Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: The Code Book Page 1 of 4

Nothing to Hide

Chapter one of Simon Singh’s The Code Book begins with two stories. The first one is about Mary Queen of Scots and the second one is about Demaratus, an exiled Greek who nevertheless worked to communicate secretly with his homeland. While both of their stories were told to establish a theme of secret writing, the two stories have very little else in common. 

Demaratus’s story is one of a brave and cunning man who, upon learning of a Persian plot against his homeland, found a way to conceal the existence of his message so it could reach its destination safely. His heroics allowed the Greeks to prepare a fleet to meet the advance of Xerxes’s fleet and defend themselves from an attack that would otherwise have caught them completely off guard. Demaratus’s successful use of steganography, the act of concealing the existence of a message, allowed him to save Greece from a major military defeat. 

The story of Mary Queen of Scots did not end as pleasantly for Mary as Demaratus’s did for the Greeks. Mary had concealed her message using cryptography rendering it unreadable to those who did not have the cipher, rather than by hiding its existence in the first place. The fate of her life hung, not on whether or not her message would be discovered, for it already had been, but rather on whether it could be deciphered. Her encrypted message was, unfortunately for her, in the hands of a man named Thomas Phelippes, one of the finest cryptanalysts of his day. He eventually succeeded in decrypting the message and laid bare a plot by Mary to assassinate Queen Elizabeth and take the English throne. She was relieved of her head shortly thereafter. 

There are several differences between these two stories. Obviously, one story sees the message successfully and discreetly transported to its intended audience, while the other one has the message discovered and decrypted. In addition, the British one is likely more factual, as it is based on historical data and physical records, rather than the legends and folklore that likely drive much of Heroditus’s account of Demaratus. Finally, the type of secret writing involved varies between the two. In the Ancient Greek story, Demaratus used steganography to conceal the existence of his message whereas Queen Mary of Scots relied on cryptography to keep the contents of her message a secret even once the message had been discovered.

Pretty Good Predictions

Before even seeing this question, I already had something to say about the predictions that Singh made in this paragraph. The one that stood out to me was that democracies will be using online voting. I found this funny because 20 years from the writing of this book, online voting still doesn't exist, and the idea appears to still be the cause of a lot of problems. Online voting is something that would most definitely be more convenient for many people. For me, the whole voting process took so much longer than I feel it needed to. First, I had to register to vote, by printing a form and filling it out. I had to send the form to my county's voting office, then they had to send me back a letter that said I was registered. Then, since I'm from Ohio, I had to request an absentee ballot. I had to first request a request for the ballot. They sent me a form that I had to fill out, then send back to my voting office again. Then, they sent me the absentee ballot, which I filled out, then sent back again. Overall, this process took a very long time, and online voting would have shortened this to minutes. I'm pretty sure it's a concept that wouldn't be very hard to implement, but there would most likely still be problems. Considering that in the 2016 election there were allegations of tampered ballots and they were done in person, I wouldn't be surprised if the problem was even worse if done online. This is where good encryption comes in. If there was extremely secure encryption during online elections, then hypothetically, there shouldn't be a problem with possible tampering. Considering that we can trust encryption enough to type in our social security numbers and credit card numbers and all our private information, I think it's reasonable to trust online voting.

 

 

 

Why Some Intel Should Remain Secret

Prior to the publication of Winston Churchill's The World Crisis and the British Royal Navy's official history of the First World War in 1923, the Germans were completely oblivious to the fact that their encryption system had been compromised.  Since Admiral Hall managed to make it seem as though the unencrypted version of the Zimmermann Telegram had been intercepted in Mexico, they didn't know that it had actually been deciphered by British cryptanalysts.  As we discussed in class, cryptographers tend to be overly confident in the security of their codes. Most will not assume they have been broken unless there is clear evidence that they have.  Because of this, the Germans had no reason to believe that their messages weren't secure, so they initially displayed no interest in investing in the Enigma machine after the war.

However, when the British publicly announced that their knowledge of German codes had given them a major advantage in the war, the Germans realized they needed a stronger encryption system.  This realization is what led them to adopt the Enigma machine for use in military communication encryption during the Second World War.  The formidable strength of Enigma posed a major challenge to the Allies' cryptanalysts, appearing to be unbreakable.  Although it was eventually cracked, Enigma allowed the Nazis to communicate in secrecy for a large portion of the war, giving them a significant advantage.

There are a few reasons that could explain why the British announced their knowledge of Germany's codes after World War I.  For one, they were likely motivated by pride.  They wanted to show what their cryptanalysts were capable of, possibly with the intention of intimidating other countries.  Furthermore, they probably figured that since the war was over, there was no harm in revealing the strategies they used.  However, after seeing the consequences that arose later on, it is clear that the British should have stayed quiet.  Had they kept their knowledge a secret, the Nazis might have continued to use the same methods of encryption into the second World War.  If so, the Allies would have been able to know their plans ahead of time, resulting in a much shorter and less bloody World War II.

Solving an Encryption is Easier Said than Done

I believe that the examples in the book would be harder to decipher when no assistance is given. It would be hard to decipher the message while not knowing what type of cipher it is. Telling the readers what kind of code the message is encrypted as gives a hint in how to solve it. If there was no hint, the receiver of the message would have to just guess on how to decipher the message. There are ways to get clues on what type of code is used such as frequency analysis; however, frequency analysis may not be very helpful depending on what type of code was used.

It is easy to understand Singh’s examples in the book because he is trying to teach the readers how to decode the message. The examples that Singh gives are also easy to crack since no one is trying to keep the message hidden anymore. It is easier to decode the messages now than it would be during the time of war. I think that it is harder to decipher codes when in certain situations. The idea that the contents of a message can help alleviate impending war can put an enormous amount of pressure on a person’s shoulder. When I am in stressful situations, an exam, for example, I often make silly mistakes because of how nervous I am. That feeling is a thousand times worse during the times of war because it is not a grade that is at stake, it is the livelihood of a country.

 

Breaking Codes Is Much More Difficult In Practice

In Chapter 3, Singh provides an example of breaking codes with keywords and makes everything seems quite easy. However, in practice, breaking such a code is definitely difficult and needs a lot of time and work.

Say you have a message which is enciphered by using a keyword as long as the plaintext. The first thing is that you can't use the Kasiski examination technique. The only way to start is to try some common words to find a clue about the keywords. In Singh's example, he assumes that the first word is "the". That is a reasonable strategy because "the" is one of the most frequent words in English. However, what if the first word is not "the" but one of the other common words? There is a problem that if the common word in the plaintext is a word with only one or two letters like "a" and "in", Singh's method described in the book will be useless that he couldn't find any corresponding key letters because there are too many possible combinations of two letters to check one by one. Also, Singh's deduction of the construction of the keyword is actually a special situation. Consider if you guess "CAN" and "YPT" in the keyword, it's actually hard to correspond them to "Canada" and "Egypt" and it must take a long time to try all the possible combinations. Finally, the work to find out the last four letters in the keyword is also a hard work which needs a lot of time even with the clue that it is a country name, let alone that in a usual time we don't have an explicit clue like the country name. Singh just assumes he is the most fortunate one that his every shot is perfect when breaking this code.

Besides all of these above, there is another thing we should know that probably we would face the problem of false positives in our breaking procedure. There are thousands of combinations with several certain letters and short words, how could we make sure that we get the right one? Each time we go on with an assumption means that we will spend a lot of time on this assumption and if we failed, everything needs to run again to check the next one.

The Cipher That Survived for 200 Years

The Great Cipher of King Louis XIV was an enhanced monoalphabetic substitution cipher that managed to remain unsolved for over two centuries.  It was developed by the father-and-son team of Antoine and Bonaventure Rossignol, two of the best cryptanalysts in France.  King Louis XIV used it to securely encrypt sensitive information regarding his political plans.  The first characteristic of the Great Cipher that made it so strong was that it used 587 different numbers to encode messages rather than just 26 symbols, like a standard monoalphabetic substitution cipher.  This meant that there were multiple possibilities for the significance of each number.  Cryptanalysts initially thought that each number corresponded to a single letter, with several ways to represent each letter.  A cipher like this would be quite effective in that it would be immune to frequency analysis, but the Great Cipher was actually even more complicated.  Rather than a single letter, each number represented a full syllable in the French language.  Since there are so many possible syllables, this method is several times more secure, requiring a cryptanalyst to match up far more than just 26 pairs of meanings.  In addition, the Rossignols made the cipher extra deceiving to potential codebreakers by making some of the numbers delete the previous syllable instead of signifying a unique one.  All of these strong encryption techniques contributed to the longevity of the Great Cipher, and it remained unsolved until expert cryptanalyst Commandant Étienne Bazeries finally broke through 200 years later.

Why Are People Concerned About The Security of Their Secrets

In the time of the Mary Queen of Scots, people were confident with their encrypted messages and did not concern the privacy of their messages. However, for some time after that, people started to find a way to create more and more complicated ciphers, for the reason that they realized there are experts who could decipher their messages.

Why people suddenly concerned about this? Because in time of the Mary Queen of Scots, people did not know the existence of cipher experts who could decipher their codes. People were blind overconfident with their encrypted message to hide their secrets. However, there were experts showed out to deciphered their codes suddenly. Their privacy was threatened again and they could not hide their secrets if their ciphers were broken. To deal with this situation, they must create new kinds of ciphers to protect their secrets.

This is actually a phenomenon that cryptography is gradually formed at that time. It generated from some simple ciphers to hide some messages, then some people tried to decode the message and succeeded. To protect their privacy again, people who created ciphers put effort to improve the complicity of their ciphers with their creativity. Then people who decrypted ciphers learn more ways to make sure that they could decrypt more complicated ciphers. A virtuous cycle formed during this process that cipher makers and cryptanalysts improve themselves. Cryptography then improved as well.

The Vigenère cipher is a significant achievement in this process of improvement of cryptography. After hundreds of years of exploring, cipher makers this time created a cipher complicated enough to protect their secrets for a lifetime.

The Problem with Weak Encryption

In Chapter 1 of The Code Book, author Simon Singh states, "The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all."  What this essentially means is that overconfidence with a cipher, especially a relatively weak one, can be dangerous in that it creates an illusion of privacy that may lead to careless communication.  This was problematic for Mary and continues to be problematic today.

The encryption method used by Mary and Babington was called nomenclator, in which both letters and common words are replaced with corresponding symbols in the ciphertext.  In their minds, that system was more than effective, but they were unaware of the advancements in cryptanalysis that were being made at the time which allowed Walsingham and Phelippes to decipher it.  As a result, Mary and Babington had the false impression that they could say anything to each other without their messages being understood if intercepted.  This ended up proving worse for them than if they had no encryption method at all.  Had that been the case, they would have consciously made efforts to be vague and discreet when discussing sensitive information because there would be an obvious threat of self-incrimination.  However, their blind confidence in the encryption masked that threat and led them to speak directly and openly about their plans to assassinate Queen Elizabeth.  When it turned out that Walsingham was able to decipher their messages, they were caught completely off guard.

The issue of reliance on weak encryption methods is arguably even more prevalent today in the digital age.  The internet allows more information than ever before to be accessible to more people than ever before, so weak encryption can pose extreme privacy and security risks.  That is why it is important to be careful what information you put online, even if it is protected by a password.  There is always a possibility that hackers can gain access to your personal info.  For that reason, it is important to utilize the best encryption methods, and even then, to avoid putting out sensitive information when possible.

 

The Dangers of Weak Cryptography

For one who is not well-versed in “cryptography,” hearing the word might simply bring to mind the language game Pig Latin. However, Singh is trying to convey, in layman’s terms, that cryptography is not a child’s game for all; in Mary Queen of Scots’ case, it was literally an instance of life or death. The issue at hand is that while encryption is meant to show that one's guard is up, it actually creates a false sense of security when utilized poorly.

For instance, there has been a time in every person’s life when he or she whispered something to a neighbor in the hopes of keeping the message a secret. Unbeknownst to them, spectators who speak the same language were either able to eavesdrop and hear the secret or possibly even lipread bits and pieces. Yet, to the two that were whispering in their own world, it was as if they had been speaking a foreign language. Babington and Mary were in this same little world, where they had a false sense of reality and security. As Singh stated, this was honestly an unfortunate time for Mary to be communicating through cryptography because the first true cryptanalysts were emerging. The two did little to alter their patterns and believed that only they could read what was intended for one another. The problem is, in an ever-changing world, it is naive to think that one should not have to adapt to remain undiscovered. Like two people whispering, Babington and Mary let their guard down at a critical point of their mission

By trusting her basic encoding system at an essential turning point in the history of cryptanalysis, Mary left herself vulnerable to decryption and was caught openly aligning with the rebels attempting to free her. Had she been writing without encryption, she would not have directly given her blessing for the assassination. Singh wants other cryptographers to be aware that they cannot expect to simply lay encryption over their messages like some form of a safety blanket. If a message is truly meant to be a secret, cryptographers should work to ensure that their ciphers are unbreakable.

The Consequences of a Weak Encryption

"On page 41, Singh writes, “The cipher of Mary Queen of Scots clearly demonstrates that a weak encryption can be worse than no encryption at all.”  What does Singh mean by this and what does it imply for those who would attempt to keep their communications secret through cryptography?" (Question 1)

When encrypting messages, having a weak cipher can severely jeopardize the security of the message that is trying to be hidden. In the example in the book, Mary Queen of Scots was oblivious to the fact that her encrypted messages were being solved easily, and because of this, she and Babington made clear in their "secret" message that the plan was to kill Elizabeth. Had they not only encrypted their message but also made vague the exact components of their plan, it is possible that there wouldn't have been enough evidence against Mary Queen of Scots. If instead they had used no encryption, it is likely that they wouldn't have been so open and clear about discussing their plans. This most likely wouldn't have helped their plan work that much better, though it could have possibly saved Mary Queen of Scots from being executed.

The notion that "a weak encryption can be worse than no encryption at all" is a good rule that all cryptographers should abide by. This pushes cryptographers to focus hard on making extremely strong ciphers, especially in today's society where technology makes it much easier to crack codes in short periods of time. And, while encrypting messages, cryptographers should also make sure to keep their messages vague, so that only the intended recipient who knows the context should be able to decipher the decrypted message. Having a strong encryption and a specific message designed only for the recipient almost completely ensures privacy.

Page 1 of 4

Powered by WordPress & Theme by Anders Norén