CRYPTOGRAPHY IN ITS ESSENCE
Cryptography prior to the modern age was
effectively synonymous with encryption , the
conversion of information from a readable
state to apparent nonsense . The originator of
an encrypted message (Alice) shared the
decoding technique needed to recover the
original information only with intended
recipients (Bob), thereby precluding unwanted
persons (Eve) from doing the same. Since
World War I and the advent of the computer ,
the methods used to carry out cryptology have
become increasingly complex and its
application more widespread.
Modern cryptography is heavily based on
mathematical theory and computer science
practice; cryptographic algorithms are
designed around computational hardness
assumptions , making such algorithms hard to
break in practice by any adversary. It is
theoretically possible to break such a system,
but it is infeasible to do so by any known
practical means. These schemes are therefore
termed computationally secure; theoretical
advances, e.g., improvements in integer
factorization algorithms, and faster computing
technology require these solutions to be
continually adapted. There exist information-
theoretically secure schemes that provably
cannot be broken even with unlimited
computing power—an example is the one-time
pad —but these schemes are more difficult to
implement than the best theoretically
breakable but computationally secure
mechanisms.
The growth of cryptographic technology has
raised a number of legal issues in the
information age. Cryptography's potential for
use as a tool for espionage and sedition has
led many governments to classify it as a
weapon and to limit or even prohibit its use
and export. [6] In some jurisdictions where the
use of cryptography is legal, laws permit
investigators to compel the disclosure of
encryption keys for documents relevant to an
investigation. [7] Cryptography also plays a
major role in digital rights management and
piracy of digital media. [8]
Terminology
Alphabet shift ciphers are believed to
have been used by Julius Caesar over
2,000 years ago. [3] This is an
example with k=3. In other words, the
letters in the alphabet are shifted three
in one direction to encrypt and three in
the other direction to decrypt.
Until modern times, cryptography referred
almost exclusively to encryption , which is the
process of converting ordinary information
(called plaintext ) into unintelligible text (called
ciphertext). [9] Decryption is the reverse, in
other words, moving from the unintelligible
ciphertext back to plaintext. A cipher (or
cypher) is a pair of algorithms that create the
encryption and the reversing decryption. The
detailed operation of a cipher is controlled both
by the algorithm and in each instance by a
" key ". This is a secret (ideally known only to
the communicants), usually a short string of
characters, which is needed to decrypt the
ciphertext. Formally, a " cryptosystem" is the
ordered list of elements of finite possible
plaintexts, finite possible cyphertexts, finite
possible keys, and the encryption and
decryption algorithms which correspond to
each key. Keys are important both formally
and in actual practice, as ciphers without
variable keys can be trivially broken with only
the knowledge of the cipher used and are
therefore useless (or even counter-productive)
for most purposes. Historically, ciphers were
often used directly for encryption or decryption
without additional procedures such as
authentication or integrity checks. There are
two kinds of cryptosystems: symmetric and
asymmetric. In symmetric systems the same
key (the secret key) is used to encrypt and
decrypt a message. Data manipulation in
symmetric systems is faster than asymmetric
systems as they generally use shorter key
lengths. Asymmetric systems use a public key
to encrypt a message and a private key to
decrypt it. Use of asymmetric systems
enhances the security of communication. [10]
Examples of asymmetric systems include RSA
(Rivest-Shamir-Adleman), and ECC ( Elliptic
Curve Cryptography). Symmetric models
include the commonly used AES (Advanced
Encryption System) which replaced the older
DES (Data Encryption Standard). [11]
In colloquial use, the term " code " is often used
to mean any method of encryption or
concealment of meaning. However, in
cryptography, code has a more specific
meaning. It means the replacement of a unit of
plaintext (i.e., a meaningful word or phrase)
with a code word (for example, "wallaby"
replaces "attack at dawn"). Codes are no
longer used in serious cryptography—except
incidentally for such things as unit
designations (e.g., Bronco Flight or Operation
Overlord)—since properly chosen ciphers are
both more practical and more secure than
even the best codes and also are better
adapted to computers .
Cryptanalysis is the term used for the study of
methods for obtaining the meaning of
encrypted information without access to the
key normally required to do so; i.e., it is the
study of how to crack encryption algorithms or
their implementations.
Some use the terms cryptography and
cryptology interchangeably in English, while
others (including US military practice generally)
use cryptography to refer specifically to the
use and practice of cryptographic techniques
and cryptology to refer to the combined study
of cryptography and cryptanalysis. [12][13]
English is more flexible than several other
languages in which cryptology (done by
cryptologists) is always used in the second
sense above. RFC 2828 advises that
steganography is sometimes included in
cryptology. [14]
The study of characteristics of languages that
have some application in cryptography or
cryptology (e.g. frequency data, letter
combinations, universal patterns, etc.) is called
cryptolinguistics.
History of cryptography and
cryptanalysis
Main article: History of cryptography
Before the modern era, cryptography was
concerned solely with message confidentiality
(i.e., encryption)—conversion of messages
from a comprehensible form into an
incomprehensible one and back again at the
other end, rendering it unreadable by
interceptors or eavesdroppers without secret
knowledge (namely the key needed for
decryption of that message). Encryption
attempted to ensure secrecy in
communications, such as those of spies,
military leaders, and diplomats. In recent
decades, the field has expanded beyond
confidentiality concerns to include techniques
for message integrity checking, sender/receiver
identity authentication, digital signatures ,
interactive proofs and secure computation,
among others.
Classic cryptography
Reconstructed ancient Greek scytale ,
an early cipher device
The earliest forms of secret writing required
little more than writing implements since most
people could not read. More literacy, or literate
opponents, required actual cryptography. The
main classical cipher types are transposition
ciphers, which rearrange the order of letters in
a message (e.g., 'hello world' becomes 'ehlol
owrdl' in a trivially simple rearrangement
scheme), and substitution ciphers, which
systematically replace letters or groups of
letters with other letters or groups of letters
(e.g., 'fly at once' becomes 'gmz bu podf' by
replacing each letter with the one following it
in the Latin alphabet ). Simple versions of
either have never offered much confidentiality
from enterprising opponents. An early
substitution cipher was the Caesar cipher, in
which each letter in the plaintext was replaced
by a letter some fixed number of positions
further down the alphabet. Suetonius reports
that Julius Caesar used it with a shift of three
to communicate with his generals. Atbash is
an example of an early Hebrew cipher. The
earliest known use of cryptography is some
carved ciphertext on stone in Egypt (ca 1900
BCE), but this may have been done for the
amusement of literate observers rather than as
a way of concealing information.
The Greeks of Classical times are said to have
known of ciphers (e.g., the scytale
transposition cipher claimed to have been
used by the Spartan military). [15]
Steganography (i.e., hiding even the existence
of a message so as to keep it confidential)
was also first developed in ancient times. An
early example, from Herodotus , was a message
tattooed on a slave's shaved head and
concealed under the regrown hair. [9] More
modern examples of steganography include the
use of invisible ink , microdots , and digital
watermarks to conceal information.
In India, the 2000-year-old Kamasutra of
Vātsyāyana speaks of two different kinds of
ciphers called Kautiliyam and Mulavediya. In
the Kautiliyam, the cipher letter substitutions
are based on phonetic relations, such as
vowels becoming consonants. In the
Mulavediya, the cipher alphabet consists of
pairing letters and using the reciprocal ones. [9]
First page of a book by Al-Kindi which
discusses encryption of messages
Ciphertexts produced by a classical cipher
(and some modern ciphers) always reveal
statistical information about the plaintext,
which can often be used to break them. After
the discovery of frequency analysis , perhaps by
the Arab mathematician and polymath Al-Kindi
(also known as Alkindus ) in the 9th century,
[16] nearly all such ciphers became more or
less readily breakable by any informed
attacker. Such classical ciphers still enjoy
popularity today, though mostly as puzzles
(see cryptogram). Al-Kindi wrote a book on
cryptography entitled Risalah fi Istikhraj al-
Mu'amma ( Manuscript for the Deciphering
Cryptographic Messages ), which described the
first known use frequency analysis
cryptanalysis techniques.[16][17]
16th-century book-shaped French
cipher machine, with arms of Henri II
of France
Enciphered letter from Gabriel de Luetz
d'Aramon , French Ambassador to the
Ottoman Empire , after 1546, with
partial decipherment
Essentially all ciphers remained vulnerable to
cryptanalysis using the frequency analysis
technique until the development of the
polyalphabetic cipher, most clearly by Leon
Battista Alberti around the year 1467, though
there is some indication that it was already
known to Al-Kindi. [17] Alberti's innovation
was to use different ciphers (i.e., substitution
alphabets) for various parts of a message
(perhaps for each successive plaintext letter at
the limit). He also invented what was probably
the first automatic cipher device, a wheel
which implemented a partial realization of his
invention. In the polyalphabetic Vigenère
cipher , encryption uses a key word , which
controls letter substitution depending on which
letter of the key word is used. In the mid-19th
century Charles Babbage showed that the
Vigenère cipher was vulnerable to Kasiski
examination , but this was first published about
ten years later by Friedrich Kasiski .[18]
Although frequency analysis can be a powerful
and general technique against many ciphers,
encryption has still often been effective in
practice, as many a would-be cryptanalyst
was unaware of the technique. Breaking a
message without using frequency analysis
essentially required knowledge of the cipher
used and perhaps of the key involved, thus
making espionage, bribery, burglary, defection,
etc., more attractive approaches to the
cryptanalytically uninformed. It was finally
explicitly recognized in the 19th century that
secrecy of a cipher's algorithm is not a
sensible nor practical safeguard of message
security; in fact, it was further realized that
any adequate cryptographic scheme (including
ciphers) should remain secure even if the
adversary fully understands the cipher
algorithm itself. Security of the key used
should alone be sufficient for a good cipher to
maintain confidentiality under an attack. This
fundamental principle was first explicitly stated
in 1883 by Auguste Kerckhoffs and is generally
called Kerckhoffs's Principle ; alternatively and
more bluntly, it was restated by Claude
Shannon , the inventor of information theory
and the fundamentals of theoretical
cryptography, as Shannon's Maxim —'the
enemy knows the system'.
VICTOR EBERECHI
