Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: cryptography Page 1 of 4

Nothing to Hide

Chapter one of Simon Singh’s The Code Book begins with two stories. The first one is about Mary Queen of Scots and the second one is about Demaratus, an exiled Greek who nevertheless worked to communicate secretly with his homeland. While both of their stories were told to establish a theme of secret writing, the two stories have very little else in common. 

Demaratus’s story is one of a brave and cunning man who, upon learning of a Persian plot against his homeland, found a way to conceal the existence of his message so it could reach its destination safely. His heroics allowed the Greeks to prepare a fleet to meet the advance of Xerxes’s fleet and defend themselves from an attack that would otherwise have caught them completely off guard. Demaratus’s successful use of steganography, the act of concealing the existence of a message, allowed him to save Greece from a major military defeat. 

The story of Mary Queen of Scots did not end as pleasantly for Mary as Demaratus’s did for the Greeks. Mary had concealed her message using cryptography rendering it unreadable to those who did not have the cipher, rather than by hiding its existence in the first place. The fate of her life hung, not on whether or not her message would be discovered, for it already had been, but rather on whether it could be deciphered. Her encrypted message was, unfortunately for her, in the hands of a man named Thomas Phelippes, one of the finest cryptanalysts of his day. He eventually succeeded in decrypting the message and laid bare a plot by Mary to assassinate Queen Elizabeth and take the English throne. She was relieved of her head shortly thereafter. 

There are several differences between these two stories. Obviously, one story sees the message successfully and discreetly transported to its intended audience, while the other one has the message discovered and decrypted. In addition, the British one is likely more factual, as it is based on historical data and physical records, rather than the legends and folklore that likely drive much of Heroditus’s account of Demaratus. Finally, the type of secret writing involved varies between the two. In the Ancient Greek story, Demaratus used steganography to conceal the existence of his message whereas Queen Mary of Scots relied on cryptography to keep the contents of her message a secret even once the message had been discovered.

The Theatricality of Cryptography

The first chapter of Singh's The Code Book is packed with historical examples of cryptography. The Greeks, Persians, Arabs, French, and English, to name a few, were just some of the infinite number of societies and civilizations of which cryptography was crucial to their development. However, most of the examples described did involve people in positions of power. Kings, queens, nobles, and military leaders of all types have had to use cryptography to defend or expand their nations; clearly, cryptography has been crucial to changing history.

Despite the importance of these examples, I do believe that there has been a need for cryptography since the dawn of written language. I can't imagine that cryptography was only used by well-resourced people; there has always been a need for encryption and secrecy, even if it's on the most rudimentary level. Perhaps these are the only examples that survived, or perhaps Singh chose to include them because of their dramatic nature - after all, he does need to entice the reader somehow. It would be foolish to say that cryptography requires exceptional resources.

Yes, the most theatrical and interesting stories usually include a plot, some characters, and a dramatic, dire consequence that will result if the code is decrypted. But we can't discount the more simple, day-to-day interactions that may have required people to encrypt their messages, like a potter who may have needed to protect his or her recipe for glaze, or a citizen who wanted to hide the contents of a letter from their government. I can't imagine that examples such as these, though less exciting, didn't exist before the stories of kings, queens, armies, and wars.

Breaking Codes Is Much More Difficult In Practice

In Chapter 3, Singh provides an example of breaking codes with keywords and makes everything seems quite easy. However, in practice, breaking such a code is definitely difficult and needs a lot of time and work.

Say you have a message which is enciphered by using a keyword as long as the plaintext. The first thing is that you can't use the Kasiski examination technique. The only way to start is to try some common words to find a clue about the keywords. In Singh's example, he assumes that the first word is "the". That is a reasonable strategy because "the" is one of the most frequent words in English. However, what if the first word is not "the" but one of the other common words? There is a problem that if the common word in the plaintext is a word with only one or two letters like "a" and "in", Singh's method described in the book will be useless that he couldn't find any corresponding key letters because there are too many possible combinations of two letters to check one by one. Also, Singh's deduction of the construction of the keyword is actually a special situation. Consider if you guess "CAN" and "YPT" in the keyword, it's actually hard to correspond them to "Canada" and "Egypt" and it must take a long time to try all the possible combinations. Finally, the work to find out the last four letters in the keyword is also a hard work which needs a lot of time even with the clue that it is a country name, let alone that in a usual time we don't have an explicit clue like the country name. Singh just assumes he is the most fortunate one that his every shot is perfect when breaking this code.

Besides all of these above, there is another thing we should know that probably we would face the problem of false positives in our breaking procedure. There are thousands of combinations with several certain letters and short words, how could we make sure that we get the right one? Each time we go on with an assumption means that we will spend a lot of time on this assumption and if we failed, everything needs to run again to check the next one.

Uncertain Environments Generate Safer Practices

An environment in which one knows he or she must constantly maintain precautions is safer than one where they are unaware of the dangers that potentially exist.  

This concept is exemplified in the case of Mary Queen of Scots by the simple fact that her naive belief that she was speaking in secrecy directly resulted in her death. She essentially signed up for her own funeral by openly disclosing matters of treason. If she had been living in the era in which it was common knowledge that a “codebreaker might intercept and decipher their most precious secrets,” (Singh, p.45) then it is much more likely she would have been less forthcoming with the information she provided in her encrypted messages.

The new environment created was far more advanced than anyone in her time could have predicted. Mary’s generation falls in the era of monoalphabetic substitution, whereas the new age moved on to as many as twenty-six (polyalphabetic). Furthermore, everyone in this new era of cryptography frequently changed their methods. They would not be caught dead using such a basic cipher over a prolonged period of time to transport such crucial information. Even the ciphers used for general business information transported by telegraphs was more secure than the cipher Mary trusted her life with.

The new environment of encryption even allowed for progression in the cryptography field. As ciphers became more complex, more professional codebreakers emerged that continued to prove how difficult it was to create an uncrackable code. In turn, this generated more ciphers and the loop continues from there. Progression did not just make the population more cautious, but it also generated societal growth.

Mining Student Data - To protect students or invade students' life

In his essay, Michael Morris states that through mining student data, threat-assessment teams of universities have a great chance and plausible accuracy to predict possible violent behaviors with mining algorithms. As a result, it is responsible for every university to monitor students' academic record and prevent every possible tragedy.

Undoubtedly, in no way are we supposed to turn blind eyes to the fact that as the development of statistics and computer science, the mining algorithms is remarkable in this Internet era. Like the way Amazon know what productions we are interested in and may purchase and recommend them in our app,  threat-assessment teams are probably detected most of possible violent behaviors before they come true. So mining student data can be a effective way to prevent those terrible issues like suicide or criminal behaviors. 

However, the accuracy of the mining algorithms is not 100 percent, or even far less than 100 percent. As Micheal Morris said in his essay, I have had my credit-card transaction declined for many times since I created in China but lived in America now. The bank monitored my transaction record and defined it as an unusual pattern of spending America dollars with my credit card. My life was heavily infected during the time my card was freezing. The protection that bank provided actually based on the inaccurate result of the mining algorithm and it took the unnecessary action. The same as my bank, Amazon usually makes inaccurate prediction and recommendation as well, that's why our app often shows productions unrelated to our interests.

Similarly, the mining algorithms can lead threat-assessment teams to wrong direction and judge some nonviolent academic record as possible threat to campus safety. If a university take action according to that prediction and ask an innocent student to have a conversation, that will definitely affect the student's daily life. The feeling of being monitored and offended will come to the student and prevent them from concentrating on their career. In that case, the university just invade the student's life let alone by a way that even though the university does not take any action, it has already pried the student's privacy.

Under the situation that the algorithm can not reach 100 percent accuracy, universities which use the data-mining technology may invaded normal students' daily life. As a result, I disagree with the statement of Micheal Morris and consider that it is not time for universities to abuse the data-mining technology.

 

 

Different Applications of Cryptography Over Time

The only records we have of cryptography used in the past come from people with the resources and technical skills to encrypt and decrypt messages, whether they were World War II spies, Arab scholars, or Greek military leaders. Although not all of the encryption methods mentioned by Singh in Chapter 1 required exceptional resources (the Spartan scytale method used only a staff and parchment), they all required an understanding of the concept of encryption, which was a largely unused technique prior to the development of each cultures' breakthrough cryptography methods. Additionally, it's a reasonable assumption that cryptographers would have wanted to keep their methods secret from the general public, as knowledge of the code would have weakened the encryption. Therefore, I believe that the reason so few records of cryptography exist outside of well-resourced people is because they closely guarded the secrets to their specific codes after development, which, once revealed, often turned out to be simple and did not require exceptional resources.

However, this only applies to encryption and the building of ciphers. The techniques the Arabs developed for the decryption of substitution ciphers required extensive knowledge on linguistics and math, as frequency analysis only works if the cryptanalyst is familiar with the mechanics of a language.

Over time, techniques for encryption and decryption have been constantly improved in an arms race to create more secure codes and ways to break them. Nowadays, the most secure encryptions are created using supercomputers and unique encryption keys, which arguably requires more exceptional resources than simply deciding on a certain substitution cipher. However, the most significant difference between cryptography now and then is that very secure encryption is available to the general public, while people in the past who weren't involved in the encryption and decryption process had very limited access to effective cryptography. Although only the developers of specific encryptions know the specific mechanics, they are made available for anyone to use.

 

How to Keep Communication Relatively Safe through Cryptography

"A weak encryption can be worse than no encryption" because it gives the communicators a false sense of security (41). As a result, they would fail to conceal their meaning in writing and use plain language.

What's communicated throughout the chapter is that one form of encryption is never enough. If one only employs the method of stenography, the message could be completely compromised upon discovery by the enemy. On the other hand, reliance on one form of cryptography is likewise reckless. Even in Queen Mary's case, as she employs several methods to conceive her message, the secret was still easily discovered.

To keep communication safe through the usage of cryptography might mean multiple forms of cryptography. For example, a substitution mixed with transposition, which adds an additional layer of protection. While that might still be insufficient, one could always choose to hide words by using secret language codes (unlike the codes adopted in encryption). For instance, "to assassin Queen Elizabeth" could be written as "to execute the sailing plan". In Queen Mary's case, such communication could have saved her from facing the death penalty.

Cryptography is only adopted when the messengers can't meet in person, in which case some form of written message has to be created. The key and algorithm, however, are always vulnerable to the risk of being deciphered. Cryptanalysis developed alongside cryptography. Thus, the security of encryption depends on how long it's going to take for the enemy to decipher the code. In other words, cryptography is a highly time-sensitive tool. The complexity of encryption could largely increase security, while also decreasing efficiency to communicate for all parties involved.

When Cryptographers Die

There were many strong ciphers that seemed impossible to decipher, but only one has the name "Great Cipher." The Great Cipher stood undecipherable for 200 years. Created by Antoine and Bonaventure Rossignol, it was used by King Louis XIV as a way to keep his secrets hidden, "protect details of his plans, plots, and political schemes." He was impressed by the cipher and the Rossignols' so much he gave the father-son duo offices near his apartments.

What made the Great Cipher so great was the combination of its use of syllables as cipher text in the form of numbers, and the death of both Antoine and Bonaventure. The Great Cipher was secure because it turned basic french syllables into cipher text into numbers, specifically 587 of them. As mentioned before, 200 years went by before it was deciphered. Many people tried their hand at the cipher and ultimately failed, died, or gave up before they could solve it. Along with the death of the Rossignols, there was no one to read the messages. This lead to messages being unreadable for years, thus securing the cipher for years until Etienne Bazeries deciphered the Great Cipher. This still took him a total of 3 years of work of using various techniques. Some of these techniques led to gibberish and complete restarts of his journey. He finally considered the numbers could be syllables, then he found a single word, "les ennemis," from a cluster of numbers that appeared several times. From here he could examine the other parts of cipher texts and decipher them.

The Great Cipher is remembered as one of the most secure ciphers in all of history. The techniques used to decipher it are still used in other deciphering techniques, and it is one of the "forefathers" of today's unsolved ciphers.

Security vs Privacy: The Dangers of too much Authority

Chapter four of Little Brother really made me mad due to the abuse of basic human rights the American government was willing to surpass in order to receive more legalized power. Expanding on this problem, I am going to address how the governments abuse of Marcus and other captives basic human rights directly relate to the government trying to get more legal power through the public's fear. When Marcus was captured, bagged, and brought to an interrogation facility, nicked named Gintmo-On-The-Bay, his fourth amendment right was violated. The fourth amendment states "[t]he right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized (Cornell Law School)." Marcus' personal digital activity and information was searched unreasonably, he was seized illegally, and he was forced to sign a paper saying he was voluntarily seized and interrogated which I would consider a violation of the fifth amendment which protects people from self incrimination. Because of the government trying to "secure" it violated peoples rights. The governments concern with security, in this case, was false making their actions even worse. The American government in Little Brother had a goal of taking advantage of a terrorist attack and blaming it on the lack of security. From there the government would expand on its power by persuading citizens to support laws that give the government more surveillance control over the citizens themselves. This is dangerous because as the government receives more surveillance power, it becomes easier to label a protester as terrorist. Once this happens, innocent people such as Marcus, will be captured and interrogated based on faulty information.

A false sense of security

In Chapter 1 of Singh’s The Code Book, he states that “The cipher of Mary Queen of Scots clearly demonstrates that a weak cipher can be worse than no cipher at all”. Singh means that sometimes having a layer of security can be more detrimental than having none at all because it gives the sender and receiver a false sense of security.

If the sender and receiver are under a false sense of security due to their encryption, they are under the assumption that if it is intercepted it will not be deciphered. Thus, they may be think it is fine to make their intentions clear in the passage, or even worse, give details of other unnecessary information. However, this provides incriminating evidence in ‘black and white’ — literally. This is demonstrated by Babington’s ease in providing details of the plot to Queen Elizabeth as well as providing the names of his co-conspirators. However, if there was no encryption, both sender and receiver would be more inclined to make sure the message didn’t contain any information that could incriminate them as well as taking further measures to ensure that the message doesn’t get into the hands of the enemy, unlike Babington’s trust of Gifford, who was acting as a double agent. Singh also implies that people who, like Babington, tried to keep their messages safe through ciphers often overestimated the strength of their ciphers. This often lead to an incorrect feeling security which in turn ended badly, and in some cases tragically.

To conclude, looking back at the tragic story of Queen Mary, Singh suggests that even though you may encipher your text, you should not feel overly comfortable or safe. Rather, you should err on the side of caution, both in the delivery and in the content of the message that has been encrypted.

Page 1 of 4

Powered by WordPress & Theme by Anders Norén