For example, a substitution mixed with transposition, which adds an additional layer of protection. While that might still be insufficient, one could always choose to hide words by using secret language codes (unlike the codes adopted in encryption). For instance, “to assassin Queen Elizabeth” could be written as “to execute the sailing plan”. In Queen Mary’s case, such communication could have saved her from facing the death penalty.

Cryptography is only adopted when the messengers can’t meet in person, in which case some form of written message has to be created. The key and algorithm, however, are always vulnerable to the risk of being deciphered. Cryptanalysis developed alongside cryptography. Thus, the security of encryption depends on how long it’s going to take for the enemy to decipher the code. In other words, cryptography is a highly time-sensitive tool. The complexity of encryption could largely increase security, while also decreasing efficiency to communicate for all parties involved.

Cryptography 1

        As the author of the code book, Simon Singh, writes, “Cryptanalysis could not be invented until a civilization had reached a sufficiently sophisticated level of scholarship in several disciplines, including mathematics, statistics, and linguistics.” People’s interest and skills toward all kinds of puzzles including cryptogram are getting developed fast in this day or age . Back into my primary school time ,I saw a sukodu puzzle on the newspaper for the first time. The shape and numbers on it suddenly caught my mind. A great sense of proud came to me when I first learnt and finished the puzzle. Puzzles and cryptography, using its own beauty and sense of mystery ,attracted hundreds of thousands of fans all around the world.

       Learning how to solve these kinds of problems is not a specialization nowadays due to the advancement of the Internet and the high level of education. Higher level of education leads to more ways of creative thinking to solve the problems. For amateurs, they don’t necessarily need to learn the special methods in order to solve the basic problems. Their level of education provides them with enough knowledge to use. Such as the most used letter in the english alphabet is e or some of the most frequent conjunctions like at, or, in and so on. Even amateurs can have fun by themselves solving cryptograms, which is significantly different from the old times when people generally don’t know a lot about languages and mathematics. Getting more amateurs working on their own is a great sign, for more and more people are getting involved into cryptography and are willing to dig further.

         Despite the fact that amateurs can have great fun working on their own, Singh was never wrong about the complexity of cryptanalysis that people need to be trained to be sufficient in breaking codes. The methods of transition and substitution or even more complicated methods still needs several disciplines, including mathematics, statistics, and linguistics for perfection.

        In general, it is a great phenomenon to have so many people interested in cryptanalysis and willing to work on their own to solve it. But they still need more practice and more training to go deeper into this area.

Few Defining Moments in History

It is often said that history is decided in a few vital moments. Wether it be the second to second actions of a general that affect the outcome of a battle or the words of a politician delivering a vote swaying remark, large shifts in the course of history often have hidden catalysts. In Chapter 1 of The Code Book, Singh delves into the undetectable catalysts that resolved two of the most well known power struggle in history.

Singh begins by referring to Greece’s infamous defiance of the ravenously expanding Persian Empire. The Greek’s refusal to send gifts to Xerxes, the Persian King of Kings, ignited Persia’s secret assembly of “the greatest fighting force in history” in an effort to squash the display of insolence. Only by the heroics of an exiled Greek Demaratus and his use of stenography was Greece warned of the impending attack and able to fend off the invasion. As the reader begins to realize the small details behind influential historical stories, Singh’s opening quote from Chadwick (“The urge to discover secrets is deeply ingrained in human nature”) begins to ring true.

I believe, however, that it is Singh’s uncovering of the network of agents, codes, and spies involved in the popularized Babington Plot that most intrigues the reader and justifies why he used these specific examples. From the genius planning of legendary Spymaster Walsingham to the daring exploits of the Double Agent Gifford, Singh corrupts what the reader thought they knew to have happened leading up to the execution of Mary Queen of Scotts.

By revealing cryptography to be behind some of histories most famous power struggles, Singh effectively popularizes encryption and it’s far reaching influence from the shadows.



The Consequences of a Weak Encryption

“On page 41, Singh writes, “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”  What does Singh mean by this and what does it imply for those who would attempt to keep their communications secret through cryptography?” (Question 1)

When encrypting messages, having a weak cipher can severely jeopardize the security of the message that is trying to be hidden. In the example in the book, Mary Queen of Scots was oblivious to the fact that her encrypted messages were being solved easily, and because of this, she and Babington made clear in their “secret” message that the plan was to kill Elizabeth. Had they not only encrypted their message but also made vague the exact components of their plan, it is possible that there wouldn’t have been enough evidence against Mary Queen of Scots. If instead they had used no encryption, it is likely that they wouldn’t have been so open and clear about discussing their plans. This most likely wouldn’t have helped their plan work that much better, though it could have possibly saved Mary Queen of Scots from being executed.

The notion that “a weak encryption can be worse than no encryption at all” is a good rule that all cryptographers should abide by. This pushes cryptographers to focus hard on making extremely strong ciphers, especially in today’s society where technology makes it much easier to crack codes in short periods of time. And, while encrypting messages, cryptographers should also make sure to keep their messages vague, so that only the intended recipient who knows the context should be able to decipher the decrypted message. Having a strong encryption and a specific message designed only for the recipient almost completely ensures privacy.

Message Strenght Beyond Decryption

In his idea that Mary Queen of Scots would have been better off without her relatively weak cipher,  Singh acknowledges the crucial relationship between the strength of a cipher and the level of accountable knowledge that encrypted messages contain.

Mary Queen of Scots and Babington where often trading highly sensitive messages that outlined the plot to kill Queen Elizabeth. These messages where only secured by an encryption key that substituted symbols for each letter of the alphabet and replaced  common words such as “the” by a singular symbol. Mary and her correspondence communicated with a strong faith in their cipher and did not fathom the possibility that the cipher could be broken. The encrypted letters contained a heavy amount of explicit incriminating evidence and if the cipher were to be cracked, there would be no questions to what Mary Queen of Scots intentions were. In fact it would have been much safer for Queen Mary to use code words or a more stealthy approach to communicating with Babington. This system would make it harder for interceptors to gain valuable information altogether and Mary’s death could have been avoided.

For those who wish to keep their communications secret, this serves as a lesson to think more critically about the security of their encrypted messages and what it would cost if their message was exposed. If one wanted to send a tremendously sensitive message, it would be more secure to use a stronger encryption key. If a weaker encryption key was used, the message would be most likely decrypted and the sensitive information would be compromised. A good decision would be to use code words or strategic wording so that if the message is intercepted and decrypted, the original intentions of the message would be ambiguous and still a secret. The more sensitive the content that is being encrypted, the stronger the encryption key should be. Additionally, having a stealthier transfer system or more complex code word system could tighten the security of the content being sent.

The best question to ask when debating where or not to strengthen the current encryption system is: Is the message secure even if it is decrypted and what are the consequences of it being decoded?

Chapter 1 Assignment

In chapter 1 of The Code Book, Singh wrote that “Cryptanalysis could not be invented until a civilization had reached a sufficiently sophisticated level of scholarship in several disciplines, including mathematics, statistics, and linguistics.” It is a reasonable comment for the reasons as below.

First of all, only if a civilization has developed mathematical methods can its code makers encrypt codes by using several mathematical algorithm like transposition or substitution. Equally, only if a civilization has developed data analysis can its cryptanalysts know how to use statistics to break codes easier. For example, to collect the frequency of each letter or symbol in a long text can lead to possible correspondence of plains and ciphers. The commonsense for an amateur cryptanalysts today is that the most frequent letter or symbol in a text may link to the character E. Some combination of letters are also critical for statistic analysis like THE or ED. Thus, frequency analysis is one of the most important methods for decryption. Finally, linguistics is also vital for a civilization to invent cryptanalysis because codes and ciphers are not only in English. Many other languages could written by letters in Latin or Spanish. Let alone that some languages can be written by their own characters but their pronunciation can be expressed by letters.

Those knowledges, in the past, are rarely related to civilian so that a cryptanalyst needed training to break codes. However, in the modern educational system, those subjects are parts of the general education that every individual has the chance to learn about some critical methods of the cryptography. Even without specific training of breaking code, amateurs can use their basic knowledge of math, stats and linguistics, like frequency analysis, to find their “own ways” to solving some of the ciphers.

Cryptography in the Modern World: Keeping a Information Secret in the Age of Computing

In the first chapter, the examples of cryptography Singh selected were confined to the upper echelons of society: nobles, scholars, religious and military leaders. But perhaps more telling is the affluence of cryptanalysts such as Thomas Phelippes, a linguist fluent in five languages and an accomplished code-breaker; knowing five languages is a feat even in the modern world, but acquiring a new language (much less five) prior to readily accessible educational resources is nothing short of extraordinary.

Phelippes’ impressive education supports the hypothesis that cryptography and cryptanalysis are areas of study suitable for only those who have a sufficient understanding of an array of scholarly disciplines and the resources necessary to achieve it. This is perhaps more true of today’s world, as modern ciphers and cryptographic techniques are far more complex and difficult to crack than simple substitution ciphers and thus require and even more comprehensive education than was necessary centuries ago.

Fortunately, modern society provides us with the ability to attain a level of education sufficient for developing and cracking substitution ciphers by the time we graduate high school; even people who have no formal training in cryptography are capable of employing advanced classical techniques such as frequency analysis to decrypt secret messages. The ubiquity of this approach is a testament to the modern educational system’s ability to produce people capable of thinking creatively to solve new problems.

However, this amount of ingenuity entails a notable problem: it essentially renders substitution ciphers (and other ciphers with similar security levels) useless. If an enciphered message can be cracked by the average person (without the aid of a computer) in the matter of hours, a more secure method of encrypting messages is necessary to hide meaning. Although relatively secure encryption usually doesn’t present much difficulty thanks to the advent of computing, it makes securely encrypting a message or quickly decrpyting a secure message without a computer nearly impossible; furthermore, with the power of modern computing at their fingertips, cryptanalysis are constantly working to develop faster ways to decrypt information, rendering insecure techniques that were among the best we had discovered just decades earlier. Modern cryptographers are then presented with a unique challenge: creating systems of encryption that allow the intended recipient to receive the message but are strong enough to remain unbreakable for decades to come.

The Achilles Heel of Mary Queen of Scots: A Weak Cipher

Arnie: Why is a weak cipher worse than no cipher at all?

The cipher that Mary Queen of Scots used in this chapter was able to be broken, and in this case, having no cipher at all would have been better than the weak one that was used. He says that because they believed their communication was secure, the Queen and her accomplices became too complacent. The contents of their letters were far more incriminating because the conspirators believed that even if the letters were found, they would most likely just look like gibberish. With frequency analysis, even a somewhat strong cipher can be cracked over time if someone has the right resources, which the Queen of England most definitely did. If Mary had just used cryptic language that was vague and concealed the letters in the same manner, even if they were found, they would have been much less incriminating and she would most likely not have been sentenced with the death penalty. Because of her complacency and her blind trust in the cipher she was using, she let down her guard, and this ultimately led to her demise. This is what Singh means by the fact that sometimes a bad cipher is worse than no cipher at all.

I think that the same thing could be said about passwords on the internet today. If something has a weak password it may be worse than having no password at all. If there is a hacker trying to get your data, they are probably more likely to try and hack into password protected websites, because that is where more sensitive information is normally stored. If your password is “12345678,” it may be worse than having the same information on a non password protected website because hackers may be less likely to look there. I think even in the modern era, the idea that no cipher is better than a weak one is still applicable in some senses.

Page 2 of 3

Powered by WordPress & Theme by Anders Norén